Privacy Policy

Effective Date: April 15, 2026  |  Last Updated: May 8, 2026

WarrantyBrain ("we," "us," "our") operates the WarrantyBrain Shopify application and the website at warrantybrain.io. This Privacy Policy explains how we collect, use, share, and protect personal data — and your rights with respect to it.

1. Who We Are

WarrantyBrain is the data controller for data collected directly on warrantybrain.io (leads, merchant accounts). For warranty claim data submitted through a merchant's Shopify store, WarrantyBrain acts as a data processor on behalf of the merchant (the data controller). Contact: hello@warrantybrain.io.

2. Data We Collect

Data TypeWhat We CollectLegal Basis (GDPR)
Lead formShop domain, email address, selected pricing tierLegitimate interests (pre-contract)
Shopify app installShop domain, merchant contact email, and encrypted Shopify connection credentialContract performance
Warranty claimsCustomer email, order ID/name, product title, SKU, serial number, claim description, claim status, and EXIF-stripped claim photos when uploaded. For fraud checks we store hashed customer identifiers and perceptual photo hashes.Contract performance; legitimate interests (fraud prevention)
AnalyticsPage views via Plausible Analytics (cookie-free). Meta Pixel (IP address, browser info, page URL) — used for advertising measurement only.Legitimate interests (marketing analytics)

3. How We Use Your Data

We use collected data to: (a) process warranty claims via AI-assisted review; (b) flag repeat warranty abuse patterns; (c) generate What I Found findings and analytics reports for merchants; (d) send transactional notifications to merchants and customers; (e) measure advertising effectiveness; and (f) maintain and improve the Service. We do not sell personal data to third parties.

4. AI Processing

Warranty claims are analyzed by Anthropic's Claude API. Data sent to Anthropic includes claim context needed to evaluate the claim, such as hashed customer identifiers where possible, order history summary, product and serial-number facts, claim description, and submitted evidence. Anthropic does not use API-submitted data to train its models, per Anthropic's API data usage policy. Anthropic retains API request logs for up to 30 days for abuse detection only.

5. Repeat-Abuse Pattern Checks

To flag potential warranty abuse, we may compare anonymized signals such as hashed email addresses, hashed shipping addresses, device fingerprints, and perceptual photo hashes. No raw personal data is shared across merchants. Risk signals are used only to support merchant review — no merchant can see another merchant's customer data.

The legal basis for this processing is legitimate interests (fraud prevention), which we have determined outweighs the privacy interests of individuals given the minimal intrusiveness of the hashing approach and the clear benefit of fraud prevention for consumers and merchants alike.

6. Data Retention

7. Sub-Processors and Third-Party Services

We share data with the following sub-processors:

ServicePurposeData Shared
AnthropicAI claim analysisHashed claim data (no raw PII)
SendGrid (Twilio)Transactional email deliveryMerchant & customer email addresses
RailwayApplication hostingAll application data (encrypted at rest)
ShopifyBilling & paymentsMerchant billing info (handled by Shopify)
Plausible AnalyticsCookie-free website analyticsAnonymized page view data
MetaAdvertising measurementPage URLs, IP (via Pixel)
Hunter.ioSales lead enrichment (B2B contacts only)Business email/company data — no customer PII

8. Data Security

All data is transmitted over HTTPS/TLS 1.2+. Our application enforces HSTS, CSP, and security headers. Database access is restricted to authenticated application code. Shopify connection credentials are encrypted at rest. In the event of a data breach affecting personal data, we will notify affected merchants within 72 hours of discovery, and will notify affected consumers as required by applicable law.

9. Your Rights

All users: You may request access to, correction of, export of, or deletion of your data by emailing hello@warrantybrain.io. We respond within 30 days. Shopify privacy requests and required store-removal notices are handled through Shopify's signed compliance system.

EU/UK residents (GDPR/UK GDPR): You have the right to access, rectification, erasure, restriction of processing, data portability, and to lodge a complaint with your national supervisory authority. Where processing is based on legitimate interests, you have the right to object.

California residents (CCPA/CPRA): You have the right to know what personal information we collect and how it is used, to delete your personal information, to correct inaccurate personal information, and to opt out of the sharing of your personal information for cross-context behavioral advertising. To exercise your right to opt out of sharing, email hello@warrantybrain.io with the subject line "Do Not Share My Personal Information." We do not discriminate against users who exercise their privacy rights.

10. Cookies

WarrantyBrain uses Plausible Analytics, which is cookie-free. Meta Pixel is used on marketing pages for advertising measurement and may set cookies in your browser. You may opt out of Meta's advertising cookies at facebook.com/adpreferences or via your browser's privacy settings.

11. Children's Data

Our Service is designed for Shopify merchants (businesses) and is not directed at individuals under 16. We do not knowingly collect personal data from minors. If you believe a minor's data has been submitted through a warranty claim, please contact us for deletion.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify merchants of material changes via email at least 14 days before changes take effect. Continued use of the Service after that date constitutes acceptance of the updated policy.

13. SMS / Text Message Communications

What we send. WarrantyBrain sends transactional SMS messages to merchants who have explicitly opted in from app Settings. Messages are sent only when a warranty claim requires the merchant's review or action, and may include the product name, claim type, and a pointer to the merchant's dashboard. Product spikes, digests, and general intelligence stay in email or the dashboard. We do not send marketing SMS, promotional SMS, or any two-way SMS conversation.

Phone number & consent. By adding a contact phone number in the app Settings and checking the SMS consent box, you consent to receive transactional SMS from us at that number. Message frequency varies with claim volume — typically 0–2 messages per week. We do not charge for these messages, but standard message and data rates from your carrier may apply.

Carriers. SMS is delivered via Twilio's toll-free messaging service (number +1 855-590-0980) on the following U.S. carriers and their MVNOs: AT&T, T-Mobile, Verizon, US Cellular, and most regional carriers. Delivery is subject to carrier availability and is not guaranteed.

Opt out. You may opt out of SMS at any time by replying STOP to any message we send, or by uninstalling the WarrantyBrain app (which removes your consent). After opting out we will send a one-time confirmation message and then no further SMS. To re-subscribe, reinstall the app or contact support. Reply HELP to any message for help.

Data we store. When you receive an SMS from us, we log: the message body, the time it was sent, the recipient phone number, and the delivery status (delivered / failed / undeliverable) reported by Twilio. We do not store the content of your SMS replies. We do not share phone numbers with any third party for marketing purposes.

Data retention for SMS logs. SMS log records are retained for 90 days, then deleted. Aggregated, anonymized delivery statistics (e.g. "X% delivery success in May 2026") may be retained longer.

14. Contact

Privacy questions: hello@warrantybrain.io
WarrantyBrain — warrantybrain.io

Terms of Service  |  ← Back to WarrantyBrain