Privacy Policy

Introduction

Welcome to Shoreline Studio ("we," "our," or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website at shorelinestudio.ca and our AI-powered content generation services (collectively, the "Service").

This Privacy Policy complies with the Personal Information Protection and Electronic Documents Act (PIPEDA) and other applicable Canadian privacy laws.

By using our Service, you agree to the collection and use of information in accordance with this Privacy Policy.

1. Information We Collect

We collect several types of information from and about users of our Service.

1.1 Personal Information You Provide

When you register for an account or use our Service, we collect:

• Account Information: Email address, password (encrypted), name
• Business Information: Business name, street address, city, province/state, country, postal code, business category, business niche
• Payment Information: If you purchase credits, payment details are processed by our third-party payment processor (Stripe). We do not store full credit card numbers on our servers
• User Content: Social media posts you generate, images you create, photos you upload for brand discovery
• Communication Data: Messages you send to our support team

1.2 Information Automatically Collected

When you access our Service, we automatically collect:

• Device Information: IP address, browser type, operating system, device identifiers
• Usage Data: Pages visited, features used, time spent on pages, clicks, post generation frequency
• Cookies and Similar Technologies: We use cookies to maintain your session and improve user experience (see Section 9)

1.3 Information From Third Parties

We receive information from:

• Authentication Provider (Clerk): User ID, email address, authentication status
• AI Service Providers: When you use our content generation features, we send your business information to Anthropic (Claude), Google (Gemini), Groq, and OpenRouter to generate content. These providers process your data according to their own privacy policies but do not retain your data after processing.

2. How We Use Your Information

We use the information we collect to:

2.1 Provide and Improve the Service

• Create and manage your account
• Generate AI-powered social media content based on your business profile
• Perform brand discovery analysis (visual and text-based)
• Process credit purchases and manage your account balance
• Store your generated posts and images in your content library
• Provide customer support and respond to your inquiries

2.2 Communicate With You

• Send service-related emails (account verification, password resets, credit purchase confirmations)
• Notify you of important changes to our Service or policies
• Send promotional emails about new features or special offers (you can opt out at any time)

2.3 Analytics and Improvements

• Analyze usage patterns to improve our Service
• Monitor and prevent fraud, abuse, or technical issues
• Conduct research and development for new features
• Ensure compliance with our Terms of Service

2.4 Legal Compliance

• Comply with legal obligations under Canadian and international law
• Protect our rights, property, and safety, and that of our users
• Respond to legal requests from law enforcement or government authorities

3. How We Share Your Information

We do not sell, rent, or trade your personal information. We share your information only in the following limited circumstances:

3.1 Service Providers

We share information with third-party service providers who perform services on our behalf:

Important: These service providers are contractually obligated to use your information only to provide services to us and are prohibited from using it for their own purposes.

3.2 Business Transfers

If Shoreline Studio is involved in a merger, acquisition, or sale of assets, your personal information may be transferred. We will notify you via email and/or a prominent notice on our website of any change in ownership or use of your personal information.

3.3 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court order, subpoena, or government investigation).

3.4 Protection of Rights

We may disclose information to:

• Enforce our Terms of Service
• Protect the security or integrity of our Service
• Protect the rights, property, or safety of Shoreline Studio, our users, or the public

4. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Specific Retention Periods:

• Account Information: Retained while your account is active and for 30 days after account deletion (to prevent accidental data loss)
• Generated Content: Retained indefinitely unless you manually delete posts from your library
• Usage Logs: Retained for 90 days
• Payment Records: Retained for 7 years (as required by Canadian tax law)
• Support Communications: Retained for 2 years after case closure

After Deletion:

When you request account deletion, we will:

1. Immediately deactivate your account
2. Delete your personal information within 30 days
3. Retain only anonymous usage statistics that cannot identify you
4. Permanently delete all generated content, images, and business profiles

5. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction.

Security Measures Include:

• Encryption: All data in transit is encrypted using TLS/SSL. Passwords are encrypted using industry-standard hashing algorithms (bcrypt).
• Access Controls: Only authorized personnel have access to personal information, and only to the extent necessary for their job functions.
• Secure Storage: Data is stored on Supabase's secure cloud infrastructure with regular backups.
• Row-Level Security: Database access is controlled via Supabase Row Level Security (RLS) policies ensuring users can only access their own data.
• Regular Security Audits: We conduct periodic security reviews and vulnerability assessments.

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee its absolute security.

6. Your Privacy Rights (Canadian Users)

Under PIPEDA and other Canadian privacy laws, you have the following rights:

6.1 Right to Access

You have the right to request access to the personal information we hold about you. We will provide you with a copy of your data in a commonly used electronic format.

