1. Introduction
Curie Vision, Inc. ("Curie," "we," "us," or "our") operates the Curie Shopping application ("App") available on the Shopify App Store. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you install and use our App.
By installing or using the App, you agree to the terms of this Privacy Policy. If you do not agree, please uninstall the App immediately.
2. Information We Collect
2.1 Store Information
When you install the App, we collect information about your Shopify store, including:
- Store name and domain (e.g., your-store.myshopify.com)
- Store owner email address
- Shopify plan information
- Store currency and locale settings
2.2 Product Catalog Data
We sync your product catalog from Shopify, including:
- Product titles, descriptions, and handles
- Product images and media (including 3D models)
- Pricing and variant information
- Product categories, tags, and vendor information
- Inventory status
2.3 Conversation Logs
When customers interact with the Curie Shopping AI assistant, we collect:
- Chat messages and queries (anonymized, not linked to individual customers)
- Product search queries
- AI response data
2.4 Usage and Analytics Data
- Credit usage and billing information
- Feature usage statistics
- API request logs (anonymized)
2.5 What We Do NOT Collect
We do not collect or store:
- Customer personal information (names, emails, addresses, phone numbers)
- Payment or credit card information
- Customer order or purchase history
- Customer browsing behavior on your store
3. How We Use Your Information
We use the collected information to:
- Provide AI-powered shopping: Power conversational product discovery, search, and recommendations
- Generate 3D models: Create interactive 3D models from your product images using AI processing
- Sync product data: Keep your product catalog up-to-date between Shopify and our platform
- Manage billing: Track credit usage and process subscription payments through Shopify Billing
- Enable agentic commerce: Serve your product data via MCP servers and llms.txt for AI agent discovery
- Improve the service: Analyze usage patterns to improve AI accuracy and feature development
4. Data Storage and Security
Your data is stored securely using the following infrastructure:
- Supabase (PostgreSQL) — Stores product catalog, store configuration, billing records, and session data. Hosted on AWS infrastructure with encryption at rest.
- Cloudflare R2 — Stores 3D model files (GLB, USDZ) and processed images. Data encrypted at rest with AES-256.
- Cloudflare Workers — Processes API requests at the edge. No persistent data storage; all data flows to Supabase.
- Vercel — Hosts the application frontend. No customer data is stored on Vercel.
We implement industry-standard security measures including:
- HMAC-SHA256 webhook signature verification
- Encrypted API credentials at rest
- HTTPS/TLS for all data in transit
- Role-based access controls
- Regular security audits
5. Third-Party Services
We use the following third-party services to provide our App functionality:
- Supabase — Database and authentication (Privacy Policy)
- Cloudflare — CDN, storage, and edge computing (Privacy Policy)
- LLM Providers (OpenAI, Anthropic, Google) — AI processing for conversational shopping. Product data sent to these providers is used solely for generating responses and is not retained by the providers for training.
- 3D Generation Providers (Meshy, Trellis, Hunyuan3D, TripoSR) — 3D model generation from product images.
6. Data Retention
- Active stores: We retain your data for as long as the App is installed on your store.
- After uninstall: When you uninstall the App, we mark your store as inactive. All store data (products, conversations, billing records, 3D models, and configuration) is permanently deleted within 30 days of uninstall, or upon receiving Shopify's shop/redact webhook (whichever comes first).
- Conversation logs: Anonymized conversation data may be retained for up to 90 days for service improvement, after which it is permanently deleted.
- Billing records: Payment transaction records are retained for 7 years as required by applicable tax and accounting regulations.
7. Your Rights
Depending on your location, you may have the following rights regarding your data:
- Access: Request a copy of the data we hold about your store.
- Correction: Request correction of inaccurate data.
- Deletion: Request deletion of your data (also triggered automatically by Shopify GDPR webhooks).
- Portability: Request your data in a machine-readable format.
- Objection: Object to certain processing activities.
To exercise any of these rights, please contact us using the information below.
8. California Privacy Rights (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act. We do not sell personal information. You may request disclosure of the categories of personal information collected, the purposes for collection, and the categories of third parties with whom we share information.
9. Children's Privacy
Our App is not directed to individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected information from a child under 13, we will delete it promptly.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page and updating the "Last updated" date. Continued use of the App after changes constitutes acceptance of the updated policy.
11. Contact Us
If you have questions or concerns about this Privacy Policy or our data practices, please contact us: