SAGE Privacy Policy
The pledge: IndieCo Marketing is SIMCO LLC's independent-shop marketing service in the SAGE product family. We don't sell your shop's data, your customer list, or your campaign results — not to advertisers, not to third-party "analytics partners," not to anyone. We use data only to provide the shop features you request and share it only with the service processors and lawful recipients disclosed below.
Everything below is how we make that pledge operational.
Company identity for app reviews
SAGE by SIMCO is SIMCO LLC's independent-shop software service. IndieCo Marketing is a SAGE module used for review-first storefront, campaign, and social publishing workflows. Both are operated by SIMCO LLC, a Minnesota business. Official app-review URLs are hosted on https://indieco.shop/, including this Privacy Policy, our Terms of Service, the IndieCo Marketing product page, and the LinkedIn API compliance page.
1. What we collect
Shop-provided data — only what you or your connected systems send us
- Account info: shop name, owner email, shop address, vertical, timezone.
- POS + storefront data (when you connect via OAuth): product catalog, order history, customer records, inventory levels. IndieCo Marketing pulls only the scopes we need; you see the exact scopes before you authorize.
- Customer-list uploads (CSV): names, emails, phone numbers, SMS consent state, consent proof, and purchase history. You control the list; you can delete any record at any time.
- Campaign outputs: draft emails and social posts, approval decisions, send results.
Automatic data — routine web-app telemetry
- IP address, browser, device type for the dashboard session (security + rate-limiting; 30-day rolling delete).
- Anonymized platform-level event counts — e.g. "5,812 digest items approved across all shops this month." No individual shop or customer is identifiable. Opt out in dashboard settings (
shareAnonymizedMetrics); the opt-out is a silent no-op — we never collect the event.
What we don't collect
- Customer purchase history is never shared across shops. Shop A can't see Shop B's customers or data, period.
- We don't track users across the open web. No Facebook Pixel, no Google Analytics 4, no third-party ad tech on any IndieCo Marketing page.
2. How we use what we collect
- Run the product. Generate your daily digest, draft campaigns, send approved transactional or campaign email through the appropriate provider, and respond to dashboard requests. Campaign and bulk delivery uses separate providers such as Resend or AWS SES, never the linked Gmail OAuth connection.
- Improve the product for you. Fine-tune your shop's "voice" based on campaigns you approve vs. reject. Scoped to your shop.
- Improve the product for everyone (opt-in). Anonymized, aggregated metrics. Never individual data. Opt out any time.
We don't use your data to train third-party AI models. IndieCo Marketing's AI calls (Gemini, Cloudflare Workers AI, Groq, Claude) are routed through the providers' no-training endpoints where available; customer/shop data is never submitted as model-training fodder.
3. Who we share with
- AI providers (Gemini, Cloudflare, Groq, Anthropic) for text completions — payload contains only the prompt and the specific context for that call. Governed by each provider's no-training / zero-retention terms where offered.
- Email providers (Resend, AWS SES) to deliver messages you approve.
- Twilio or another SMS provider for SMS opt-in flows and review-ready texts that you initiate.
- Stripe for billing. They see billing-email + payment details, not your shop data.
- Lawful requests — subpoenas, etc. We'll tell you unless legally barred.
We do not share with: advertisers, data brokers, "analytics partners," e-commerce aggregators, AI-training consortia, or anyone else not on the list above. If that list ever changes, this policy changes with it — materially and with 30 days' notice to all shops.
4. Where data lives
- US-region Railway + Cloudflare infrastructure.
- Daily encrypted backups; 30-day retention, then permanent delete.
- Each shop's data is isolated at the filesystem level; cross-shop queries are rejected at the router.
5. Your controls
- Export. Download everything in one ZIP: Dashboard → Settings → Export my data.
- Delete. Dashboard → Settings → Close shop → "Delete all data." After confirmation, SAGE removes the active shop data; encrypted backup copies age out under the 30-day backup-retention schedule unless law requires longer retention.
- Opt out of aggregates. Dashboard → Settings → toggle "Share anonymized usage metrics." Off means we never log the event.
- SMS consent. Text messages require express opt-in, are stored with consent proof, and can be stopped by replying STOP or using the opt-out link in an IndieCo Marketing text. See SMS consent and opt-out.
