Privacy Policy

Effective date: March 2026

[LEGAL REVIEW RECOMMENDED] This privacy policy describes ShopSmith's current data practices. Professional legal review is recommended before relying on this document for compliance purposes.

Overview

ShopSmith is a local-first desktop application for preparing Etsy digital product listings. This privacy policy describes what data ShopSmith processes and how it is handled.

Data We Collect and Store

Local Data (Stored on Your Computer Only)

Source files: Images, digital product files, and other assets you upload into ShopSmith. These are stored in a local blob store on your filesystem.
Product database: Listing titles, descriptions, tags, prices, SKUs, approval status, and other product metadata. Stored in a local SQLite database on your machine.
Generated content: AI-generated mockup images, listing text, and other deliverables. Stored locally alongside your source files.
Publish session progress: Your progress through the Guided Publish workflow. Stored locally in the database.
Publication evidence: Listing URLs and CSV reconciliation data you provide to track published products. Stored locally.
API tokens: OAuth tokens for Etsy and Pinterest are stored locally on your machine in environment variables. They are never transmitted to any server other than the respective platform's API.
Analytics snapshots: Listing view counts, favorites, and pin performance metrics retrieved from Etsy and Pinterest APIs. Stored locally in the SQLite database to track trends over time.

ShopSmith does not operate a cloud server. There is no remote database. All data listed above remains on your computer and is never transmitted to us.

Data Sent to Third Parties

Google Gemini API: When ShopSmith generates listing content (titles, descriptions, tags, mockup images), your source images and extracted text are sent to Google's Gemini API for AI processing. This uses your own API key, configured in your local environment. ShopSmith does not have access to your API key beyond your local configuration. Google's data handling is governed by Google's Gemini API Terms of Service.
Etsy API: When you use ShopSmith's publishing and analytics features, it communicates with the Etsy Open API v3 using OAuth 2.0 (PKCE flow) to manage your listings, read shop analytics, and create draft listings on your behalf. Only your own shop data is accessed. API calls are made directly from your machine to Etsy's servers. Etsy's data handling is governed by Etsy's API Terms of Use.
Pinterest API: When you use ShopSmith's pin management features, it communicates with the Pinterest API v5 using OAuth 2.0 to read your board and pin analytics (impressions, saves, clicks) and to publish pins that you have individually prepared and approved. Only your own business account data is accessed. API calls are made directly from your machine to Pinterest's servers. Pinterest's data handling is governed by Pinterest's Developer Terms.

Data We Do NOT Collect

No user accounts or registration
No analytics or telemetry
No cookies
No usage tracking or behavioral data
No server-side storage of your data
No advertising or marketing data
No personal information (name, email, address) unless you include it in your product content
No access to other users' Etsy or Pinterest data — only your own accounts

Data Sharing

ShopSmith does not share your data with any third party except Google Gemini, the Etsy API, and the Pinterest API as described above. Each service is accessed using your own credentials, directly from your machine. We do not sell, rent, or trade any data.

Data Retention

All data is stored locally on your computer. You control retention by managing files in ShopSmith's data directory. Deleting the application and its data directory removes all stored data. OAuth tokens can be revoked at any time through your Etsy or Pinterest account settings.

Security

ShopSmith runs as a local application on your machine. Data security depends on your local system security. ShopSmith uses signed URLs with HMAC-SHA256 for internal file access, and all communication between the app's frontend and backend occurs over localhost. API communication with Etsy and Pinterest uses HTTPS and OAuth 2.0 with PKCE for secure authentication.

Children's Privacy

ShopSmith is a professional tool for Etsy sellers and is not directed at children under 13. We do not knowingly collect data from children.

Your Rights

Because all data is stored locally on your computer, you have full control over your data at all times. You can view, modify, export, or delete any data by accessing ShopSmith's local data directory. You can revoke API access at any time through your Etsy or Pinterest account settings.

Changes to This Policy

We may update this privacy policy to reflect changes in ShopSmith's functionality. Material changes will be communicated through the application and on this page. The effective date at the top of this page indicates when the policy was last updated.

Contact

For privacy-related questions, see our Contact page.