Privacy
Policy

Last updated: 13 May 2026

1. Who we are

Companion is a weekly AI-powered digest service for Shopify store owners, operated by José Miguel Pires Fernandes, based in Lisbon, Portugal. Contact: hello@myowncompanion.com

2. What data we collect

Store data (via Shopify OAuth)

When you connect your Shopify store, we request read-only access to:

• Orders - revenue, order count, average order value
• Products - top-selling items and revenue by product
• Customers - new vs returning counts (no personal customer data stored)
• Analytics - sessions and conversion rates (where available)
• Store info - store name, owner email, currency, timezone

We never access or store your customers' personal information, payment details, or addresses.

Account data

• Your name and email address (from your Shopify account)
• Subscription plan and billing status (managed by Shopify)
• Digest history - weekly performance scores and summaries

Technical data

• IP address and browser type (server logs, retained 30 days)
• Cookies - session and preference cookies only (see Section 7)

3. How we use your data

• To generate your weekly performance digest email
• To compare this week's metrics against previous weeks
• To manage your subscription and send billing receipts
• To improve AI-generated insights (anonymised, aggregate only)
• To contact you about service updates or issues

We never use your store data for advertising, sell it to third parties, or share it with anyone except the processors listed in Section 5.

4. Legal basis (GDPR)

• Contract performance - processing your store data to deliver the weekly digest you subscribed to
• Legitimate interest - improving service quality using anonymised aggregate data
• Legal obligation - retaining billing records as required by Portuguese tax law

5. Who we share data with

• Anthropic - AI model provider. Store metrics are sent to their API and not retained after processing. Privacy policy →
• Supabase - Database hosting (EU region). Privacy policy →
• Shopify Payments - Billing is handled directly by Shopify through Shopify App Pricing. We never see or store your card details. Privacy policy →
• Resend - Email delivery. Privacy policy →
• Vercel - Application hosting. Privacy policy →

6. Data retention

• Store metrics snapshots: retained for 12 months
• Digest history: retained for 24 months
• Account data: deleted within 30 days of account deletion
• Billing records: retained for 7 years as required by Portuguese law

7. Cookies

We use only essential cookies:

• shopify_state - a temporary security token used during Shopify OAuth. Expires after 10 minutes.
• Session cookies - to keep you logged in. Deleted when you close your browser.

No advertising cookies, tracking pixels, or third-party analytics. No Google Analytics.

8. Your rights

• Access - request a copy of all data we hold about you
• Rectification - correct any inaccurate data
• Erasure - request deletion of your data
• Portability - receive your data in a machine-readable format
• Objection - object to processing based on legitimate interest

Email hello@myowncompanion.com to exercise any of these rights. We respond within 30 days. You may also lodge a complaint with the Portuguese data protection authority at cnpd.pt.

9. Security

HTTPS encryption in transit, encrypted storage at rest, access controls limited to the operator, and regular security reviews. Shopify API tokens are stored encrypted. In the event of a data breach, we will notify you within 72 hours as required by GDPR.

10. Changes

We will notify you by email at least 14 days before any material changes take effect.