Privacy Policy
ShopDoc ("we", "our") respects your privacy. This policy explains what data we collect, why, and how we protect it.
1. Data We Collect
| Data | When | Why |
|---|---|---|
| Email address | When you sign in | Account identification, sending sign-in links, payment receipts |
| Chat messages | When you use the diagnostic chat | Providing the diagnosis, session history |
| Uploaded photos | When you attach an image | Part identification; images are sent to the AI model and not stored permanently |
| Vehicle info | When you enter year/make/model | More accurate diagnosis |
| Payment info | At checkout | Processed by Stripe; we never see or store your card number |
| IP address | On each request | Rate limiting and abuse prevention only; not stored long-term |
2. How We Use Your Data
- To provide and improve the diagnostic service
- To maintain your account and session history
- To process payments and manage subscriptions
- To send transactional emails (sign-in links, receipts)
- To prevent abuse and enforce rate limits
We do not sell your data. We do not send marketing emails. We do not serve ads.
3. Third-Party Services
We use the following services to operate ShopDoc. Each has its own privacy policy:
Anthropic (Claude AI)
Your chat messages and uploaded photos are sent to Anthropic's Claude API to generate diagnostic responses. Anthropic's API usage policy states that API inputs are not used to train their models.
Stripe
Payment processing is handled entirely by Stripe. We receive confirmation of payment status but never see your full card number. See Stripe's privacy policy at stripe.com/privacy.
Resend
Sign-in emails are sent through Resend. They receive your email address for the purpose of delivering the sign-in link.
Upstash (Redis)
Session data, account info, and chat history are stored in Upstash Redis. Data is encrypted in transit and at rest.
Vercel
The application is hosted on Vercel. Vercel may collect basic analytics data (page views, performance metrics). See Vercel's privacy policy at vercel.com/legal/privacy-policy.
4. Data Retention
- Active chat sessions expire after 48 hours
- Session history (archived conversations) is retained for 90 days, then automatically deleted
- Account data is retained as long as your account exists
- Uploaded images are sent directly to the AI model and are not stored on our servers
5. Your Rights
You may request to:
- Access the data we hold about you
- Delete your account and all associated data
- Export your session history
To exercise any of these rights, email projectbox3964@gmail.com.
6. Cookies
ShopDoc uses a single session cookie (sd_session) to keep you signed in. We do not use tracking cookies, advertising cookies, or third-party cookies. The session cookie is HttpOnly, Secure, and expires after 30 days.
7. Security
All data is transmitted over HTTPS. Session tokens are generated using cryptographically secure random bytes. Passwords are not used — authentication is via one-time email links. Payment data is handled entirely by Stripe's PCI-compliant infrastructure.
8. Children
ShopDoc is not intended for use by individuals under 13 years of age. We do not knowingly collect data from children.
9. Changes
We may update this policy as our service evolves. Material changes will be communicated via the email on your account. Continued use after changes constitutes acceptance.
10. Contact
Questions or requests? Email projectbox3964@gmail.com.