- Disconnect integrations (Shopify, Square, Clover, Lightspeed, Mailchimp, etc.) at any time. Revoking there revokes here.
6. Google Business Profile API data
When you connect Google Business Profile, SAGE uses Google OAuth and only works with profiles you own, manage, or are authorized to manage. SAGE uses that access to show profile readiness, draft review-ready posts, draft review-ready profile improvements, and prepare review replies you can check first where Google permits those features.
SAGE's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
- SAGE does not collect Google account passwords, session cookies, or credentials.
- SAGE does not use Google Location or Business Profile data for lead generation, prospecting, scraping, or data resale.
- SAGE does not post, edit, reply, upload, or otherwise change a public Business Profile without your specific approval for that action.
- Business Profile API content is stored only as needed to run the connected-shop workflow and improve dashboard performance. API-derived diagnostic snapshots are deleted or refreshed within 30 calendar days.
- Google API data is not sold, shared with advertisers, or used to train generalized AI models.
- Google Calendar data is handled only through the separate Calendar connection and only for owner-visible schedule workflows.
- You can disconnect Google from the dashboard or by emailing hello@indieco.shop. After a disconnect request, SAGE removes its Business Profile management access within 7 business days.
Google Business Profile is a Google service provided at no additional charge. SAGE may charge for its independent dashboard and marketing workflow, not for access to Google Business Profile itself. More details are available on the Google Business Profile API compliance page.
7. Gmail Inbox Intelligence data
When you connect Gmail Inbox Intelligence, SAGE uses Google OAuth only for a Gmail inbox you authorize. The v1 connection requests https://www.googleapis.com/auth/gmail.readonly to turn recent customer, vendor, order, billing, and connected-service email into owner-visible SAGE Inbox tasks, and https://www.googleapis.com/auth/gmail.send to send one final reply only after you review and confirm its recipient and content in SAGE.
SAGE's use and transfer of Gmail information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
- SAGE does not collect Gmail passwords, session cookies, contacts, Drive or Calendar data, unrelated Google product data, or any mailbox that was not connected through Gmail OAuth.
- SAGE does not automatically or bulk-send email. Every Gmail reply requires an authenticated owner or authorized manager to review the visible From, To, subject, and final body and confirm that individual send.
- SAGE keeps reply drafts inside SAGE. Gmail Inbox Intelligence v1 cannot create Gmail-native drafts, apply labels, mark messages read or unread, archive, trash, permanently delete, change filters, or change Gmail settings.
- SAGE stores only the Gmail-derived fields needed for the owner-visible workflow: connected mailbox address; accepted send-as address/display-name/default/verification metadata; message and thread identifiers; sender and recipient headers; subject; a bounded body excerpt; timestamps; classification; attachment name/type/size metadata; local draft text; Task Queue metadata; and the Gmail sent-message receipt used for local duplicate-send protection and reconciliation.
- The authenticated owner/manager SAGE Inbox contains the bounded message excerpt, thread context, and draft. Authorized shop staff may see a minimized Task Queue notice containing sender label, subject, signal category, and attachment count; staff task notices do not include the stored message-body excerpt or draft and cannot authorize a Gmail send.
- SAGE v1 stores attachment name/type/size metadata only and does not bulk-download attachment content. A future owner-open attachment preview must be implemented, disclosed, and safety-reviewed before SAGE retrieves supported attachment content.
- Gmail data is not sold, shared with advertisers, used for lead generation, used to train generalized AI models, or shared across shops.
- The current Gmail workflow uses bounded, recent Inbox queries and deterministic SAGE drafting rules. Gmail content is not sent into a generalized-model training pipeline. Before any optional AI subprocessor receives Gmail excerpts for a user-visible draft, SAGE will identify that processor, disclose its purpose and retention, and require an affirmative owner choice.
- Open/read Gmail-derived rows are retained for at most 90 days. After a row or related task becomes terminal (handled, replied, completed, canceled, or expired), the terminal row/task record, task events, and sent receipt are retained for at most 30 additional days. Encrypted backup copies then age out under the separate 30-day backup-retention schedule.
