Privacy Policy

Last Updated: November 04, 2025 | Version 6.0

At any.market, we take your privacy seriously. This Privacy Policy explains how we collect, use, store, and protect your information when you use our services to create online stores. You can create stores either through AI-powered transformation of your Google Business Profile, or manually without connecting any external accounts.

By using any.market, you agree to the practices described in this policy. Please read it carefully.

1. Information We Collect

Vendor Account Information (Store Owners)

When you create an any.market account to build your store, we collect:

  • Email address: For account access and communications
  • Name: To identify your account
  • Phone number: For account verification and support
  • Password: Stored as a secure hash (never stored in plain text)
  • Store content: Products, descriptions, images, and customizations you create

End Customer Information (Store Shoppers)

When customers shop on stores hosted by any.market, we collect:

  • Email address: For order confirmations and account creation
  • Phone number: For order-related communications
  • Password: Stored as a secure hash (if customer creates an account)
  • Shopping cart data: Items selected for purchase

✓ Payment Data Protection

We do NOT store payment information. All payment processing (credit cards, billing addresses, transaction details) is handled by third-party payment processors. We never have access to or store your payment card details.

Cookies and Tracking

We use cookies only with your explicit consent. Cookies help maintain your login session and store preferences. You can control cookie settings through your browser.

✓ Data Controller

any.market acts as the data controller for both vendor accounts and end customer data. We are responsible for protecting and managing this information in accordance with applicable privacy laws.

2. Google Business Profile Data (AI-Powered Creation Only)

✓ Two-Step Data Access:

Step 1 - Preview (No OAuth): When you enter your business name at gbp.any.market, we use the public Google Places API to show you a store preview using publicly available data (name, address, hours, photos, reviews). No authentication required.

Step 2 - Claim Business (OAuth Required): If you choose to claim your business, we request OAuth access to: (1) READ menu data unavailable via public API, and (2) WRITE your store URL to your GBP website field (one-time update).

✓ Data Handling Commitment:

Raw GBP data is NOT STORED. Menu data is accessed on-the-fly, transformed immediately by AI, and never retained. We perform a single one-time write to add your store URL to your GBP website field. No ongoing access or customer data collection.

Public Data Access (Google Places API - No OAuth)

For store preview before claiming, we access publicly available data:

  • Business name, address, phone number, and publicly listed website
  • Business hours and operational information
  • Customer reviews and ratings (public only)
  • Photos and media content (publicly available)

Authenticated Data Access (OAuth Required - Claim Only)

When you claim your business via OAuth, we access:

  • READ: Menu data (unavailable via public API, transformed on-the-fly, NOT STORED)
  • WRITE: Store URL to your GBP website field (one-time update at creation)

Important: We do NOT access customer data, transaction history, or any private business information. Reviews are accessed only via the public API. You can disconnect OAuth access at any time after your store is created.

Transformed Store Data (What We Actually Store)

After AI transformation, we permanently store only:

  • AI-generated store pages, product descriptions, and content
  • Store structure, layout preferences, and customizations
  • Media optimized and processed for your store (not raw GBP media)
  • Your store configuration and settings

3. How We Use Information

General Platform Use

  • Provide Services: Create and manage your online store (via AI-powered or manual creation)
  • Communication: Send service updates, notifications, and support responses
  • Product Improvement: Analyze aggregate usage patterns to enhance our platform
  • Security: Detect and prevent fraud, abuse, and security threats
  • Compliance: Meet legal obligations and enforce our Terms of Service

AI-Powered Store Creation (When Selected)

  • Public API (No OAuth): Generate store preview using publicly available data from Google Places API
  • Menu Data (OAuth): Transform menu items on-the-fly into product pages (NOT STORED)
  • Website Write (OAuth): Add your store URL to your GBP website field (one-time update)

Manual Store Creation

  • Manual Store Tools: Provide content management system for building your store from scratch
  • No External Data: No connection to Google APIs or external business data sources

AI Processing Details

AI Provider: We use Google Gemini for transforming business data into store content.

Data Sent to AI: Only transformed business information (business name, menu items, descriptions, hours) is sent to Google Gemini for content generation. Raw Google API data is never sent directly to AI services.

Data NOT Sent: Customer data, transaction history, private business information, authentication tokens, or any personal identifiers are never sent to AI providers.

AI Processing: All AI processing happens in real-time during store creation. Google Gemini does not store or retain your business data after content generation is complete.

Compliance: Google Gemini is contractually bound to comply with Google API Services User Data Policy Limited Use requirements and does not use your data for model training or any purpose beyond generating your store content.

4. Data Transformation and Ownership Model

Step 1: On-the-Fly Data Access

Raw data is processed on-the-fly with zero storage

Step 2: AI Transformation

AI generates new store content, product descriptions, and layouts

Step 3: Store Creation

The transformed store becomes your property

Step 4: Raw Data Deletion

Raw GBP data is NEVER stored - it's transformed immediately and discarded. Only your transformed store content remains.

✓ You Own Your Transformed Store

The AI-generated store content belongs to you. We simply facilitate the transformation from raw business data to professional store content.

5. Data Retention and Deletion

Public Google Places API Data

  • Used for preview only: Accessed in real-time to generate store preview
  • No storage: Public data is not stored raw; only AI-transformed content is saved
  • No authentication required: Available to anyone viewing Google Places

OAuth-Accessed Data (Menu + Website Write)

  • NOT STORED: Menu data is transformed on-the-fly and never retained
  • Real-time processing: Menu items are accessed, transformed by AI, and immediately discarded
  • Zero retention: No caching or temporary storage of raw API data
  • One-time write: Store URL is written to your GBP website field once at creation
  • No ongoing access: We do not maintain persistent access to your GBP data

Your Transformed Store Data

  • Active accounts: Stored indefinitely while your account is active
  • Account deletion: Permanently deleted within 30 days of account closure
  • Backup retention: Encrypted backups retained for 90 days for disaster recovery

Disconnecting Your Google Account

You can disconnect your Google Business Profile at any time. Important: Since we do not store raw GBP data and do not maintain ongoing access, disconnecting your account does not trigger any raw data deletion - because there is no raw data to delete. Your transformed store content remains in your account unless you explicitly delete it.

