COA Vault Privacy Policy

Last updated: June 16, 2026

What COA Vault does

COA Vault helps Shopify merchants ingest, parse, review, publish, and display product Certificates of Analysis (COAs) and batch verification results.

What we store

• Your store domain and the app session/access token issued by Shopify.
• Merchant-uploaded or forwarded lab COA PDFs stored in Cloudflare R2.
• Parsed COA fields, analyte results, product identifiers, batch or lot numbers, review status, quota usage, top-up charge records, and ingest settings stored in Neon Postgres.

COA Vault sends COA document content to Anthropic for AI-assisted parsing. COA Vault uses its own Anthropic API key for this app and does not reuse keys from other applications.

What we do not store

COA Vault does not store shopper personal information. We do not store customer names, email addresses, phone numbers, shipping addresses, billing addresses, payment information, customer profiles, or customer order history. Storefront batch verification lookups are anonymous and are not persisted with shopper PII.

Data deletion (GDPR / CCPA)

We honor Shopify mandatory privacy webhooks. When you uninstall the app or Shopify sends a shop-redact request, we delete shop-scoped COA records, extraction fields, ingest settings, usage periods, top-up charge records, Shopify session records, and associated raw PDF blobs. Customer data request and customer redaction webhooks return an honest no-op response because COA Vault does not store shopper PII.

Sub-processors

• Anthropic for COA parsing.
• Cloudflare R2 for raw COA PDF storage.
• Neon for Postgres database hosting.
• Vercel for application hosting.

Contact

Questions or deletion requests: jewbear66@gmail.com.