Privacy Policy
Last updated: March 30, 2026
Who We Are
MerchantOS is operated by Flatline Agency, a company registered in the Netherlands. If you have questions about this policy, contact us at robin@flatlineagency.com.
What Data We Collect
- Account information: your email address and organization name when you sign up.
- Store data via OAuth: product, order, inventory, and marketing data from connected platforms (Shopify, Klaviyo, Meta Ads, Google Ads). We only access scopes you explicitly authorize.
- Usage data: chat messages, generated reports, and agent run history within the platform.
How We Use Your Data
- AI-powered analysis and insights about your e-commerce performance.
- Automated agent actions such as inventory monitoring and anomaly detection.
- Generating performance reports and weekly digests.
- Improving our service and fixing issues.
We do not sell your data to third parties. Your store data is only used to provide the MerchantOS service to you.
Data Storage & Security
Your data is stored in Supabase (EU region) with encryption at rest and in transit. API tokens for connected platforms are stored in Supabase Vault (encrypted). We use row-level security (RLS) to ensure organizations can only access their own data.
Third-Party Services
- Anthropic (Claude): for AI analysis. Your data is sent to the Anthropic API for processing but is not used to train their models.
- Stripe: for payment processing. We do not store your credit card details.
- Sentry: for error monitoring (no personal data).
- Resend: for transactional emails.
Your Rights (GDPR)
Under the General Data Protection Regulation (GDPR), you have the right to:
- Access: request a copy of all data we hold about you.
- Rectification: correct inaccurate data.
- Deletion: request deletion of your account and all associated data.
- Export: receive your data in a portable format.
- Objection: object to processing of your data.
To exercise any of these rights, email robin@flatlineagency.com. We will respond within 30 days.
Data Retention
We retain your data for as long as your account is active. When you delete your account or uninstall the app, we delete all associated data within 30 days in accordance with Shopify GDPR requirements.
Changes to This Policy
We may update this policy from time to time. Significant changes will be communicated via email. Continued use of MerchantOS after changes constitutes acceptance.