Privacy Policy

What we collect

When you use our free audit tool, we collect the Shopify store URL you submit and the email address you provide to receive your report. We also collect standard server logs including your IP address (used for rate limiting only).

When you install the Vapely Compliance Shopify app, we access your store's product catalog data — titles, descriptions, variants, tags, and metafields — through Shopify's standard API. We do not access customer data, orders, payment information, or personally identifiable information about your customers.

How we use it

• To perform compliance analysis on your product catalog
• To generate and email your compliance audit report
• To rate-limit audit requests and prevent abuse
• To improve the accuracy of our compliance detection algorithms

What we don't do

• Sell your data to third parties
• Use your store data to train AI models without consent
• Store your product data longer than 90 days after your last scan
• Share your compliance results publicly without your permission

Third-party services

We use the following third-party services to deliver our product:

• xAI Grok / OpenAI — AI analysis for compliance reports (data is not retained by these providers for training without opt-in)
• Supabase — Database for storing scan results (hosted on AWS, SOC 2 compliant)
• Vercel — Hosting (GDPR compliant)
• Shopify — App platform (for installed app only)

Data retention

Audit results are retained for 90 days to allow you to reference your report. You may request deletion at any time by emailing privacy@mercurysolutions.ca.

Your rights (GDPR / PIPEDA)

You have the right to access, correct, or delete your personal data. You also have the right to data portability and to withdraw consent where applicable. To exercise these rights, contact us at privacy@mercurysolutions.ca.

Contact

Mercury Solutions
Calgary, Alberta, Canada
privacy@mercurysolutions.ca