Privacy Policy

Last updated: 4 March 2026

Sunforce ("we", "us", "our") is a trading name operating under the laws of England and Wales. We operate the Sunforce application (the "Service"), a Shopify app that provides AI-powered financial intelligence for e-commerce merchants. This Privacy Policy explains how we collect, use, and protect your information when you use our Service.

1. Information We Collect

1.1 Shopify Store Data

When you install Sunforce, we access the following data from your Shopify store through Shopify's API:

• Orders – order totals, line items, discounts, refunds, and fulfilment status
• Products – product names, variants, SKUs, prices, and cost-of-goods data
• Inventory – stock levels and inventory costs
• Shop information – store name, currency, Shopify plan, and domain

We do not access customer personal data (names, emails, addresses, payment details) from your Shopify store.

1.2 Data You Provide

• Business expenses – costs you track through Sun (e.g., "I spent £500 on Facebook ads")
• Chat messages – questions and instructions you send to Sun
• Financial goals – revenue/profit targets you set
• Settings – alert thresholds, ad spend figures, and Shopify plan selection

1.3 Automatically Collected

• Shopify session tokens (for authentication)
• Basic usage data (feature usage, error logs)

2. How We Use Your Data

We use your data solely to provide the Service:

• Calculate profitability, P&L statements, and financial metrics
• Power AI chat responses from Sun (your questions and relevant store data are sent to our AI provider to generate answers)
• Generate automated alerts, financial briefings, and reports
• Track expenses and financial goals you set
• Improve the Service and fix bugs

3. AI Processing

When you chat with Sun, your message and relevant store data are sent to Anthropic (Claude) for processing. Anthropic does not use your data to train their models. We only send the minimum data needed to answer your specific question. No customer personal data is ever sent to the AI.

4. Data Storage & Security

• Your data is stored in a PostgreSQL database hosted by Supabase (cloud infrastructure)
• Shopify access tokens are encrypted at rest using AES-256
• All data transmission uses HTTPS/TLS encryption
• We do not store credit card or payment information
• Database access is restricted to authenticated application services only

5. Data Sharing

We do not sell, rent, or share your data with third parties, except:

• Anthropic – to process AI chat requests (as described in Section 3)
• Infrastructure providers – Supabase (database), Vercel (hosting), Render (background processing) – who act as data processors under our instruction
• Legal requirements – if required by law, regulation, or legal process

6. Data Retention

• Your data is retained as long as you have Sunforce installed
• When you uninstall, we mark your account as inactive. Data is permanently deleted within 30 days of uninstallation
• You can request immediate deletion at any time by contacting us

7. Your Rights

Under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, you have the right to:

• Access – request a copy of the data we hold about your store
• Rectification – update or correct inaccurate data
• Erasure – request deletion of your data ("right to be forgotten")
• Data portability – download your financial data (available via Sun's export feature)
• Object – object to processing in certain circumstances
• Withdraw consent – uninstall the app at any time through Shopify

To exercise any of these rights, please contact us at the details below.

8. Legal Basis for Processing

Our legal basis for processing your data under UK GDPR is the performance of our contract with you (i.e., providing the Service you have installed). For certain processing activities, we may also rely on legitimate interests (such as improving and securing the Service).

9. International Data Transfers

Your data may be processed in the United States where our infrastructure providers operate. We ensure appropriate safeguards are in place for international transfers, including standard contractual clauses approved by the UK Information Commissioner's Office (ICO) and reliance on adequacy decisions where applicable.

10. Cookies

Sunforce operates within the Shopify admin and does not use cookies on the landing page beyond essential session cookies required for authentication. We do not use advertising or tracking cookies.

11. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes through the app or via the email associated with your Shopify account. Continued use of the Service after changes constitutes acceptance.

12. Contact & Complaints

For privacy-related questions, data requests, or concerns:

Email: support@sunforce.finance
Website: https://sunforce.finance

If you are not satisfied with our response, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.

13. Governing Law

This Privacy Policy is governed by the laws of England and Wales. Any disputes arising from this policy shall be subject to the exclusive jurisdiction of the courts of England and Wales.