Privacy Policy
Last updated: June 26, 2026
Bundle Brain ("Bundle Brain", "we", "us", "our") is a Shopify application operated by Bundle Brain. This policy explains what data Bundle Brain accesses, how we use and protect it, and the choices available to you. It covers both merchants who install Bundle Brain and the customers and visitors of those merchants' stores.
Contact: support@usebundlebrain.com
1. Our role
When you install Bundle Brain, you (the merchant) are the data controller for your store and customer data. Bundle Brain acts as a data processor, handling that data solely on your behalf and on your instructions to provide the service described below.
2. What data we access
Store and product data
- Your store domain and basic shop details.
- Your product catalog: product IDs, titles, product types, tags, prices, images, variant IDs, and handles.
Order data — line items only
- For each order: the order ID, the order timestamp, and its line items (product ID, product title, and quantity).
- We analyze up to 12 months of order history.
We do NOT access protected customer information. Bundle Brain requests no customer PII fields — we never read customer names, email addresses, phone numbers, shipping or billing addresses, IP addresses, or payment details. We only ever read which products appeared together on an order, and in what quantity.
Account and billing data
- Your plan, free-trial status, and subscription status, managed through Shopify's Billing API.
3. How we use your data
We use the data for a single purpose: to compute which products are frequently purchased together ("bought-together" patterns) and to generate machine-learning product bundle and upsell recommendations that appear on your store's product pages. We do not use your data for any other purpose.
4. Machine learning processing and subprocessors
To generate recommendations and the short marketing copy that accompanies them, we send product-level information only — product titles and aggregated "bought-together" counts — to Anthropic, PBC (the Claude API). This information contains no customer personal data. Anthropic processes it to return recommended product selections and copy.
We host our infrastructure on Amazon Web Services (AWS) in the US. We do not sell, rent, or trade your data, we do not use it for advertising, and we do not share it with any third parties other than the subprocessors named above (Anthropic for machine-learning processing; AWS for hosting).
5. Storage, security, and retention
- Data is stored in AWS DynamoDB, encrypted at rest. All data in transit is protected with TLS. Application secrets are stored in AWS Secrets Manager.
- Access is restricted to the application's automated service roles; there is no routine human access to your data.
- Order history is automatically deleted 12 months after each order's date via an automatic time-to-live (TTL) expiry.
- When you uninstall Bundle Brain, or upon a verified deletion request, we delete your store's data.
6. Your rights and choices
- You can uninstall Bundle Brain at any time from your Shopify admin. Uninstalling stops all further data access.
- You may request access to, or deletion of, your store's data by emailing us at the address above.
- We support Shopify's mandatory data-subject request webhooks (customer data request, customer redaction, and shop redaction) so that data-removal requests are honored.
7. Children
Bundle Brain is a business tool for merchants and is not directed at children.
8. Changes to this policy
We may update this policy from time to time. The "Last updated" date above reflects the current version, and we will notify merchants of material changes.
9. Contact
Bundle Brain
Email: support@usebundlebrain.com