- You can disconnect Gmail from the dashboard, from your Google Account permissions page, or by emailing hello@indieco.shop. Dashboard disconnect removes SAGE's stored Gmail token and stops that shop's new Gmail sync and send operations immediately; SAGE also invokes Google revocation when the remote grant is not shared by another authorized SAGE shop. Support-requested disconnects are completed within 7 business days.
- You can request deletion of Gmail-derived SAGE Inbox rows, tasks, suggested replies, and sent proof by emailing hello@indieco.shop. SAGE deletes active copies within 7 business days unless law requires longer retention; backup copies age out within 30 days.
8. Plaid financial-account data
When Plaid access is enabled, SAGE will use Plaid Link only after the shop owner or authorized manager starts the connection from SAGE and completes Plaid's consent flow. Plaid, not SAGE, collects the financial-institution credentials used inside Plaid Link.
- SAGE does not collect bank usernames, bank passwords, security questions, one-time passcodes, or financial-institution session cookies.
- SAGE requests only the Plaid products approved for the connected workflow. The initial production request is for transaction and recurring-transaction insights so SAGE can show owner-visible cash-flow, vendor, subscription, and operational tasks.
- SAGE stores only the Plaid tokens, item/account identifiers, transaction records, recurring-transaction records, institution metadata, consent timestamps, and task metadata needed to run the connected-shop workflow.
- SAGE does not use Plaid data for credit decisions, insurance decisions, employment decisions, eligibility screening, advertising, resale, data brokerage, or cross-shop profiling.
- SAGE does not sell Plaid data, share Plaid data with advertisers, train generalized AI models on Plaid data, or expose Plaid-derived data to other shops.
- Connected Plaid data is shown only inside authenticated SAGE owner/manager workflows. Any future staff-facing summary must be minimized and must not expose full account numbers or bank credentials.
- You can disconnect Plaid in the dashboard, from your Plaid Portal where available, or by emailing hello@indieco.shop. After a disconnect or deletion request, SAGE removes stored Plaid tokens and active Plaid-derived workflow rows within 7 business days unless law requires longer retention; encrypted backup copies age out within 30 days.
Additional security practices for connected financial data are posted at https://indieco.shop/security-practices.html.
9. Facebook and Instagram data
When you connect Facebook or Instagram, SAGE uses Meta OAuth only for shop-authorized shop workflows: account connection status, Page or Instagram Business account selection, drafting, and publishing you confirm where Meta has granted the required permissions. SAGE does not automatically post to Facebook or Instagram without you confirming the content and destination.
- SAGE does not collect Facebook or Instagram passwords, session cookies, personal messages, or unrelated account data.
- SAGE stores only the tokens, account identifiers, selected Page or Instagram Business account metadata, and review-ready content needed to operate the connected-shop workflow.
- You can disconnect Facebook or Instagram in the dashboard, from your Meta account settings, or by emailing hello@indieco.shop.
- If Meta sends a deauthorization callback, SAGE marks the matching Facebook or Instagram connection disconnected and removes the stored access token.
- If Meta sends a data deletion request, SAGE verifies Meta's signed request, deletes matching stored Facebook or Instagram connection data and associated shop records where applicable, and returns a confirmation code with a status page at
/legal/data-deletion?code=....
Meta reviewer callback URLs are public and served over HTTPS: https://indieco.shop/api/marketing/meta/deauthorize and https://indieco.shop/api/marketing/meta/data-deletion.
10. LinkedIn data
When LinkedIn grants the requested permissions, SAGE uses LinkedIn OAuth only for shop-authorized, review-first LinkedIn Page workflows. SAGE Community Management is associated with the SAGE by SIMCO LinkedIn Page and is intended to help a shop owner draft, review, and publish approved text posts to a LinkedIn Page they own, manage, or are authorized to manage.
- SAGE does not collect LinkedIn passwords, session cookies, direct messages, advertising data, unrelated profile data, or unrelated Page data.
- SAGE does not scrape LinkedIn, build lead lists from LinkedIn, run ads, boost posts, send DMs, or auto-publish without the shop owner's explicit approval of the final content and destination.
- SAGE stores only the OAuth token, granted scopes, selected organization/Page identifier, Page name, role/readiness proof, and reviewed post/proof metadata needed to operate the connected-shop workflow.
