Privacy Policy

Last updated: June 14, 2026

1. What we collect

• Account information: your email address, display name, and profile photo from your sign-in provider (Google or email/password).
• Content you provide: images, text, product details, prompts, templates, and the settings you save in the app.
• Connection credentials you choose to add: for example Shopify app credentials, a ShineOn API token, or a Google Drive authorization, stored so the app can act on your behalf.
• Usage records: basic logs of actions the app takes for you (for example publish and generation history) so the app can function and so problems can be diagnosed.

2. How we use it

Only to run the Service: to sign you in, store your work, generate the content you ask for, publish to the platforms you connect, and keep the Service secure. We do not sell your data, and we do not use your content to train AI models.

3. Where it lives

Your data is stored in Google Firebase (Firestore and Cloud Storage). The application server runs on Railway, and traffic may pass through Cloudflare. Some generated assets are automatically deleted after a retention period (currently about 15 days for generated ad images and card images).

4. Who else processes it

• AI providers: when you generate text or images, the content needed for that generation (for example your prompt, product photo, or card image) is sent to the AI provider that performs it.
• Platforms you connect: Shopify, ShineOn, Google Drive, and Google Sheets receive the data needed to do what you asked (for example publishing a product or uploading ad images).
• Infrastructure: Google (Firebase), Railway (hosting), and Cloudflare (network).

We share nothing with anyone else, and nothing for advertising purposes.

5. Cookies and tracking

The Service uses authentication state (Firebase) to keep you signed in. There are no third-party advertising or analytics trackers.

6. Retention and deletion

Your account data is kept while your account is active. Generated assets are cleaned up automatically on a rolling basis. To delete your account and its data, email support@shineon.com from your account's email address and we will remove it within a reasonable time, except where retention is required for legal or security reasons.

7. Security

Access to data is restricted by per-account security rules (each account can only read and write its own data), provider secrets are kept server-side only, and connections use encrypted transport (HTTPS). No system is perfectly secure, so keep your login credentials and API keys private.

8. Your choices

You can disconnect any linked platform at any time from the app's settings, ask us for a copy of your data, or ask for deletion (section 6). If you believe data is held about you in error, contact us.

9. Changes

We may update this policy from time to time; the "Last updated" date above reflects the current version. Meaningful changes will be visible here before they take effect.

10. Contact

Privacy questions: support@shineon.com.