Privacy Policy — Vapely Compliance by Mercury Solutions

Mercury Solutions ("we," "us," or "our") respects your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use the Vapely Compliance Shopify application.

1. Information We Collect

When you install and use Vapely Compliance, we collect the following types of information:

Store Information: Your Shopify store domain, email address, and basic store settings required to operate the app.
Product Data: Product titles, descriptions, tags, variants, and images. This data is processed by our AI to generate compliance classifications.
Customer Checkout Data: During the checkout process, we temporarily process the customer's shipping state/province and IP address to determine if the products in their cart are legally permitted to be shipped to their location.
Usage Logs: We maintain logs of compliance evaluations, blocked checkouts, and manual overrides for auditing and troubleshooting purposes.

We do not store your customers' names, exact street addresses, or payment information.

2. How We Use Your Information

We use the collected information solely to:

Provide, operate, and maintain the Vapely Compliance service.
Classify your products and evaluate them against regulatory databases.
Block restricted checkouts via Shopify Checkout Extensibility.
Provide customer support and troubleshoot issues.
Improve our AI models and regulatory accuracy.

3. Data Sharing and Third Parties

We do not sell, rent, or trade your store data or your customers' data to third parties. We may share data with trusted third-party service providers strictly for the purpose of operating the app, including:

Secure cloud hosting via Supabase
AI processing via xAI

All third-party processors are bound by strict data protection agreements.

4. Data Retention and Deletion

We retain your product classifications and compliance logs for as long as you have the app installed.

If you uninstall Vapely Compliance, you may request the deletion of your store's data by contacting our support team. We will delete your data within 30 days of a verified request, except where retention is required by law.

5. Security

We implement industry-standard security measures to protect your data, including encryption in transit and at rest. However, no method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

6. Contact Us

If you have any questions about this Privacy Policy, please contact us at: dev@mercurysolutions.ca