Privacy Policy
Effective Date: April 7, 2026 · Last Updated: April 7, 2026
Supply Pilot AI is a product of Shannon Analytics LLC ("we," "us," or "our"). This Privacy Policy explains how we collect, use, and protect your information when you use Supply Pilot AI.
1. Information We Collect
We collect information in three categories:
Account Information
When you create an account, we collect your email address and a hashed version of your password (managed by Supabase Auth). During onboarding, we collect your business name and business type (e.g., retail, bakery, restaurant, e-commerce, wholesale).
Business Data
You may upload product catalogs (product name, SKU, category, unit cost, selling price, lead time, and other inventory parameters) and sales/demand history via CSV files. We also store forecast results, inventory policy calculations, and ABC analysis snapshots generated from your data.
Automatically Collected Information
We use essential session cookies (Supabase auth tokens) to keep you signed in. Our hosting provider (Vercel) may collect basic request metadata such as IP addresses and request logs. We do not use third-party analytics, advertising cookies, or tracking pixels.
2. How We Use Your Data
- Provide our service: Generate demand forecasts, ordering recommendations, ABC classification, and inventory optimization based on the data you upload.
- Process payments: If you subscribe to a paid plan, your email and payment method are shared with Stripe to process transactions. We never store your credit card number directly.
- Improve our algorithms: We may use anonymized, aggregated patterns across all users to improve our forecasting models. No individual business data is ever shared with other users.
- AI chat features: If you use AI chat (Business tier), relevant business context from your account may be sent to an external AI provider (e.g., OpenAI) to generate responses. These providers do not retain your data for their own model training.
- Communications: We send transactional emails related to your account (e.g., password resets, billing confirmations, alerts). You may also receive product updates, which you can opt out of at any time.
3. Third-Party Services
We share data with the following service providers to operate Supply Pilot AI:
| Service | Purpose | Data Shared |
|---|---|---|
| Supabase | Authentication & database | Account info, all business data |
| Stripe | Payment processing | Email, payment method |
| Vercel | Hosting | Request logs, IP addresses |
| External AI Provider | AI chat (Business tier) | Business context per query |
4. Cookies
We only use essential cookies — specifically, Supabase authentication session tokens that keep you signed in. We do not use advertising cookies, third-party tracking cookies, or analytics cookies.
5. Data Retention & Deletion
- Active accounts: Your data is retained for as long as your account is active.
- Account deletion: When you delete your account, personal information (email, business name) is removed immediately. Business data (uploaded CSVs, forecasts, inventory policies) is retained for 30 days in case you wish to reactivate, then permanently deleted.
- Aggregated data: Anonymized and aggregated data (which cannot identify you or your business) may be retained indefinitely to improve our forecasting algorithms.
6. Your Rights (California Residents)
If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with the following rights:
- Right to know: You can request details about the personal information we collect and how we use it.
- Right to delete: You can request that we delete your personal information.
- Right to opt out: You can opt out of the sale of personal information. We do not sell your personal data.
- Right to non-discrimination: We will not treat you differently for exercising your privacy rights.
To exercise any of these rights, contact us at supplypilotai@gmail.com.
7. Security
We take reasonable measures to protect your data. All data is encrypted in transit via HTTPS/TLS. Our database uses row-level security so that users can only access their own data. Passwords are hashed by Supabase Auth and are never stored in plaintext. We also configure security headers including X-Frame-Options, X-Content-Type-Options, and X-XSS-Protection.
8. Children's Privacy
Supply Pilot AI is not directed at children under the age of 13. We do not knowingly collect personal information from children. If we learn that we have collected data from a child under 13, we will delete it promptly.
9. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email. Your continued use of Supply Pilot AI after receiving notice constitutes acceptance of the updated policy.
10. Contact Us
If you have questions about this Privacy Policy or your data, contact Shannon Analytics LLC at supplypilotai@gmail.com.