Last updated: May 1, 2026
Verdict AI ("we", "our", "us") operates the Verdict AI: PDP Decision Panel application ("App") for Shopify. This Privacy Policy describes how we collect, use, store, and protect information when merchants install and use the App.
When you install Verdict AI, we access the following data from your Shopify store through Shopify's official API with your explicit permission:
Store metadata: Shop domain, store name, primary email, currency, locale, timezone, and Shopify plan.
Product catalog: Product title, description, product type, vendor, tags, options, variants, prices, images, inventory status, and metafields. This is the data Verdict AI uses to generate decision panels.
Theme & storefront context: Active theme ID and template references required to render the storefront panel via App Embed and App Block.
Aggregate panel telemetry: Panel impressions, clicks, "Perfect for / Skip if" expansions, dismissals, and add-to-cart events that occur after panel interaction. This is anonymous and never tied to individual shoppers.
Billing context: Shopify subscription ID, plan tier, and billing status surfaced by Shopify's Billing API. We do not store credit card numbers or bank account details — Shopify handles all payment processing.
What we do NOT collect: Customer names, email addresses, shipping addresses, payment methods, IP addresses of shoppers, or any personally identifiable information about your customers.
We use your store data exclusively to:
(a) Generate AI-written "Perfect for / Skip if" decision panels for your products;
(b) Render those panels on your storefront via the Shopify Theme App Extension;
(c) Show you panel performance analytics inside the embedded admin app;
(d) Enforce plan limits and bill you correctly through Shopify's Subscription API;
(e) Diagnose errors and improve panel quality for your specific catalog.
We do not sell, rent, trade, or share your data with third parties for marketing or advertising. We do not use your catalog data to train foundation models.
Verdict AI uses Anthropic's Claude API to generate panel content. When we call Claude, we send only the product information needed to write a panel (title, description, tags, variants, ingredients) — never customer data. Anthropic does not retain prompt content for model training under their commercial API terms.
Our active subprocessors are:
• Anthropic, PBC — AI panel generation (api.anthropic.com)
• Supabase, Inc. — Managed PostgreSQL database (data hosted in US region)
• Vercel, Inc. — Application hosting and serverless compute
• Shopify, Inc. — Authentication, billing, and theme delivery
Your data is stored in encrypted PostgreSQL databases. Data in transit is encrypted with TLS 1.3. Access to production systems requires multi-factor authentication and is logged. Shopify access tokens are encrypted at rest. We follow Shopify's published security requirements for embedded apps including HMAC validation on all webhooks and session token authentication on admin requests.
We retain product catalog snapshots and generated panels for as long as the App is installed on your store. Aggregate panel telemetry is retained for 365 days. When you uninstall the App, we trigger Shopify's mandatory shop/redact webhook 48 hours after uninstall, and we delete all of your shop data within 30 days. You can request immediate deletion before then by emailing the address in Section 10.
We implement Shopify's three mandatory privacy webhooks:
• customers/data_request — We respond within 30 days. Verdict AI does not store individual customer data, so requests typically return an empty record set with confirmation.
• customers/redact — Same: we have no customer PII to redact, and we confirm in our response.
• shop/redact — Triggered 48 hours after uninstall. We delete all shop data within 30 days.
EU/UK merchants: we act as a data processor on your behalf. A Data Processing Addendum is available on request. California merchants: you have the right to know what data we process and to request deletion under CCPA — contact us via Section 10.
You have the right to access the data we process about your store, request correction or deletion, export your data in a machine-readable format, and lodge a complaint with your supervisory authority. Uninstalling the App from your Shopify admin withdraws consent and triggers our deletion process.
The Verdict AI admin uses Shopify's session token authentication only — no third-party cookies. Our storefront panel does not set cookies, does not use fingerprinting, and does not load third-party trackers. We respect Global Privacy Control signals.
We may update this policy as the App evolves. Material changes will be communicated via in-app notification at least 14 days before they take effect. The "Last updated" date at the top of this page reflects the current version.
For privacy questions, data subject requests, DPA requests, or general support, email support.verdictapp@gmail.com.