Privacy Policy

Last Updated: March 2, 2026

Learn how Shiro collects, uses, and protects your personal information.

Introduction

Shiro ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you use our Shopify theme licensing platform and AI-powered image processing services.

By accessing or using Shiro, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with these terms, please discontinue use of our services immediately.

Information We Collect

Personal Information You Provide

When you create an account, purchase a license, or use our services, we collect:

Account Information: Email address, password (encrypted), full name
Store Information: Shopify store domain, store URL
Billing Information: Processed securely through Stripe (we do not store complete payment card details)
License Information: License keys, domain associations, activation dates
Support Communications: Messages, feedback, and correspondence

Automatically Collected Information

When you use our platform, we automatically collect:

Usage Data: Pages visited, features used, time spent, click patterns
Device Information: Browser type, operating system, device identifiers
IP Address: For security, fraud prevention, and analytics
Cookies: Session management, authentication, and analytics

Image Data

When you use our AI image processing tools:

Uploaded Images: Product photos for processing
Processed Images: AI-generated results stored in your library
Metadata: Filenames, file sizes, timestamps, tool types

How We Use Your Information

Service Delivery

Create and manage your account
Process license purchases and validate installations
Provide AI image processing services
Store and manage your image library
Track credit usage and billing cycles

Payment Processing

Process payments through Stripe
Manage subscriptions via Autumn
Generate invoices and transaction records
Handle refunds and disputes

Communication

Send transactional emails (confirmations, license keys)
Provide customer support
Send service updates and security notifications
Notify about credit renewals and low balances

Security & Fraud Prevention

Detect and prevent fraudulent transactions
Validate license authenticity
Maintain security audit logs
Enforce Terms of Service

Third-Party Service Providers

To provide our services, we work with trusted third-party service providers who process data on our behalf. These providers are contractually obligated to protect your information and use it only for specified purposes.

Cloud Infrastructure & Hosting Providers

We use cloud infrastructure providers for application hosting, content delivery, database services, authentication, and secure file storage. These providers operate data centers in multiple regions to ensure reliability and performance.

Data Shared: Account information, usage data, uploaded images, authentication tokens

Payment Processors

We use PCI-DSS compliant payment processors to handle all payment transactions and subscription management. We never store complete payment card details on our servers — all card data is tokenized and processed by our payment provider.

Data Shared: Billing information, transaction amounts, customer identifiers

Billing & Usage Tracking Services

We use specialized billing infrastructure to manage usage-based billing, credit tracking, and subscription lifecycle management. This enables us to accurately track your image processing credits and billing cycles.

Data Shared: User identifiers, feature usage data, credit consumption metrics

AI Image Processing Services

We use third-party AI services to power our image editing tools, including background removal, scene generation, and garment processing. Images are processed via secure APIs and are not permanently stored by these providers beyond the processing duration.

Data Shared: Product images you upload for processing

Security & Encryption Services

We use specialized security services for encrypted storage of sensitive data such as license keys and authentication credentials. All sensitive information is encrypted at rest using industry-standard encryption.

Data Shared: Encrypted license keys, authentication tokens, sensitive credentials

Email & Communication Services

We use email service providers to send transactional emails (purchase confirmations, license keys, password resets) and service notifications. These providers do not use your email address for their own marketing purposes.

Data Shared: Email addresses, message content, delivery status

For a complete list of our sub-processors and their locations, please contact us at privacy@useshiro.com.

Data Security

We implement industry-standard security measures:

Encryption: TLS/SSL for data in transit

Secure Storage: Sensitive data encrypted at rest using Supabase Vault

Access Controls: Strict limits on who can view or modify data

Regular Audits: Security assessments and vulnerability testing

However, no method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

Data Retention

We retain your information as follows:

Account Data: While active + 90 days after deletion
License Records: Indefinitely (fraud prevention)
Transaction Records: 7 years (financial regulations)
Image Library: Until you delete or close account
Usage Logs: 90 days

Your Privacy Rights

Depending on your location, you may have the following rights:

Access & Portability: Request a copy of your data in machine-readable format

Correction: Update inaccurate or incomplete information

Deletion: Request deletion of your personal information

Restriction: Limit how we use your information

Opt-Out: Unsubscribe from marketing communications

To exercise these rights, contact us at support@useshiro.com. We will respond within 30 days.

Cookies & Tracking

We use cookies for:

Essential: Authentication, security, core functionality
Analytics: Understanding user interactions
Preferences: Remembering your settings

You can control cookies through browser settings. Disabling essential cookies may prevent certain features from working.

International Data Transfers

Shiro operates globally and may transfer your information to servers in different countries, including the United States. By using our services, you consent to these transfers. We ensure appropriate safeguards are in place to protect your information.

Children's Privacy

Our services are not intended for individuals under 18. We do not knowingly collect information from children. If you believe we have inadvertently collected such information, contact us immediately.

California Privacy Rights (CCPA)

California residents have additional rights:

Right to Know: Request disclosure of collected information
Right to Delete: Request deletion of personal information
Right to Opt-Out: We do not sell personal information
Right to Non-Discrimination: Exercise rights without penalty

Contact support@useshiro.com to exercise these rights.

Changes to This Policy

We may update this policy periodically. We will notify you of material changes by:

Posting the updated policy with a new "Last Updated" date
Sending email notification
Displaying a prominent notice on our platform

Your continued use after changes constitutes acceptance of the updated policy.

Contact Information

General Inquiries

support@useshiro.com

Monday - Saturday, 9:00 AM - 5:00 PM EST

GDPR-Specific Inquiries

privacy@useshiro.com

Mailing Address

Available upon request

We will respond to all inquiries within 30 days.

This Privacy Policy is effective as of March 2, 2026 and applies to all users of the Shiro platform and services.