WarrantyBrain ("we," "us," "our") operates the WarrantyBrain Shopify application and the website at warrantybrain.io. This Privacy Policy explains how we collect, use, share, and protect personal data — and your rights with respect to it.
WarrantyBrain is the data controller for data collected directly on warrantybrain.io (leads, merchant accounts). For warranty claim data submitted through a merchant's Shopify store, WarrantyBrain acts as a data processor on behalf of the merchant (the data controller). Contact: hello@warrantybrain.io.
| Data Type | What We Collect | Legal Basis (GDPR) |
|---|---|---|
| Lead form | Shop domain, email address, selected pricing tier | Legitimate interests (pre-contract) |
| Shopify app install | Shop domain, merchant contact email, and encrypted Shopify connection credential | Contract performance |
| Warranty claims | Customer email, order ID/name, product title, SKU, serial number, claim description, claim status, and EXIF-stripped claim photos when uploaded. For fraud checks we store hashed customer identifiers and perceptual photo hashes. | Contract performance; legitimate interests (fraud prevention) |
| Analytics | Page views via Plausible Analytics (cookie-free). Meta Pixel (IP address, browser info, page URL) — used for advertising measurement only. | Legitimate interests (marketing analytics) |
We use collected data to: (a) process warranty claims via AI-assisted review; (b) flag repeat warranty abuse patterns; (c) generate Warranty Risk Scan and analytics reports for merchants; (d) send transactional notifications to merchants and customers; (e) measure advertising effectiveness; and (f) maintain and improve the Service. We do not sell personal data to third parties.
Warranty claims are analyzed by Anthropic's Claude API. Data sent to Anthropic includes claim context needed to evaluate the claim, such as hashed customer identifiers where possible, order history summary, product and serial-number facts, claim description, and submitted evidence. Anthropic does not use API-submitted data to train its models, per Anthropic's API data usage policy. Anthropic retains API request logs for up to 30 days for abuse detection only.
To flag potential warranty abuse, we may compare anonymized signals such as hashed email addresses, hashed shipping addresses, device fingerprints, and perceptual photo hashes. No raw personal data is shared across merchants. Risk signals are used only to support merchant review — no merchant can see another merchant's customer data.
The legal basis for this processing is legitimate interests (fraud prevention), which we have determined outweighs the privacy interests of individuals given the minimal intrusiveness of the hashing approach and the clear benefit of fraud prevention for consumers and merchants alike.
We share data with the following sub-processors:
| Service | Purpose | Data Shared |
|---|---|---|
| Anthropic | AI claim analysis | Hashed claim data (no raw PII) |
| SendGrid (Twilio) | Transactional email delivery | Merchant & customer email addresses |
| Railway | Application hosting | All application data (encrypted at rest) |
| Shopify | Billing & payments | Merchant billing info (handled by Shopify) |
| Plausible Analytics | Cookie-free website analytics | Anonymized page view data |
| Meta | Advertising measurement | Page URLs, IP (via Pixel) |
| Hunter.io | Sales lead enrichment (B2B contacts only) | Business email/company data — no customer PII |
All data is transmitted over HTTPS/TLS 1.2+. Our application enforces HSTS, CSP, and security headers. Database access is restricted to authenticated application code. Shopify connection credentials are encrypted at rest. In the event of a data breach affecting personal data, we will notify affected merchants within 72 hours of discovery, and will notify affected consumers as required by applicable law.
All users: You may request access to, correction of, export of, or deletion of your data by emailing hello@warrantybrain.io. We respond within 30 days. Shopify privacy requests and required store-removal notices are handled through Shopify's signed compliance system.
EU/UK residents (GDPR/UK GDPR): You have the right to access, rectification, erasure, restriction of processing, data portability, and to lodge a complaint with your national supervisory authority. Where processing is based on legitimate interests, you have the right to object.
California residents (CCPA/CPRA): You have the right to know what personal information we collect and how it is used, to delete your personal information, to correct inaccurate personal information, and to opt out of the sharing of your personal information for cross-context behavioral advertising. To exercise your right to opt out of sharing, email hello@warrantybrain.io with the subject line "Do Not Share My Personal Information." We do not discriminate against users who exercise their privacy rights.
WarrantyBrain uses Plausible Analytics, which is cookie-free. Meta Pixel is used on marketing pages for advertising measurement and may set cookies in your browser. You may opt out of Meta's advertising cookies at facebook.com/adpreferences or via your browser's privacy settings.
Our Service is designed for Shopify merchants (businesses) and is not directed at individuals under 16. We do not knowingly collect personal data from minors. If you believe a minor's data has been submitted through a warranty claim, please contact us for deletion.
We may update this Privacy Policy from time to time. We will notify merchants of material changes via email at least 14 days before changes take effect. Continued use of the Service after that date constitutes acceptance of the updated policy.
Privacy questions: hello@warrantybrain.io
WarrantyBrain — warrantybrain.io