IndieCo Marketing

SAGE Privacy Policy

Effective 2026-07-14 · IndieCo Marketing and SAGE are operated by SIMCO LLC, Minnesota
🔒

The pledge: IndieCo Marketing is SIMCO LLC's independent-shop marketing service in the SAGE product family. We don't sell your shop's data, your customer list, or your campaign results — not to advertisers, not to third-party "analytics partners," not to anyone. We use data only to provide the shop features you request and share it only with the service processors and lawful recipients disclosed below.

Everything below is how we make that pledge operational.

Company identity for app reviews

SAGE by SIMCO is SIMCO LLC's independent-shop software service. IndieCo Marketing is a SAGE module used for review-first storefront, campaign, and social publishing workflows. Both are operated by SIMCO LLC, a Minnesota business. Official app-review URLs are hosted on https://indieco.shop/, including this Privacy Policy, our Terms of Service, the IndieCo Marketing product page, and the LinkedIn API compliance page.

1. What we collect

Shop-provided data — only what you or your connected systems send us

Automatic data — routine web-app telemetry

What we don't collect

2. How we use what we collect

  1. Run the product. Generate your daily digest, draft campaigns, send approved transactional or campaign email through the appropriate provider, and respond to dashboard requests. Campaign and bulk delivery uses separate providers such as Resend or AWS SES, never the linked Gmail OAuth connection.
  2. Improve the product for you. Fine-tune your shop's "voice" based on campaigns you approve vs. reject. Scoped to your shop.
  3. Improve the product for everyone (opt-in). Anonymized, aggregated metrics. Never individual data. Opt out any time.

We don't use your data to train third-party AI models. IndieCo Marketing's AI calls (Gemini, Cloudflare Workers AI, Groq, Claude) are routed through the providers' no-training endpoints where available; customer/shop data is never submitted as model-training fodder.

3. Who we share with

We do not share with: advertisers, data brokers, "analytics partners," e-commerce aggregators, AI-training consortia, or anyone else not on the list above. If that list ever changes, this policy changes with it — materially and with 30 days' notice to all shops.

4. Where data lives

5. Your controls

6. Google Business Profile API data

When you connect Google Business Profile, SAGE uses Google OAuth and only works with profiles you own, manage, or are authorized to manage. SAGE uses that access to show profile readiness, draft review-ready posts, draft review-ready profile improvements, and prepare review replies you can check first where Google permits those features.

SAGE's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Google Business Profile is a Google service provided at no additional charge. SAGE may charge for its independent dashboard and marketing workflow, not for access to Google Business Profile itself. More details are available on the Google Business Profile API compliance page.

7. Gmail Inbox Intelligence data

When you connect Gmail Inbox Intelligence, SAGE uses Google OAuth only for a Gmail inbox you authorize. The v1 connection requests https://www.googleapis.com/auth/gmail.readonly to turn recent customer, vendor, order, billing, and connected-service email into owner-visible SAGE Inbox tasks, and https://www.googleapis.com/auth/gmail.send to send one final reply only after you review and confirm its recipient and content in SAGE.

SAGE's use and transfer of Gmail information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

8. Plaid financial-account data

When Plaid access is enabled, SAGE will use Plaid Link only after the shop owner or authorized manager starts the connection from SAGE and completes Plaid's consent flow. Plaid, not SAGE, collects the financial-institution credentials used inside Plaid Link.

Additional security practices for connected financial data are posted at https://indieco.shop/security-practices.html.

9. Facebook and Instagram data

When you connect Facebook or Instagram, SAGE uses Meta OAuth only for shop-authorized shop workflows: account connection status, Page or Instagram Business account selection, drafting, and publishing you confirm where Meta has granted the required permissions. SAGE does not automatically post to Facebook or Instagram without you confirming the content and destination.

Meta reviewer callback URLs are public and served over HTTPS: https://indieco.shop/api/marketing/meta/deauthorize and https://indieco.shop/api/marketing/meta/data-deletion.

10. LinkedIn data

When LinkedIn grants the requested permissions, SAGE uses LinkedIn OAuth only for shop-authorized, review-first LinkedIn Page workflows. SAGE Community Management is associated with the SAGE by SIMCO LinkedIn Page and is intended to help a shop owner draft, review, and publish approved text posts to a LinkedIn Page they own, manage, or are authorized to manage.

Additional LinkedIn reviewer details are posted at https://indieco.shop/linkedin-api-compliance.html.

11. Pinterest data

When you connect Pinterest, IndieCo Marketing uses Pinterest OAuth only for owner-authorized shop workflows: connection status, board selection, Pin drafting, proof-board checks, and owner-approved Pin or board creation where Pinterest has granted the required access.

12. TikTok data

When you connect TikTok, IndieCo Marketing uses TikTok authorization only for connected-shop workflows: connection status, creator posting checks, video export, upload, or direct post flows where TikTok has granted the requested access.

13. Contact

Questions, requests, or privacy concerns: hello@indieco.shop. GDPR / CCPA requests acknowledged within 48 hours, resolved within 30 days.

Legal operator contact: SIMCO LLC, 4307 Oliver Ave N, Minneapolis, MN 55412. Phone: (612) 440-2802.

14. Changes

Material changes (new data types, new sharing partners, new purposes) require 30 days' prior notice via email + dashboard banner. Non-material changes (clarifications, typo fixes) are posted here with a changelog entry.

Changelog