Privacy Policy
Last updated: May 13, 2026
1. Information We Collect
ShopCommand collects several categories of information in connection with your use of the Service:
Account Information
When you register for an account, we collect information you provide directly, including your name, email address, phone number, and business name. This information is used to create and manage your account and to communicate with you about the Service.
Shop Data
As you use ShopCommand to manage your business, we store data you enter or that is generated through your use of the platform. This includes repair orders, technician records and clock-in history, customer names and phone numbers, vehicle information, parts and inventory records, and revenue data. This data is collected and stored on your behalf — ShopCommand acts as a data processor for this category of information, and you remain the data controller.
Usage Data
We automatically collect certain information about how you interact with the Service, including pages and features you visit, timestamps of activity, browser type and version, device type, IP address, and referral source. This data is used to understand how the platform is used, to detect and prevent abuse, and to improve the product.
Payment Information
Subscription payments are processed by Stripe, Inc. ShopCommand does not store your full credit card number, CVV, or other sensitive payment card data on its servers. We may retain the last four digits of your card, expiration date, billing name, and billing address for account management and customer service purposes.
2. How We Use Your Information
ShopCommand uses the information we collect for the following purposes:
- Delivering the Service: Processing repair orders, displaying shop performance data, enabling technician management, and all other core platform functionality.
- Transactional SMS: Sending SMS messages to your customers on your behalf via Twilio, Inc., based on triggers you configure (e.g., repair order status updates, appointment reminders).
- Customer support: Responding to your questions, investigating issues, and resolving disputes.
- Product improvements: Analyzing usage patterns to identify areas for improvement, develop new features, and fix bugs.
- Product updates and communications: Sending you information about new features, important platform changes, and company announcements. You may opt out of non-transactional marketing emails at any time by clicking "Unsubscribe" in any such email.
- Security and fraud prevention: Detecting, investigating, and preventing fraudulent transactions, unauthorized access, and other abuse.
- Legal compliance: Meeting our obligations under applicable law, including responding to valid legal process.
3. How We Share Your Information
ShopCommand does not sell your personal information or your Customer Data to third parties. We share information only in the following limited circumstances:
Twilio Inc.
SMS delivery sub-processor. Receives customer phone numbers and message content as needed to deliver SMS messages you initiate through the platform.
Vercel Inc.
Cloud hosting and infrastructure provider. Hosts the ShopCommand application and associated data storage infrastructure.
Stripe Inc.
Payment processing. Handles subscription billing and receives payment card information on ShopCommand's behalf.
We may also share information with law enforcement or other government authorities when required by a valid legal order, subpoena, or applicable law. In the event of a merger, acquisition, or sale of assets, your information may be transferred to the successor entity, subject to the same privacy protections.
4. Data Retention
We retain your account and Customer Data for as long as your subscription is active. After you cancel your subscription, your data remains available within the platform for 30 days to allow you to export it. Following that 30-day window, your Customer Data is permanently deleted within 90 days of your subscription end date.
We may retain certain account-level and usage information for a longer period as required for legal compliance, audit purposes, or to resolve disputes.
5. Security
ShopCommand takes the security of your data seriously. We implement the following measures to protect your information:
- All data is encrypted in transit using TLS (Transport Layer Security).
- Data at rest is encrypted using AES-256 encryption.
- Access to production systems is restricted to authorized personnel only, using role-based access controls and multi-factor authentication.
- We conduct regular security reviews and vulnerability assessments.
- In the event of a data breach affecting your information, we will notify you within 72 hours of becoming aware of the breach, as required by applicable law.
While we implement robust security measures, no system is completely immune to security threats. You are responsible for maintaining the security of your account credentials and for notifying us promptly of any suspected unauthorized access.
6. Your Rights
Depending on where you are located, you may have certain rights regarding your personal information:
California Residents (CCPA)
If you are a California resident, you have the right to know what personal information we collect, use, and disclose about you; the right to request deletion of your personal information; and the right to opt out of the sale of your personal information. ShopCommand does not sell personal information. To exercise your rights, contact us at privacy@shopcommand.io.
EU/EEA Residents (GDPR)
If you are located in the European Union or European Economic Area, you have the right to access personal information we hold about you; the right to rectification of inaccurate data; the right to erasure ("right to be forgotten"); the right to data portability; and the right to object to processing. To exercise any of these rights, contact us at privacy@shopcommand.io. We will respond to your request within 30 days.
You may also have the right to lodge a complaint with your local data protection authority if you believe we have not handled your information in accordance with applicable law.
7. Cookies
ShopCommand uses cookies and similar tracking technologies to operate the Service and improve your experience. We use two categories of cookies:
- Essential cookies: Required for core functionality such as keeping you logged in, maintaining your session, and securing your account. These cannot be disabled without disrupting your use of the Service.
- Analytics cookies: Used to understand how users interact with the platform so we can improve it. These are optional and can be declined via the cookie consent banner displayed on your first visit.
Your cookie preferences are stored locally in your browser. You can change your preference at any time by clearing your browser's local storage or by contacting us.
8. Children's Privacy
The Service is designed for use by businesses and is not directed at children under the age of 13. ShopCommand does not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected information from a child under 13, we will take prompt steps to delete that information. If you believe we may have collected such information, please contact us at privacy@shopcommand.io.
9. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other reasons. For material changes — such as changes to how we use or share personal information — we will notify you by email to the address associated with your account at least 14 days before the changes take effect.
The current version of this Privacy Policy is always available at shopcommand.io/privacy. Your continued use of the Service after any changes take effect constitutes your acceptance of the updated policy.
10. Contact
For questions about this Privacy Policy or to exercise your data rights, contact our privacy team at:
privacy@shopcommand.io
ShopCommand, Inc.
Houston, Texas