- You can disconnect LinkedIn in the dashboard, from LinkedIn account settings where available, or by emailing hello@indieco.shop. After a disconnect request, SAGE removes stored LinkedIn tokens and connection metadata within 7 business days.
Additional LinkedIn reviewer details are posted at https://indieco.shop/linkedin-api-compliance.html.
11. Pinterest data
When you connect Pinterest, IndieCo Marketing uses Pinterest OAuth only for owner-authorized shop workflows: connection status, board selection, Pin drafting, proof-board checks, and owner-approved Pin or board creation where Pinterest has granted the required access.
- IndieCo Marketing is not endorsed by, affiliated with, or sponsored by Pinterest.
- IndieCo Marketing does not collect Pinterest passwords, session cookies, personal messages, unrelated account data, or audience data outside the connected-shop workflow.
- IndieCo Marketing stores only the access tokens, refresh tokens, account identifiers, board identifiers, Pin identifiers, proof-check results, and owner-approved content needed to operate the Pinterest integration.
- IndieCo Marketing does not sell, rent, or share Pinterest API data, and does not combine Pinterest API data with unrelated third-party data for advertising or profiling.
- IndieCo Marketing does not use Pinterest-derived data to train AI or machine-learning models, replicate Pinterest's product experience, scrape Pinterest, build unauthorized datasets, or power unsanctioned automated access.
- IndieCo Marketing does not create public Pins or boards automatically. Pinterest publishing actions require a confirmed dashboard action by the connected shop owner or authorized manager.
- You can disconnect Pinterest in the dashboard, from Pinterest account settings where available, or by emailing hello@indieco.shop. After a disconnect or deletion request, IndieCo Marketing removes stored Pinterest tokens, Pinterest-derived account/board/Pin identifiers, proof-check metadata, and queued owner-approved Pinterest content from active SAGE systems within 7 business days unless law requires longer retention; encrypted backup copies age out within 30 days.
- Public Pins or boards already created on Pinterest remain controlled in Pinterest unless you delete or change them there.
12. TikTok data
When you connect TikTok, IndieCo Marketing uses TikTok authorization only for connected-shop workflows: connection status, creator posting checks, video export, upload, or direct post flows where TikTok has granted the requested access.
- IndieCo Marketing does not collect TikTok passwords, session cookies, direct messages, unrelated profile data, or follower lists.
- IndieCo Marketing stores only the tokens, account identifiers, creator posting metadata, and content needed to operate the connected-shop workflow.
- IndieCo Marketing does not post to TikTok automatically. Uploads, exports, or direct posts require a confirmed dashboard action by the connected shop owner or authorized manager.
- You can disconnect TikTok in the dashboard, from TikTok account settings where available, or by emailing hello@indieco.shop.
13. Contact
Questions, requests, or privacy concerns: hello@indieco.shop. GDPR / CCPA requests acknowledged within 48 hours, resolved within 30 days.
Legal operator contact: SIMCO LLC, 4307 Oliver Ave N, Minneapolis, MN 55412. Phone: (612) 440-2802.
14. Changes
Material changes (new data types, new sharing partners, new purposes) require 30 days' prior notice via email + dashboard banner. Non-material changes (clarifications, typo fixes) are posted here with a changelog entry.
Changelog
- 2026-07-14 - Added Plaid financial-account data handling, Plaid disconnect/deletion timing, and a public security-practices reference.
- 2026-07-14 - Added Pinterest non-affiliation, no AI/model-training, no unauthorized Pinterest Data use, and Pinterest disconnect/deletion timing disclosures.
- 2026-07-09 - Added Gmail Inbox Intelligence read-and-owner-approved-send scopes, Limited Use, local-draft, attachment-metadata, disconnect, and deletion disclosures.
- 2026-07-07 - Made IndieCo Marketing the primary app-review label and added explicit Pinterest/TikTok data-use disclosures.
- 2026-06-19 — Clarified SAGE by SIMCO / SIMCO LLC identity for app review and added LinkedIn API data handling language.
- 2026-06-04 — Clarified SAGE / SIMCO LLC naming and added explicit Facebook, Instagram, Meta deauthorization, and Meta data deletion handling language.
- 2026-05-11 — Added Google Business Profile API handling, owner authorization, disconnect, and API content-retention language.
- 2026-04-21 — Initial version.