Privacy Policy

1. Introduction

Laminir ("we," "our," or "us") provides weekly commercial intelligence software for retail executive teams. Our platform ingests trading data, inventory position, and GTM context to deliver structured decision-ready briefs to retail leadership. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use our platform at laminir.com (the "Service").

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, do not use the Service.

2. Information We Collect

2.1 Information You Provide

We collect information you provide directly when you:

• Create an account (name, email address, company name, business size, retail category)
• Subscribe to a paid plan (billing information processed by Stripe)
• Upload business data (sales forecasts, GTM activation calendars)
• Configure your retailer profile (strategic anchors, margin targets, supplier lead times)
• Contact us for support

2.2 Business Data

The Service is designed to analyse your retail operational data. This includes:

• Sales performance and margin data pulled from your connected Shopify store via API
• Product and inventory data pulled from your connected Shopify store via API
• Weekly sales forecasts and targets uploaded via template
• GTM activation calendar data uploaded via template
• Strategic goals and commercial priorities you define during setup

This data is provided by you or accessed via your authorised Shopify connection, and is processed solely to generate intelligence outputs for your business.

2.3 Third-Party Integration Data

When you connect a third-party platform such as Shopify, we access data from that platform on your behalf using OAuth authorisation. We only access the data scopes required to provide the Service. You can revoke this access at any time through your connected platform's settings.

2.4 Automatically Collected Information

When you access the Service, we automatically collect:

• Device information (browser type, operating system, IP address)
• Usage data (pages viewed, features used, time spent)
• Cookies and similar tracking technologies
• Log data (access times, error logs)

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the Service
• Process your business data and generate commercial intelligence briefs and agent outputs
• Process payments and prevent fraud
• Send you service updates, security alerts, and support messages
• Respond to your comments, questions, and customer service requests
• Monitor and analyse usage patterns and trends to improve the platform
• Comply with legal obligations

We do NOT sell your personal information or business data to third parties.

4. AI Processing and Data Usage

Laminir uses artificial intelligence to analyse your business data and generate commercial intelligence outputs. Your data is processed by:

• Our automation pipeline running on secure infrastructure
• Third-party AI services (OpenAI API, Anthropic Claude API) under data protection agreements that prohibit use of your data for model training

Important: Your business data is used solely to provide intelligence services to you. We do not use your data to train AI models that would benefit other customers. Each customer's data remains isolated and confidential.

5. How We Share Your Information

We may share your information only in the following circumstances:

5.1 Service Providers

We share information with third-party service providers who perform services on our behalf:

• Clerk: Authentication and user management
• Stripe: Payment processing (we do not store credit card information)
• OpenAI: AI-powered brief and agent output generation, under strict data protection terms
• Anthropic: AI-powered web search and document processing modules, under strict data protection terms
• Vercel: Hosting infrastructure
• Airtable: Data storage with encryption
• Shopify: Third-party platform from which we access your authorised data via API

5.2 Legal Requirements

We may disclose information if required by law or in response to valid requests by public authorities.

5.3 Business Transfers

If Laminir is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

6. Data Security

We implement appropriate technical and organisational measures to protect your information:

• Data encryption in transit (TLS/SSL) and at rest (AES-256)
• Secure authentication with industry-standard protocols via Clerk
• Role-based access control
• Regular security monitoring
• Access controls and restricted data handling

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

7. Data Retention

We retain your information for as long as your account is active or as needed to provide services. Specifically:

• Account data: Retained while your account is active
• Business data and briefs: Retained for the duration of your subscription plus 30 days
• Backup data: Deleted within 90 days of account closure
• Legal and compliance data: Retained as required by law (typically 7 years for financial records)

Upon account deletion, we will delete or anonymise your personal information within 30 days, except where retention is required by law.

8. Your Rights and Choices

Depending on your location, you may have the following rights:

8.1 Access and Portability

You can access and export your data — including all historical briefs — through the platform or by contacting us.

8.2 Correction

You can update your account information at any time through your account settings.

8.3 Deletion

You can request deletion of your account and data by contacting privacy@laminir.com.

8.4 Revoke Integration Access

You can revoke Laminir's access to any connected third-party platform (including Shopify) at any time through that platform's settings. Revoking access will affect our ability to automatically pull trading data.

8.5 Opt-Out

You can opt out of marketing communications by following unsubscribe links in emails or adjusting your account settings.

8.6 Do Not Sell

We do not sell personal information. If you are a California resident, you have the right to opt out of the sale of personal information — but this right does not apply as we do not engage in such sales.

9. Cookies and Tracking

We use cookies and similar technologies to:

• Keep you signed in
• Remember your preferences
• Understand how you use the Service
• Improve performance and security

You can control cookies through your browser settings. Note that disabling cookies may affect your ability to use certain features of the Service.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place through:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions for data transfers
• Service provider certifications and compliance

11. Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through a prominent notice on the Service. Your continued use of the Service after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

14. Additional Rights by Jurisdiction

14.1 Australian Users

Under the Australian Privacy Principles (APPs), you have the right to access and correct your personal information, and to complain about privacy breaches to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

14.2 European Economic Area (EEA) Users

Under GDPR, you have additional rights including the right to lodge a complaint with a supervisory authority in your member state.

14.3 California Residents

Under CCPA, you have the right to request disclosure of information we collect and how we use it, and the right to request deletion of your personal information.