Privacy Policy

Last updated: March 16, 2026

Phantom Dropship Agent ("we", "us", "our") is an autonomous AI operator for Shopify dropshipping stores. This Privacy Policy explains what data we collect, why we collect it, how we use it, and your rights regarding that data. By connecting your Shopify store to Phantom Dropship Agent, you agree to the practices described below.

1. Data We Collect

Shopify Store Data

When you connect your Shopify store via OAuth, we collect and store:

• Your Shopify store domain (e.g. your-store.myshopify.com)
• An OAuth access token used to read and manage your store on your behalf
• Store metadata (shop name, plan, timezone, currency)

Order Data

To power fulfillment automation and profit analysis, we access:

• Order details including line items, total price, fulfillment status, and customer notification status
• Order timestamps for velocity and trend calculations
• We do not store or log raw customer PII (names, addresses, payment info)

Product Data

• Product titles, IDs, variants, inventory quantities, and active status
• Used for dead SKU detection, trend matching, and supplier health monitoring

Billing Data

• Stripe customer ID and subscription status — stored in our database
• We never store raw card numbers or full billing addresses
• All payment processing is handled by Stripe (see stripe.com/privacy)

Agent Decision Logs

• Every autonomous action the agent takes is logged: type, message, timestamp, and shop
• These logs are the core value of the product — your competitive moat

2. How We Use Your Data

Order Fulfillment

We use your Shopify access token to automatically fulfill open orders on your behalf. Customers receive fulfillment notifications directly from Shopify. We act as your agent — we do not send emails on our own behalf to your customers.

Trend Analysis

Order velocity data and product titles are used to detect trending products (3+ orders in 24 hours) and cross-reference against TikTok trending hashtag data via third-party APIs. This analysis is used only to surface actionable insights in your dashboard.

Profit & Margin Calculations

Order revenue data is used to calculate estimated profit margins using our standard formula: revenue minus Shopify fees (2.9% + $0.30), shipping estimate ($4), and estimated product cost (30%). These calculations are displayed only to you.

AI Decision Engine

Anonymized store context (niche, best sellers, average margin) is sent to Claude (Anthropic) to generate human-readable agent action messages. We do not send customer PII to any AI provider.

Product Improvement

Aggregated, anonymized metrics (e.g. average fulfillment rates across stores) may be used to improve the product. We will never sell individual store data to third parties.

3. Data Retention

We retain your data as long as your account is active. Specifically:

• Agent logs: retained indefinitely — this is your decision history and competitive moat
• Access tokens: retained until you disconnect your store or request deletion
• Order/product data: not stored permanently — fetched live from Shopify each cycle and used in-memory only
• Billing records: retained as required for financial compliance (typically 7 years)

If you cancel your subscription, your store data and agent logs remain accessible for 30 days. After 30 days of account inactivity, data may be purged. You can request immediate deletion at any time by contacting us.

4. Data Sharing & Third Parties

We use the following third-party services to operate Phantom Dropship Agent:

• Shopify — store management and order fulfillment API (shopify.com/legal/privacy)
• Supabase — database for storing tokens, logs, and store memory (supabase.com/privacy)
• Stripe — subscription billing (stripe.com/privacy)
• Anthropic (Claude) — AI-generated action messages, anonymized store context only (anthropic.com/privacy)
• RapidAPI / TikTok Scraper — TikTok trending hashtag data, no store data shared
• Vercel — hosting and serverless infrastructure (vercel.com/legal/privacy-policy)

We do not sell, rent, or broker your data to any third party for advertising or marketing purposes.

5. Security

Your Shopify access token is stored encrypted at rest in Supabase and is never exposed in client-side code, URLs, or browser storage. All communication between our servers and Shopify uses HTTPS. Stripe webhooks are verified using HMAC signature validation. Shopify webhooks are verified using SHA-256 HMAC. We follow OWASP security best practices throughout our codebase.

6. Your Rights

You have the right to:

• Request a copy of all data we hold about your store
• Request deletion of your store data and agent logs at any time
• Disconnect your Shopify store, which immediately revokes our access token
• Opt out of AI-generated action messages (agent will use template messages instead)

7. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. Continued use of Phantom Dropship Agent after changes constitutes acceptance of the updated policy. For significant changes, we will notify connected store owners by email.

8. Contact

Questions, data requests, or concerns about this Privacy Policy? Contact us at:

We respond to all privacy inquiries within 48 hours.