Legal

Privacy policy.

Effective April 25, 2026

Summary

Aisle is a scanner for commerce websites. We collect the minimum information we need to run scans, maintain your account, and prevent abuse. We do not sell personal data. Scan reports are publicly accessible at their permanent URLs.

What we collect

Account information you provide:

  • Email address (required for sign-up).
  • Password (stored only as a one-way hash via our auth provider) or OAuth identifier if you sign in with a third-party provider.
  • Optional display name or profile information.

Waitlist signups:

  • Email address you submit to join the waitlist, along with the date and source of the submission, and the URL you tried to scan (when you submitted a scan before being prompted to join). You can join the waitlist without creating an account.

Service usage:

  • URLs you submit for scanning and the scan reports they produce.
  • Scan quotas, timestamps, and rate-limit counters.
  • IP address and user-agent on API requests, used for rate limiting and abuse prevention.
  • Standard web server logs retained for a short period for debugging and security.

We do not use third-party advertising or tracking cookies. The only cookies we set are strictly necessary for authentication.

How we use it

  • To operate the scanner, return reports, and maintain your account and plan.
  • To enforce rate limits and prevent abuse.
  • To improve Aisle (for example, aggregate patterns across scans).
  • To send service-related emails (sign-in links, invite magic links, verification, account notices).
  • To send waitlist updates and occasional dispatches to people on the waitlist. Dispatches mix educational content (agent-readiness patterns, essays) with product news (rubric updates, feature announcements). Joining the waitlist is the opt-in. You can unsubscribe at any time via the link in every email or by emailing hello@aislecommerce.com.

Who we share it with

We use a small set of service providers ("subprocessors") who process data on our behalf to run the platform. Each is bound by a data-processing agreement:

  • Supabase: authentication, database, file storage.
  • Vercel: hosting and edge network.
  • Upstash: rate-limit counters.
  • Firecrawl: rendered-page fetching on behalf of Aisle.
  • OpenRouter: inference proxy for Clerk, Aisle's AI assistant. Routes requests across upstream model providers (Anthropic, AWS, Google Cloud) based on availability.
  • Stripe (when paid plans are active): payment processing and subscription management.

We do not sell or rent personal data to third parties. We may disclose data when required by law (subpoena, court order, or comparable legal process).

Public scan reports

When you run a scan, the resulting report is stored at a permanent, shareable URL (/scan/<id>). Anyone with the link can view the report. Reports do not include your account email or other account-level personal information; they describe the scanned site's publicly-available signals. If you are the operator of a scanned site and want a report removed, contact hello@aislecommerce.com.

Retention

  • Account data is retained while your account is active.
  • Scan reports are retained indefinitely so shared links remain valid, unless you request deletion.
  • Waitlist signup emails are retained until you ask us to delete them or unsubscribe.
  • Request logs are retained for up to 30 days for debugging and security.

Your rights

Depending on where you live (for example, the EU under GDPR or California under CCPA), you may have the right to access, correct, export, or delete your personal data, and to object to or restrict certain processing. To exercise these rights, email hello@aislecommerce.com from the address on file and we will respond within the timelines required by applicable law.

Security

We use TLS for data in transit, encryption at rest through our infrastructure providers, and standard access controls. No system is perfectly secure; notify us at hello@aislecommerce.com if you believe your account has been compromised.

Children

Aisle is not intended for children under 16 and we do not knowingly collect data from them. If you believe a child has submitted personal data to us, contact hello@aislecommerce.com and we will delete it.

International transfers

Our service providers operate primarily in the United States. By using Aisle you consent to the transfer and processing of your data in the US and other jurisdictions where our subprocessors operate.

Changes

We may update this policy. Material changes will be posted here with a revised effective date, and, when required, communicated by email.

Contact

Privacy questions or requests: hello@aislecommerce.com.

Privacy policy · Aisle · Aisle