Legal

Privacy Policy

Last updated: May 1, 2025

SmartRetail AI ("we", "our", "us") is committed to protecting your privacy. This policy explains what data we collect, how we use it, and your rights over it. If you have questions, contact us at privacy@smartretailai.com.

1. Information We Collect

  • Account information: Your name, email address, and password (hashed with bcrypt, never stored in plain text).
  • Business data: Product catalog, inventory levels, sales transactions, and store configuration you enter into SmartRetail AI.
  • Usage data: Pages visited, features used, and interaction logs collected for product improvement.
  • Technical data: IP address, browser type, device identifiers, and error logs used to maintain system stability.

2. How We Use Your Information

  • To provide and improve the SmartRetail AI platform, including AI-powered features that analyze your business data.
  • To send transactional emails (account creation, password reset) and, with your consent, product update emails.
  • To diagnose and fix technical issues, and to monitor service reliability.
  • We do not sell your personal information to third parties. Ever.

3. AI Features and Your Data

  • SmartRetail AI uses Google Gemini AI to power features like Sales Forecasting, Business Insights, Restock Recommendations, and the AI Copilot.
  • When you use an AI feature, a prompt containing your anonymized store data is sent to the Gemini API. This data includes aggregated sales figures, product names and stock levels, and transaction patterns.
  • We do not send customer personal data (names, contact info, payment card numbers) to any AI provider. We do not store or log AI conversation history beyond your current browser session.
  • Google's data handling is governed by Google's API Terms of Service and Privacy Policy.

4. Data Storage and Security

  • Your data is stored in Neon PostgreSQL, a managed cloud database with encryption at rest and automated backups.
  • All data transmission uses TLS 1.3 encryption. Authentication uses short-lived JWT access tokens (1-day expiry) and rotating refresh tokens (7-day expiry).
  • We implement role-based access control so that each user can only access data appropriate to their role (Cashier, Owner, Admin).
  • In the event of a data breach that affects your personal information, we will notify affected users within 72 hours.

5. Data Retention

  • Active accounts: Your data is retained for the duration of your subscription.
  • Cancelled accounts: Data is retained for 90 days after cancellation, giving you time to export. After 90 days, data is permanently deleted.
  • You can request a full export of your data at any time by contacting support.

6. Your Rights

  • Access: Request a copy of all personal data we hold about you.
  • Correction: Update inaccurate information via your account settings or by contacting us.
  • Deletion: Request deletion of your account and all associated data.
  • Portability: Receive your data in a structured, machine-readable format (CSV).
  • To exercise any of these rights, contact us at privacy@smartretailai.com.

7. Cookies

  • We use a single authentication cookie (access_token) to maintain your login session. This is a strictly necessary cookie and cannot be disabled without signing out.
  • We do not use third-party advertising cookies or cross-site tracking.

8. Changes to This Policy

  • We will notify you by email at least 30 days before making material changes to this privacy policy.
  • Continued use of SmartRetail AI after the effective date constitutes acceptance of the updated policy.

Questions about this policy? Contact us