AnlyzoAnlyzo

Privacy Policy

Last updated: March 27, 2026

1. Introduction

Anlyzo (“we,” “us,” or “our”) is a unified analytics dashboard that helps digital product sellers track revenue, products, and trends across platforms like Etsy, Gumroad, and Shopify. This Privacy Policy explains how we collect, use, store, and protect your information when you use our service at anlyzo.com (the “Service”).

By using Anlyzo, you agree to the collection and use of information in accordance with this policy. If you do not agree with any part of this policy, please do not use our Service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Email address — used for authentication (magic link sign-in), account recovery, and optional email digests
  • Name — if provided via Google OAuth sign-in, used for personalization
  • Profile image — if provided via Google OAuth, displayed in your dashboard

2.2 Platform Data (Etsy, Gumroad, etc.)

When you connect a selling platform, we access the following data via their official APIs with your explicit OAuth consent:

  • Product information — titles, descriptions, prices, images, listing status
  • Transaction data — sale amounts, fees, timestamps, refund status
  • Buyer country (anonymous) — geographic region of buyers for aggregate analytics only. We do not store buyer names, email addresses, or any other personally identifiable information about your customers.
  • Shop metadata — shop name, platform user ID

Important:We intentionally do not collect or store your buyers' email addresses, names, shipping addresses, or any other customer PII. This protects your customers' privacy and ensures compliance with platform terms of service.

2.3 OAuth Tokens

When you connect a platform, we receive OAuth access tokens and refresh tokens. These are encrypted using AES-256-GCM encryption before storage and are never logged, exposed in API responses, or shared with any third party.

2.4 Payment Information

If you subscribe to a paid plan, payment processing is handled entirely by Stripe. We never see, store, or have access to your credit card numbers, bank account details, or other payment credentials. We only store a Stripe customer ID to manage your subscription.

2.5 Usage Data

We may collect anonymous usage data such as pages visited, features used, and error logs to improve the Service. This data does not personally identify you.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Display your unified dashboard with revenue, products, and trends
  • Generate AI-powered weekly business insights (using anonymized, aggregated data only)
  • Send daily revenue digests and alert notifications
  • Process billing and manage your subscription
  • Respond to support requests
  • Detect and prevent fraud, abuse, or violations of our terms

4. Data Sharing and Third Parties

We do not sell, rent, or trade your personal information. We share data only with the following third-party services, strictly for the purposes described:

ServicePurposeData Shared
NeonDatabase hostingAll stored data (encrypted at rest)
UpstashRedis cache and job queueJob metadata, cached responses
StripePayment processingEmail, subscription plan
ResendEmail deliveryEmail address, email content
AnthropicAI insight generationAggregated, anonymized revenue data (no PII)
VercelApplication hostingRequest logs, IP addresses

5. Data Security

We take the security of your data seriously and implement the following measures:

  • Encryption at rest — all OAuth tokens are encrypted using AES-256-GCM with unique initialization vectors per record
  • Encryption in transit — all data transmitted over HTTPS/TLS
  • Secure authentication — OAuth 2.0 with PKCE for platform connections, session-based auth for user accounts
  • API rate limiting — prevents abuse and respects platform API limits
  • Security headers — X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy
  • No PII logging — tokens, passwords, and customer data are never written to logs

6. Data Retention

We retain your data based on your subscription plan:

  • Free plan — transaction and snapshot data retained for 30 days. Older data is automatically deleted.
  • Pro plan — data retained for 12 months
  • Business plan — unlimited data retention

Product metadata (titles, prices) is retained as long as your account exists, regardless of plan. When you disconnect a platform, we delete all associated tokens immediately. When you delete your account, all your data is permanently removed within 30 days.

7. Your Rights

You have the right to:

  • Access — request a copy of all data we store about you
  • Correction — update inaccurate information in your account settings
  • Deletion — delete your account and all associated data at any time
  • Disconnect — revoke access to any connected platform at any time, which immediately deletes stored tokens
  • Opt out — disable email digests and weekly insights in your settings
  • Data portability — export your data in CSV format (Pro and Business plans)

8. Cookies and Tracking

We use the following cookies strictly for functionality:

  • Session cookie — keeps you signed in (HTTP-only, secure, expires on browser close or after 30 days)
  • OAuth state cookies — temporary cookies used during platform connection flows (deleted after 10 minutes)

We do not use advertising cookies, tracking pixels, or third-party analytics services that track individual users across websites.

9. AI-Generated Insights

Our weekly AI insights feature sends aggregated, anonymized revenue and product data to Anthropic's Claude API to generate business insights. Specifically:

  • Only aggregate numbers are sent (total revenue, order counts, product names, platform breakdown)
  • No customer PII, email addresses, or individual transaction details are sent to the AI
  • Anthropic does not use your data to train their models (per their commercial API terms)
  • You can disable AI insights at any time in your settings

10. Platform-Specific Compliance

Etsy

We access Etsy data through their official API v3 using OAuth 2.0 with PKCE. We request only the scopes necessary for analytics (transactions_r, listings_r, shops_r). We do not store buyer emails or personal data from Etsy transactions. We respect Etsy's API rate limits (10 requests/second) with built-in throttling and exponential backoff.

Gumroad

We access Gumroad data through their official API using OAuth 2.0. We request view_sales and view_products scopes only. We do not store buyer emails from Gumroad sales. We throttle API requests to stay within rate limits.

11. Children's Privacy

Anlyzo is not directed at children under 13. We do not knowingly collect information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or by posting a notice on the Service. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

Email: privacy@anlyzo.com