Sigil
Home

Privacy Policy

Last updated: March 12, 2026

1. Introduction

Sigil ("we", "us", or "our") operates a commerce platform that helps merchants make their products discoverable to AI shopping agents and provides promotional intelligence. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our Service.

By using Sigil, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

2. Information We Collect

2.1 Account Information

When you sign up for Sigil, we collect your name, email address, store domain, and store identifier. This information is necessary to create and manage your account.

2.2 Store and Product Data

To provide the Service, we access and process data from your store, including product titles, descriptions, images, pricing, variants, inventory levels, and product handles. This data is used to structure your products for AI discoverability and generate promotional recommendations.

2.3 Sales and Transaction Data

We collect historical sales data, checkout session information (including line items, totals, discounts, and currency), promotional performance metrics, and revenue attribution data. This data is used to calculate fees, optimize promotions, and improve the Service.

2.4 Technical Data

We automatically collect session tokens, authentication credentials, timestamps, IP addresses, browser type, and device information when you interact with the Service.

3. How We Use Your Information

  • Provide the Service: Structure product data, generate promotions, enable AI agent discoverability, and process recipes
  • Calculate and collect fees: Track attributed sales and calculate the 2.5% revenue share
  • Improve and optimize: Analyze usage patterns and sales data to improve promotional algorithms and product recommendations
  • Communicate: Send account-related notifications, billing information, and service updates
  • Legal and compliance: Comply with applicable laws, prevent fraud, and enforce our Terms of Service

4. How We Share Your Information

We do not sell your personal data. We may share data with:

  • Payment processors: As required to process payments, including through Stripe’s APIs and billing systems
  • Service providers: Third-party vendors who assist with hosting, analytics, payment processing, and customer support, bound by confidentiality obligations
  • AI agents: Product data that you choose to make discoverable through the Service is made available to AI shopping agents via structured markup and commerce protocols — this is a core function of the Service
  • Legal requirements: When required by law, legal process, or to protect the rights and safety of Sigil, our users, or the public

5. Data Retention

We retain your account and store data for as long as your account is active or as needed to provide the Service. Sales and transaction data used for fee calculation is retained for a minimum of 24 months for auditing and dispute resolution purposes.

When you uninstall Sigil or request account deletion, we will delete or anonymize your personal data within 30 days, except where retention is required by law or for legitimate business purposes (such as resolving outstanding invoices).

6. Data Security

We implement industry-standard security measures to protect your data, including encryption in transit (TLS) and at rest, access controls, and regular security reviews. However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your personal data, subject to legal retention requirements
  • Portability: Request your data in a structured, machine-readable format
  • Objection: Object to processing of your data for certain purposes
  • Withdrawal of consent: Where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, contact us at info@trysigil.io. We will respond within 30 days.

8. GDPR (European Users)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data on the following legal bases:

  • Contract performance: Processing necessary to provide the Service and fulfill our obligations under the Terms of Service
  • Legitimate interests: Improving the Service, fraud prevention, and analytics, where these interests are not overridden by your rights
  • Consent: Where required by law, such as for marketing communications

Data may be transferred outside the EEA. Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

9. CCPA (California Users)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • The right to know what personal information we collect and how it is used
  • The right to request deletion of your personal information
  • The right to opt out of the sale of personal information — we do not sell personal information
  • The right to non-discrimination for exercising your privacy rights

10. Cookies and Tracking

We use essential cookies and session tokens required for the Service to function. We do not use third-party advertising cookies. Analytics cookies, if used, are limited to understanding Service usage and performance.

11. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service at least 30 days before they take effect. The "Last updated" date at the top reflects the most recent revision.

13. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, contact us at info@trysigil.io or call +1 (323) 973-3437.