Privacy Policy

Effective date: [TBD — populate before public launch]

1. What We Collect

• Account data: business name, email, license numbers (voluntary), states you ship to.
• Usage data: the questions you ask our AI and the compliance checks you run, retained to improve accuracy and satisfy SOC2 audit requirements.
• Order metadata (when you connect Commerce7): order IDs, destinations, product references, compliance status. We do not receive credit card numbers.
• Analytics: we use Plausible Analytics, which is cookieless and does not collect personal data or cross-site tracking identifiers.

2. What We Do Not Collect

• We do not sell personal data.
• We do not use third-party advertising trackers.
• We do not use your prompts or responses to train third-party LLMs. Our LLM provider (Anthropic) is contractually bound not to train on our API traffic.

3. Data Retention

Audit logs are retained for 7 years to satisfy SOC2 and bev-alc industry retention expectations. Account data is retained for the life of your account plus 30 days. You can request earlier deletion of non-audit data at any time by emailing privacy@getratify.ai.

4. Data Access and Deletion (GDPR / CCPA / CPRA)

You can request a copy of the data we hold about you, or its deletion, at any time — email privacy@getratify.ai. We respond within the window required by the applicable law — within 30 days for GDPR requests and 45 days for CCPA / CPRA requests.

5. Subprocessors

• Supabase — database, auth, storage (USA)
• Anthropic — LLM inference (USA)
• Sentry — error monitoring (USA, configured with strict PII scrubbing)
• Plausible Analytics — privacy-safe page analytics (EU)
• Resend — transactional email (USA)

6. Contact

Privacy questions: privacy@getratify.ai