TrendSense
Sign Up

Privacy Policy

What we collect, why, and what you can ask us to do about it.

Last updated · 12 May 2026

Template for review by your data-protection counsel before launch. Operator must verify the subprocessor list, retention periods, and regional storage claims match actual deployment.

Who we are

TrendSense is a demand-forecasting + trend-intelligence service for Indian D2C fashion brands. This privacy policy describes how we collect, use, store, and share information when you use the service or the marketing site.

Information you give us

Account data — email, name, password hash, role, account type (personal / team). Held in our authentication provider (Supabase Auth).

Billing data — when you subscribe, our billing provider (Stripe or equivalent) collects card details and address. We never see the card number; we hold a customer reference + invoice metadata only.

Store-connection data — when you authorise a Shopify connection we store the access token, shop domain, and the resulting product / variant / order / order-line-item records. We do not store buyer-customer PII beyond shipping zip codes used for regional demand slicing.

Support correspondence — anything you send to support@trendsense.in or via in-app chat.

Information we generate

Forecasts, recommendations, narratives, sustainability scores. Some of these are generated using third-party AI services; the vendors and what we send each one are listed under "Subprocessors" below.

Telemetry — operational logs of edge-function invocations, error rates, and basic page-view counts (no IP storage beyond 24h, no third-party advertising trackers by default).

Information we ask third parties for

Trend signals — we query a search aggregator, Google Trends, fashion media sites, and the publicly-exposed product feeds of competitor Shopify stores. None of this is keyed to your identity.

Sustainability data — we cite Textile Exchange, EU PEFCR, and Indian academic LCAs in our fabric scores. We do not transmit user data to those sources.

How we use this information

Provide the service: connect your Shopify store, run forecasts, generate buyer briefs, render dashboards.

Maintain the service: error monitoring, debug logging, security audits.

Improve the product: aggregated, anonymised usage metrics — opt-out via Settings.

Comply with law: respond to lawful requests (Indian, EU, US as applicable) and meet our tax obligations.

Data sharing within the merchant community

The data-sharing programme is opt-in. If you enable any of the four categories (aggregated sell-through, category velocities, size curves, returns), your store data is aggregated with other opt-in merchants before any peer sees it. We do not share raw rows. Reciprocity tier (free / standard / premium) is recorded in merchant_data_sharing_settings and shown in your billing.

Subprocessors

Supabase — authentication, Postgres database, object storage, and edge functions. IN/EU regions.

Vercel — web hosting and serverless function execution. IN/EU regions.

Anthropic — receives prompts containing aggregated trend signals and product metadata for narrative, brief, and vision-tagging generation. No raw orders, no customer PII.

OpenAI — receives product titles and descriptions for embedding generation.

A third-party search aggregator — receives our generic search queries; no merchant data.

Modal — runs the forecasting and image-similarity workloads. Receives weekly aggregated sales features (no customer PII) and runway image URLs.

Stripe — billing, when active.

Where we store data

Primary database and storage live in the Mumbai region. Edge-function runtimes are global. AI subprocessor regions are listed in their respective trust pages; we send the minimum necessary payload in each case.

Retention

Account data: until you delete the account.

Connected-store data: until you disconnect the Shopify integration. Forecasts derived from it are kept for backtest comparability.

Logs: 30 days for application logs; aggregated metrics indefinitely.

Cancelled accounts: 30-day soft-delete grace, then hard delete except where retention is legally required (tax invoices: 7 years).

Your rights

Access, correct, export, or delete your data via Settings or by emailing privacy@trendsense.in. We respond within 30 days. If you are in the EU/UK we honour GDPR/UK-GDPR rights; if in India we honour DPDP Act 2023 rights.

Security

Row-level security on every database table. TLS 1.2+ on every endpoint. Service-role keys held in environment secrets, never in client code. Quarterly review of subprocessor changes. We will notify affected users of any qualifying data incident within 72 hours.

Children

TrendSense is not intended for users under 18. We do not knowingly collect data from minors.

Contact

privacy@trendsense.in (replace with your operational contact). Grievance Officer per DPDP Act 2023 will be listed here before launch.