Privacy Policy
Last updated: June 24, 2026
1. Introduction
Vensa (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information across the Vensa suite of applications.
The Vensa suite includes multiple Shopify apps — such as Vensa: AI Virtual Try-On, Vensa: AI Product Photos, Vensa: AI Complete the Look, and Vensa: Color Swatch & Variants — as well as our plugins and extensions for other platforms (collectively, “the Services”). This single policy applies to all Vensa apps. Not every app collects every category of data described below; the data an app actually processes depends on the features it offers. Where a practice applies only to specific apps, we say so.
By installing and using any Vensa app, you agree to the collection and use of information in accordance with this policy.
2. Information We Collect
2.1 Merchant Information
When you install a Vensa app or create an account, we may collect:
- Store domain and name
- Store owner name and email address
- Catalog data needed for the app to function (e.g., product titles, images, IDs, variants, options, and inventory status)
- Platform-specific access credentials (Shopify access tokens, or license keys for our other-platform plugins)
- Billing and subscription information for paid plans, processed by our payment providers (some Vensa apps are free and involve no billing)
2.2 Customer Information
Depending on the app and the features the merchant enables, when shoppers interact with a Vensa app on your storefront we may collect:
- Uploaded images: Shopper-uploaded photos, used solely to generate a result for image-based features (applies only to apps that offer such features, e.g., AI Virtual Try-On)
- Analytics data: Storefront interactions such as widget opens, feature usage, and add-to-cart events (only for apps that record analytics)
- Session identifiers: Anonymous session IDs and similar signals used for rate limiting and abuse prevention
- Customer ID: Platform customer ID (if the shopper is logged in) for per-customer usage limits
2.3 Automatically Collected Information
- Browser type and version
- Device type (desktop/mobile)
- IP address (for rate limiting and abuse prevention only)
- Timestamps of interactions
3. How We Use Your Information
We use the collected information for the following purposes:
- Provide the Services: Operate the features of each app you install
- Analytics: Provide merchants with usage and conversion insights (where applicable)
- Billing: Track usage quotas and manage subscriptions and licenses for paid plans
- Abuse Prevention: Rate limiting and preventing fraudulent usage
- Improvement: Improve our service quality and user experience
- Support: Respond to merchant support requests
- Transactional Emails: Send receipts, license keys, update notifications, and security alerts
4. Image & Photo Data Handling
This section applies only to Vensa apps with image-based features (such as AI Virtual Try-On and AI Product Photos). Apps that do not process shopper photos — for example, Vensa: Color Swatch & Variants — do not collect any of the data in this section. Where shopper photos are processed, we take special care, as they may constitute biometric data under certain jurisdictions:
- Temporary storage only: Uploaded photos are stored encrypted at rest (AES-256) and are automatically deleted within 24 hours
- Processing: Photos are sent to our AI processing provider solely to generate the requested result image
- No training: Customer photos are never used to train, fine-tune, or improve AI models
- No sharing: Photos are never sold, shared, or disclosed to third parties beyond our processing infrastructure
- No biometric extraction: We do not extract, store, or create biometric templates or identifiers from photos. No facial recognition is performed.
- Deletion: Customers can request immediate deletion of their data by contacting the merchant or us directly
5. Third-Party Services
We use the following third-party services to operate the Vensa suite. Not every service is used by every app; for example, AI processing providers are used only by our AI apps.
- Google Cloud / Vertex AI: AI image processing for our AI apps (subject to Google Cloud Privacy Notice)
- Cloudflare R2: Temporary image storage (subject to Cloudflare Privacy Policy)
- Shopify: E-commerce platform for Shopify merchants (subject to Shopify Privacy Policy)
- PayPal: Payment processing for paid licenses (subject to PayPal Privacy Policy)
- Resend: Transactional email delivery (receipts, license keys, notifications)
- Neon: Database hosting for account data, analytics, and license records
6. Data Retention
Retention periods vary by app and data type. Apps that do not collect a given data type have nothing to retain for it.
| Data Type | Retention Period | Deletion Method |
|---|---|---|
| Uploaded photos | 24 hours | Automatic deletion from R2 |
| Generated result images | 24 hours | Automatic deletion from R2 |
| Job / usage records | Duration of subscription | Deleted on uninstall/cancellation + 90 days |
| Analytics events | Duration of subscription | Deleted on uninstall/cancellation + 90 days |
| Merchant account data | Subscription + 90 days | Manual or automatic purge |
| License keys (paid plans) | License duration + 90 days | Automatic purge |
7. Data Security
We implement appropriate security measures to protect your data:
- All data transfer is encrypted using TLS/HTTPS
- Image storage uses encrypted-at-rest storage (AES-256 on Cloudflare R2)
- Shopify API endpoints are protected with HMAC signature verification
- Other-platform endpoints use license key verification
- Per-customer and per-IP rate limiting prevents abuse
- Image uploads use time-limited presigned URLs (expiring in minutes)
- Admin dashboard uses hashed passwords with account lockout
- No persistent long-term storage of sensitive photo data
8. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
- Access: Request a copy of the data we hold about you
- Rectification: Request correction of inaccurate data
- Deletion: Request deletion of your personal data (“right to be forgotten”)
- Portability: Request a machine-readable copy of your data
- Objection: Object to certain types of data processing
- Restriction: Request restriction of data processing
To exercise any of these rights, please contact us at vensa.app@gmail.com. We will respond within 30 days.
9. GDPR Compliance (EU/EEA Users)
For users in the European Economic Area (EEA), we process personal data under the following legal bases:
- Contract: Processing necessary to provide our service to you
- Legitimate Interest: Analytics, abuse prevention, and service improvement
- Consent: Shopper photo processing (implied consent when the shopper voluntarily uploads a photo to use an image-based feature)
For more details on our GDPR compliance, sub-processors, and data processing activities, see our Data Policy.
10. CCPA Compliance (California Users)
California residents have additional rights under the California Consumer Privacy Act (CCPA):
- Right to know what personal information is collected
- Right to delete personal information
- Right to opt-out of the sale of personal information
- Right to non-discrimination for exercising your CCPA rights
We do not sell personal information. We do not share personal information for cross-context behavioral advertising.
11. Children's Privacy
Our Services are not directed to children under the age of 13. We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child under 13, we will delete that information promptly. If you believe a child has provided us with personal data, please contact us at vensa.app@gmail.com.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify merchants of material changes via email or through the app dashboard at least 30 days before they take effect. Continued use of the Services after changes constitutes acceptance of the updated policy.
13. Contact Us
If you have questions about this Privacy Policy or our data practices, please contact us:
- Email: vensa.app@gmail.com
- Website: Contact Page