Your data
stays yours.
Podley touches your customer emails, order data, and store info. Here's exactly what that means — and what you can do about it.
We will never sell your data.
We will never use your data to train AI models — and Anthropic, our AI provider, doesn’t either.
Every third-party service that touches your data is named below.
Your customer data exists for one purpose: helping you respond to support emails.
What we touch — and what we don't
What We Access
Gmail — customer service emails
Incoming emails are scanned and classified by AI. Only CS emails are processed. Non-CS emails are filtered and permanently deleted within 30 days.
Shopify — orders, customers, draft orders, discounts
We read orders, customers, and products to build context for each support case. We can issue refunds, cancel orders, swap variants, create draft invoices, and apply compensation discounts — but only when you (or a playbook you’ve approved) trigger that action. Products, themes, and storefront code are never touched.
Print-on-demand providers (Printify, Printful, Gooten, Gelato)
We read order and fulfillment data for context. When a playbook calls for it, we can also create replacement orders. Other actions (claim filing, etc.) are prepared as text for you to submit manually.
AI provider — classification & drafting
Email text is sent to Anthropic (Claude) for classification and response generation. Anthropic does not use your data to train AI models. Standard API requests are retained for up to 30 days for abuse monitoring.
What We Never Access
Your personal email content
Non-CS emails are filtered and permanently deleted within 30 days. We never read or store personal email beyond the classification step.
Your costs, margins, or financials
We pull order details, never pricing data or revenue figures.
Your bank or payment info
All billing goes through Stripe. We never see card numbers or bank details.
Your Shopify products, themes, or storefront code
We never modify products, themes, store settings, or your storefront. Our write access is scoped strictly to support actions: refunds, order cancellations, variant swaps, customer tags, draft invoices, and compensation discounts.
Your data for AI training
Neither we nor our AI provider (Anthropic) use your data to train models.
How AI processes your data
Every email goes through a clear pipeline. Here's exactly what happens at each step.
Email arrives
A new email arrives in your Gmail inbox. Podley scans it to determine if it's a customer service message.
Emails are classified by AI. Non-CS emails are filtered out and deleted within 30 days. Podley only applies labels and archives resolved threads — it never deletes emails from your inbox.
AI classifies the email
The email text is sent to Anthropic (Claude) to determine the type: order inquiry, refund request, shipping issue, etc.
Anthropic does not use your data to train AI models. Standard API requests are retained by Anthropic for up to 30 days for abuse monitoring; nothing is shared with other customers.
Context is pulled
Podley fetches the relevant order from Shopify and fulfillment status from your POD provider (read-only).
Data is fetched on-demand per case. We don't bulk-sync your entire store.
Draft response is generated
AI generates a reply using your voice settings, the email context, and order data. The draft is stored in your Podley dashboard.
In Training Mode, you review every draft. In Autopilot, approved categories send automatically.
You stay in control
Review, edit, or approve the draft. See exactly what AI generated and what data it used. Override anytime.
Every AI decision, draft, and outbound action is recorded in your activity log.
Enterprise-grade security
AES-256 encryption at rest
All stored data — OAuth tokens, case data, settings — is encrypted using AES-256.
TLS 1.3 in transit
Every API call and webhook between Podley, your integrations, and AI providers uses TLS 1.3.
Row-level security
Database enforces that each user can only access their own data. No cross-tenant access.
HMAC webhook verification
Every incoming webhook from Shopify, Printify, and Stripe is cryptographically verified.
Rate limiting & abuse protection
API endpoints are rate-limited. Suspicious activity is flagged and blocked automatically.
Audit logging
Every significant action — logins, AI responses, integration syncs — is logged with timestamps.
You're in control
Your data belongs to you. These rights apply to every Podley user, regardless of location.
Full Transparency
See every AI decision, every draft, and every outbound action Podley takes on your behalf. The activity log records what you can act on — not low-level system pings.
Export Your Data
Self-serve export covers your case history, templates, and settings. For a complete export including older records, attachments, and synced order data, email support and we’ll deliver within 30 days.
Delete Everything
Request complete data deletion at any time. We remove all your data within 30 days, including backups.
We comply with GDPR (EU), CCPA/CPRA (California), and applicable data protection laws. For full details, see our Privacy Policy.
Your customers trust you.
You can trust us.
Start your 14-day free trial and see exactly how Podley handles your data.
Questions about privacy? Email us at privacy@podley.app