Skip to content
ShopOS

Privacy Policy

Last updated: February 5, 2026

This Privacy Policy explains how HOM.AI PTE. LTD. ("Company", "we", "us", "our") collects, uses, shares, and protects personal data when individuals ("you", "users") use our services.

Our services include:

  • AI SaaS Platform - a multi-modal content generation and orchestration system supporting images, videos, text, code, brand onboarding, PIM, integrations, and automated workflows.
  • Marketplace Content Generation Tool ("Marketplace Content Generation Service") - a credit-based, paid tool for generating Amazon-specific creative assets, product imagery, A+ content, and text.

This Policy is informed by major global privacy regulations, including the EU General Data Protection Regulation (GDPR), UK GDPR, the California Consumer Privacy Act (CCPA/CPRA), the Singapore PDPA, and other applicable data-protection laws. We are actively working to align our practices with the requirements that apply to our operations and will update our compliance measures as they evolve.

1. Data Controller

Depending on how you use the Services, we may act as a data controller or a data processor.

Controller: HOM.AI PTE. LTD.

Registered Address: 20 COLLYER QUAY, #18-03, SINGAPORE 049319

Privacy Email: hi@shopos.ai

2. Scope of This Privacy Policy

This Policy applies to:

  • Our websites, SDKs, and browser extensions
  • The AI SaaS Platform and Marketplace Content Generation Service
  • Workspaces, Spaces, and APIs
  • Connected third-party integrations
  • Processing of publicly available data for research features

If you operate a Space or connect your own users, you may act as the controller for those interactions.

3. Categories of Personal Data We Collect

A. Account and Identity Data

  • Name, email
  • Password (hashed)
  • Company information
  • Workspace roles
  • Billing-related information (for example billing email, company name, invoice details)

B. Brand and Business Data

  • Brand identity, logos
  • Moodboards, colors, typography
  • Brand guidelines and preferences
  • Target audience and markets

C. Product and PIM Data

  • SKU metadata
  • Titles, descriptions, attributes
  • Images, videos, pricing

D. User-Provided Inputs

  • Prompts
  • URLs
  • Uploaded images, videos, audio, and files

E. Generated Data (Outputs)

  • Generated images, videos, text, code
  • Generation parameters

F. Derived Data (Non-Identifying)

  • Pose/segmentation data
  • Depth or motion vectors
  • Tone or voice features

These are not used to identify individuals.

G. Usage, Logs and Technical Data

  • IP address, device, browser
  • Workflow logs, API logs
  • Cookies and analytics
  • Credit usage logs and generation metrics

H. Integration Data

With authorization:

  • Shopify catalog
  • Amazon listing data
  • Public or social data

I. Payment and Transaction Data

Handled by third-party processors like Stripe.

We may also retain transaction metadata such as subscription plan, credit balance, and billing status for service operation and compliance.

J. Performance and Behavioral Data

When you enable testing or optimization features, we may process:

  • A/B test performance data
  • Marketplace listing analytics (visibility, ranking, sessions, impressions where available)
  • User interaction signals related to generated creatives
  • Optimization outcomes and scoring metrics
  • Credit consumption patterns and spend analytics related to pricing plans

This data is used to evaluate creative effectiveness and guide automated regeneration workflows.

4. How We Collect Personal Data

A. Directly from Users

Account creation, brand onboarding, content uploads, and day-to-day usage.

B. Automatically

Cookies, analytics, performance logs, device information and credit usage telemetry.

C. Through Third-Party Integrations

Shopify, Amazon, Google/Apple login, etc.

D. From Public Sources

For market research or competitive analysis.

E. From Ecommerce and Marketplace Platforms

When you integrate Shopify, Amazon, or other ecommerce systems, we may access:

  • Catalog and listing data
  • Performance metrics such as impressions, sessions, and conversion rates
  • Optional advertising performance metrics provided by the platform
  • Subscription and usage data relevant to your pricing plan

We do not access end-customer personal data unless explicitly permitted by the integration and approved by you.

5. How We Use Personal Data

A. Service Delivery

Operating the Platform and Marketplace Services; content generation; workspace roles; brand memory; billing and credit management.

If you enable autonomous workflows, we process performance metrics, analytics, and user-provided business rules to:

  • Run A/B or multivariate creative tests
  • Measure the effectiveness of images, videos, and text
  • Generate improved creatives using AI models
  • Automatically publish or update content on connected platforms (for example Amazon, Shopify)
  • Monitor credit usage, enforce plan limits, and prevent misuse

These closed-loop systems may apply automated decision-making to regenerate or replace creative assets. Human oversight is incorporated where required.

B. Security and Compliance

Detecting misuse or fraud; monitoring performance; enforcing terms; protecting systems; preventing payment abuse.