6.2 Right to Correction

You have the right to request correction of any inaccurate or incomplete personal information. You can update most information directly in your profile settings.

6.3 Right to Deletion

You have the right to request deletion of your personal information, subject to certain legal exceptions (e.g., records we must retain for tax purposes).

6.4 Right to Data Portability

You have the right to receive your personal information in a structured, commonly used, machine-readable format and to transmit that data to another service provider.

6.5 Right to Withdraw Consent

Where we rely on your consent to process your personal information, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing before withdrawal.

6.6 Right to Object

You have the right to object to our processing of your personal information for direct marketing purposes.

6.7 Right to Lodge a Complaint

If you believe we have not complied with Canadian privacy laws, you have the right to lodge a complaint with the Office of the Privacy Commissioner of Canada:

• Website: https://www.priv.gc.ca
• Phone: 1-800-282-1376

To Exercise Your Rights:

Email us at contact@shorelinestudio.ca with your request. We will respond within 30 days.

7. International Data Transfers

Your information may be transferred to, and maintained on, servers located outside of Canada, including in the United States, where our service providers (Clerk, Supabase, Anthropic, Google, Vercel) operate.

Important Considerations:

• Data protection laws in the United States may differ from those in Canada
• When we transfer your personal information, we ensure appropriate safeguards are in place (e.g., contractual obligations requiring compliance with privacy standards)
• By using our Service, you consent to the transfer of your information to the United States

If you are located in the European Economic Area (EEA), we rely on Standard Contractual Clauses approved by the European Commission for data transfers.

8. Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at contact@shorelinestudio.ca. We will delete such information from our systems within 30 days.

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our Service.

9.1 What Are Cookies?

Cookies are small text files stored on your device by your web browser. They help websites remember information about your visit.

9.2 Types of Cookies We Use

9.3 Managing Cookies

You can control cookies through your browser settings:

• Chrome: Settings > Privacy and Security > Cookies
• Firefox: Settings > Privacy & Security > Cookies
• Safari: Preferences > Privacy > Cookies

Note: Disabling essential cookies may affect your ability to use certain features of our Service.

9.4 Third-Party Cookies

We currently do not use third-party cookies for advertising. If we introduce analytics tools (e.g., Google Analytics) in the future, we will update this policy and provide you with opt-out options.

10. Third-Party Links

Our Service may contain links to third-party websites or services (e.g., social media platforms where you post your generated content).

We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party sites you visit.

11. AI and Automated Decision-Making

Our Service uses AI (Anthropic Claude, Google Gemini) to generate social media content. Here's what you should know:

11.1 How AI is Used

• Content Generation: AI analyzes your business profile and generates text posts based on templates and cognitive patterns
• Image Generation: AI creates images based on your brand colors and aesthetic preferences
• Brand Discovery: AI analyzes your uploaded photos to extract visual identity and researches your business online

11.2 Human Oversight

• You have full control over what content is saved and published
• You can regenerate content if the AI output is unsatisfactory
• Our support team can review and address AI-generated content concerns

11.3 No Automated Decisions Affecting Rights

We do not use AI to make automated decisions that significantly affect your legal rights or contractual obligations.

12. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Request disclosure of personal information collected, used, or shared
• Right to Delete: Request deletion of personal information
• Right to Opt-Out: Opt-out of the sale of personal information (Note: We do not sell personal information)
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights

To exercise these rights, email contact@shorelinestudio.ca.

13. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):

13.1 Legal Basis for Processing

We process your personal information based on:

• Contractual Necessity: To provide the Service you requested
• Legitimate Interests: To improve our Service and prevent fraud
• Consent: For optional features like marketing emails

13.2 Additional GDPR Rights

• Right to restriction of processing
• Right to data portability
• Right to object to processing
• Right to withdraw consent at any time

13.3 Data Protection Officer

For GDPR-related inquiries, contact our Data Protection Officer at contact@shorelinestudio.ca.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, regulatory, or operational reasons.

We will notify you of material changes by:

• Posting the updated policy on this page
• Updating the "Last Updated" date
• Sending an email notification (for significant changes)

Your continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy.

We encourage you to review this Privacy Policy periodically.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Response Time: We will respond to privacy inquiries within 30 days.

16. Consent

By using Shoreline Studio, you consent to:

• The collection, use, and disclosure of your personal information as described in this Privacy Policy
• The transfer of your information to service providers located outside Canada, including in the United States
• The use of cookies and tracking technologies as described in this Privacy Policy

You may withdraw your consent at any time by:

• Deleting your account (contact contact@shorelinestudio.ca)
• Opting out of marketing emails (click "unsubscribe" in any promotional email)
• Disabling cookies in your browser settings