Privacy Policy

1. Who We Are

ACOPES AI operates the website acopesai.com and the TagFlow Chrome browser extension. Our contact email is hello@acopesai.com. When this policy says "we," "us," or "our," it refers to ACOPES AI.

We are committed to protecting your personal data and being transparent about how we use it. This policy explains what data we collect, why we collect it, how long we keep it, and what rights you have.

2. Products This Policy Covers

This Privacy Policy applies to:

• ACOPES AI platform — an AI-powered Etsy listing optimization tool accessible at acopesai.com
• TagFlow Chrome extension — an Etsy tag research and competition analysis tool with a subscription model (Free, Premium, Power Seller plans)

3. Information We Collect

Account data: When you create an account or sign up for TagFlow, we collect your email address and a hashed (non-reversible) password. We do not store your password in plain text.

Usage data: We collect information about how you use our services, including analysis counts, plan tier, daily credit usage, timestamps of activity, and feature interactions. This data is used to enforce plan limits and improve the product.

Technical data: We may collect your IP address, browser type, operating system, and device identifiers for security, abuse prevention, and diagnostic purposes.

Communications: If you contact us by email, we retain that correspondence to respond and improve support.

Payment data: We do not collect or store your payment card details. All billing is handled by Paddle.com, our authorised payment processor. See Section 4 for details.

4. Payment & Billing (Paddle)

Subscription payments for TagFlow Premium and Power Seller plans are processed by Paddle.com, Inc. ("Paddle"), a third-party payment service provider. When you subscribe, you are redirected to a Paddle-hosted checkout page.

Paddle acts as a Merchant of Record for our transactions. This means Paddle is responsible for collecting payment, issuing receipts, handling VAT/tax obligations, and processing refunds on our behalf.

The data you provide during checkout (card details, billing address, name) is collected and processed by Paddle under Paddle's Privacy Policy. We receive only a customer identifier and subscription status confirmation from Paddle — not your card number or sensitive payment details.

5. How We Use Your Data

We use the data we collect to:

• Create and manage your account
• Provide, operate, and improve the ACOPES AI platform and TagFlow extension
• Enforce plan limits and track daily credit usage
• Process subscription status received from Paddle
• Send transactional emails (account confirmation, billing notifications)
• Detect and prevent fraud, abuse, and unauthorised access
• Respond to support requests and enquiries
• Comply with legal obligations

We do not sell your personal data to third parties. We do not use your data for advertising networks or behavioural profiling.

6. Legal Basis for Processing (GDPR)

If you are in the European Economic Area (EEA), UK, or Turkey, our legal bases for processing your personal data are:

• Contract performance: Processing necessary to provide the services you signed up for (account management, credit tracking, subscription management).
• Legitimate interests: Security monitoring, fraud prevention, product analytics, and improving our services — where these interests are not overridden by your rights.
• Legal obligation: Where we must retain or share data to comply with applicable law.
• Consent: For any optional data collection or marketing communications, where we have asked for and received your consent.

7. Data Sharing & Third Parties

We share your data only as necessary to operate our services:

• Paddle.com — payment processing and subscription management (Merchant of Record)
• Anthropic (Claude API) — AI analysis requests made through TagFlow are sent to Anthropic's API. Prompts may include Etsy tag data you submit. Anthropic's Privacy Policy governs their data handling.
• Railway / Vercel — infrastructure and hosting providers who process data under our instructions
• Legal authorities — where required by law or to protect rights and safety

We do not share your data with advertisers, data brokers, or unrelated third parties.

8. Cookies & Tracking

The ACOPES AI website may use essential cookies to maintain session state and ensure the site functions correctly. We do not currently use third-party advertising cookies or cross-site tracking.

The TagFlow Chrome extension uses chrome.storage.local to store your authentication token and session data locally on your device. This data does not leave your browser except when sent to our API for authentication.

If we introduce analytics or marketing cookies in the future, we will update this policy and provide an appropriate consent mechanism.

9. Data Retention

We retain your account data for as long as your account is active. If you request account deletion, we will delete or anonymise your personal data within 30 days, except where retention is required by applicable law (for example, billing records required for tax purposes, which Paddle retains under their own policies).

Usage logs and anonymised analytics may be retained for up to 12 months for product improvement purposes.

10. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you
• Rectification: Request correction of inaccurate or incomplete data
• Erasure ("right to be forgotten"): Request deletion of your data where we have no legitimate reason to continue processing it
• Restriction: Request that we restrict processing of your data in certain circumstances
• Portability: Request your data in a structured, machine-readable format
• Objection: Object to processing based on legitimate interests
• Withdraw consent: Where processing is based on consent, withdraw it at any time

To exercise any of these rights, email us at hello@acopesai.com. We will respond within 30 days. If you are in the EEA, you also have the right to lodge a complaint with your local data protection authority.

11. Security

We use industry-standard measures to protect your data, including HTTPS encryption in transit, hashed password storage (PBKDF2), and access controls on our systems. No system is perfectly secure; we encourage you to use a strong, unique password and to notify us immediately if you suspect unauthorised access to your account.

12. Children's Privacy

Our services are not directed at children under the age of 16. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected data from a child, please contact us and we will delete it promptly.

13. International Transfers

Our services are hosted on infrastructure that may be located in the United States or other countries. If you are accessing our services from the EEA or UK, your data may be transferred to and processed in countries that may not provide the same level of data protection as your home country. We rely on standard contractual clauses and Paddle's data processing agreements to safeguard such transfers.

14. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page. Continued use of our services after any update constitutes acceptance of the revised policy. We encourage you to review this page periodically.

15. Contact

For privacy-related questions, data access requests, or deletion requests, contact us at:

Email: hello@acopesai.com
Website: acopesai.com