Privacy Policy

Sherpa gives online stores visibility into the AI agents that browse, compare, and buy on their behalf. This policy explains what we collect, why, and the choices you have. It applies to our website, the free report, and the Sherpa app for Shopify.

In this policy, Sherpa, we, and us refer to the operator of Sherpa. If you have questions, contact us at privacy@getsherpa.app.

We keep collection deliberately narrow.

• Account details. Your email address, used to sign you in and send your reports. If you sign in with Google, we receive your email and basic profile from Google.
• Stores you scan. The store URL you submit and the publicly observable results of the scan (such as robots.txt, page markup, and structured data). This is public information about a website, not personal data.
• Agent traffic signals (Sherpa app). When the app is installed, we record technical signals about requests to your store, such as user agent, network source, and request behavior, to tell real AI agents from impersonators. We do not collect your shoppers' names, payment details, or the contents of their carts.
• Product usage. Basic logs needed to run and secure the service.

• We do not sell individual store data to anyone.
• We do not capture your customers' prompts or conversations. Our AI Visibility feature asks AI models questions through their APIs. It never reads what your shoppers type.
• We do not fabricate data. Where a signal cannot be verified, we say so rather than guess.

We use the data above to:

• provide your reports, detection, and recommendations;
• send transactional email (your sign-in code and report links);
• with your consent, send product updates you can unsubscribe from at any time;
• secure, debug, and improve the service.

We share data only with providers that help us run Sherpa, under their own security and privacy commitments.

• Supabase — database and authentication.
• Resend — transactional email delivery.
• Anthropic — the AI model queried for the visibility feature.
• Vercel — website and application hosting.
• Google — optional sign-in, if you choose it.
• Shopify — when you install the Sherpa app on your store.

Data is encrypted in transit. Stored data is access-controlled with row-level security, and the keys that bypass those controls live only on our servers, never in your browser. We keep data for as long as your account is active or as needed to provide the service, then delete or anonymize it.

Depending on where you live, you may have rights to access, correct, export, or delete your data, and to object to certain processing. You can unsubscribe from product email at any time using the link in the email. To make a request, email privacy@getsherpa.app and we will respond within the time required by applicable law. We comply with GDPR and CCPA where they apply.

We use your browser's local storage to keep you signed in. We do not use advertising cookies or sell tracking data.

We may update this policy as the product evolves. Material changes will be reflected by the date above. Questions or requests go to privacy@getsherpa.app.