C. AI Processing

  • Using Inputs to generate Outputs
  • Improving features using de-identified data
  • Creating workspace-specific preference models
  • Behavioral Learning Signals

In addition to prompts and uploads, we may use de-identified performance signals (for example test results, engagement metrics, credit usage trends) to improve workspace-specific models and optimization logic. These signals are not used to identify individuals.

D. Analytics and Product Development

Usage insights, feature enhancement, user-experience improvements, and pricing optimization.

E. Integrations and Publishing

Syncing Shopify/Amazon data and publishing your marketplace content where instructed.

F. Communications

Service-related messages; optional marketing (opt-out available); billing notifications.

G. Payments and Accounting

Subscription management, invoices, compliance with financial regulations.

6. AI-Specific Processing and Model Training

No Training on Customer Data

HOM.AI does not use customer Inputs, Outputs, workspace data, or marketplace performance data to train, fine-tune, or improve its foundational or generative AI models.

Personal Data Is Processed Only To

  • Generate Outputs requested by you
  • Operate, maintain, and secure the Services
  • Enforce our Terms of Use and Acceptable Use Policy
  • Prevent abuse, fraud, or misuse
  • Produce aggregated, de-identified analytics

Human Review

Limited manual review by authorized personnel may occur solely for quality assurance, abuse prevention, and technical troubleshooting.

Automated Decision-Making Disclosure

Certain features involve automated creative optimization or regeneration. These processes affect creative content only and do not produce legal or similarly significant effects on individuals. Users retain responsibility for reviewing Outputs before publication.

7. How We Share Personal Data

We may share personal data with:

A. Service Providers

Cloud hosting, analytics, customer support, email delivery, and infrastructure providers under contractual confidentiality obligations.

B. Payment Providers

Third-party processors such as Stripe.

C. Connected Integrations

Platforms such as Shopify, Amazon, and authentication providers, only with your authorization.

D. Third-Party AI Providers

Where required for specific features, data may be transmitted securely under contractual restrictions prohibiting training on or retaining your data.

E. Legal and Regulatory Authorities

Where required to comply with law or protect legal rights.

F. Business Transfers

In mergers, acquisitions, or financing events, subject to safeguards.

G. Public Sharing by You

If you share Outputs via public or Share Chat links, the content may be accessible to anyone with the link. Such sharing is intentional and controlled by you. Do not include confidential or sensitive personal data in publicly shared content.

We do not sell personal data.

8. Cookies, Tracking and Advertising

Used for authentication, user preferences, analytics, and optional advertising (with consent where required).

You may manage cookies via browser settings or our cookie banner.

We may use analytics tools such as Google Analytics, session-replay tools, and advertising pixels (where permitted) to understand usage patterns and evaluate creative effectiveness. This may include analysis of pricing page behavior and credit usage patterns. Specific tools used may vary over time and will be disclosed in our Cookie Notice.

9. Data Retention

We retain personal data for as long as necessary to provide the Services, fulfill the purposes described in this Privacy Policy, comply with legal or regulatory obligations, resolve disputes, enforce agreements, and support business operations.

Because our data-retention schedules are still being finalized, specific retention periods may vary depending on the type of data and how the Services are used. Once our formal data-retention policy is established, we will update this section to reflect the applicable retention periods.

10. International Data Transfers

We may process or store personal data in Singapore or in other countries where we or our service providers operate, and these locations may have data-protection laws that differ from those in your jurisdiction. Where required, we will implement appropriate safeguards for international data transfers, such as contractual protections or other measures permitted under applicable law. As our infrastructure and vendor relationships evolve, we will update this section to reflect the transfer mechanisms we use.

11. Your Rights

Your rights depend on applicable data-protection laws and may include the right to:

  • Access personal data
  • Correct inaccurate data
  • Request deletion
  • Restrict or object to processing
  • Receive information about data usage

Rights Related to AI Processing

Where required by law, you may request:

  • Information about automated processing used in creative generation
  • Human review of automated decisions

User Responsibility for Uploaded Data

You are responsible for ensuring that you have all necessary legal rights, permissions, and consents to upload any personal data, images, or likenesses of individuals, including consent for AI processing and commercial use.

12. Children's Privacy

The Services are not intended for individuals under 18.

We do not knowingly collect data from children.

13. Security Measures

We use:

  • Encryption in transit and at rest
  • Role-based access control
  • Audit logs and monitoring
  • Routine security assessments

14. Regional Notices

Our privacy practices are informed by the requirements of major global data-protection laws. As our compliance program continues to mature, we may update this section and publish region-specific notices where required by law. This section will be expanded as we formalize additional compliance measures.

Marketplace Compliance

For users integrating Amazon, Shopify, or similar services, we comply with applicable platform data policies and only access scopes required for creative generation, testing, and publishing. We do not access or store end-customer PII unless explicitly granted via the integration.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify users by posting the updated Policy and providing a notice within the Services or by another appropriate method. The updated Policy will be effective as of the date listed at the top.

16. Contact Us

For privacy inquiries or rights requests: hi@shopos.ai