6. Information Sharing

We share your information only in limited circumstances:

  • Service Providers: Third-party vendors who help us operate (hosting, analytics, AI processing)
  • Legal Requirements: When required by law, court order, or government request
  • Business Transfers: In case of merger, acquisition, or sale of assets
  • Your Consent: When you explicitly authorize sharing
  • Aggregated Data: Anonymous, non-identifiable data for analytics and research

7. Data Security

We implement industry-standard security measures:

  • Encryption: TLS/SSL encryption for data in transit
  • Access Controls: Role-based access with multi-factor authentication
  • Infrastructure Security: Secure cloud hosting with regular security audits
  • Monitoring: 24/7 security monitoring and incident response
  • Compliance: GDPR, CCPA, and Google API Services User Data Policy compliance

8. Your Rights and Choices

You have the following rights regarding your data:

  • Access: Request a copy of your data
  • Correction: Update inaccurate or incomplete information
  • Deletion: Request deletion of your account and associated data
  • Export: Download your store data in portable format
  • Opt-Out: Unsubscribe from marketing communications
  • Revoke Access: Disconnect your Google Business Profile at any time

9. Google API Services User Data Policy

✓ Limited Use Requirements

any.market's use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.

✓ Our Specific Data Handling

Public Data: We use Google Places API (no OAuth) for store previews using publicly available information.

OAuth Data: We use business.manage scope ONLY for: (1) READ menu data unavailable via public API, and (2) WRITE store URL to website field (one-time).

No Storage: Raw OAuth data is transformed on-the-fly and never stored.

No Customer Data: We do NOT access transaction history, customer information, or any private business data beyond menu items.

We commit that we will NEVER:

  • Sell your data to data brokers, advertising platforms, or information resellers
  • Use your data for personalized advertising, retargeting, or interest-based advertising
  • Use your data for credit-worthiness determinations or lending decisions
  • Transfer or use your data for surveillance purposes
  • Train generalized AI or machine learning models using your Google data without explicit consent
  • Allow unauthorized humans to read your data without your explicit consent
  • Share your Google Business Profile data with third parties for their marketing
  • Use customer review data for anything beyond displaying to you

10. Children's Privacy

any.market is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal information, we will delete it immediately.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place:

  • Standard Contractual Clauses approved by regulatory authorities
  • Compliance with EU-US and Swiss-US Privacy Shield frameworks where applicable
  • Encryption of data in transit and at rest

12. Cookies and Tracking

✓ Consent Required

We use cookies only with your explicit consent. You can accept or decline cookies when you first visit our platform.

We use cookies for:

  • Essential Cookies: Required for basic functionality (login sessions, security)
  • Preference Cookies: Remember your settings and store customizations

You can control cookies through your browser settings or by updating your consent preferences in your account. Note that disabling essential cookies may affect platform functionality.

13. Third-Party Services

We use the following third-party services:

  • Google APIs: For accessing Google Business Profile data (optional, AI-powered creation only)
  • Cloud Hosting: Secure infrastructure providers for hosting the platform and stores
  • Payment Processors: For handling all payment transactions (vendor subscriptions and end customer purchases)

✓ Payment Processing

We do NOT handle or store payment data. All payment processing is managed by third-party payment processors who handle:

  • Vendor subscription payments (your any.market account)
  • End customer transactions (purchases on your store)
  • All credit card data, billing addresses, and payment information

These payment processors have their own privacy policies and security standards. We never have access to full payment card details.

Each third-party service has its own privacy policy. We carefully vet all providers to ensure they meet our security and privacy standards.

14. Data Breach Notification

In the event of a data breach that affects your personal information, we will:

  • Notify you within 72 hours of discovering the breach
  • Provide details about what information was affected
  • Explain the steps we're taking to address the breach
  • Offer guidance on protective measures you can take
  • Notify relevant regulatory authorities as required by law

15. California Privacy Rights (CCPA)

California residents have additional rights under the California Consumer Privacy Act:

  • Right to know what personal information is collected, used, shared, or sold
  • Right to delete personal information held by businesses
  • Right to opt-out of sale of personal information (we don't sell your information)
  • Right to non-discrimination for exercising your CCPA rights

To exercise these rights, contact us at privacy@any.market

16. European Privacy Rights (GDPR)

If you're located in the European Economic Area, you have rights under the General Data Protection Regulation:

  • Right to Access: Request copies of your personal data
  • Right to Rectification: Request correction of inaccurate data
  • Right to Erasure: Request deletion of your data ("right to be forgotten")
  • Right to Restrict Processing: Request limitation of how we use your data
  • Right to Data Portability: Receive your data in a structured format
  • Right to Object: Object to certain types of processing
  • Rights Related to Automated Decision-Making: Protection against automated decisions

To exercise these rights, contact us at privacy@any.market

You also have the right to lodge a complaint with your local data protection authority.

17. Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes:

  • We will update the "Last Updated" date at the top
  • For material changes, we will notify you via email or prominent notice on our platform
  • Continued use of our Services after changes constitutes acceptance

We encourage you to review this policy periodically to stay informed about how we protect your information.

18. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy, please contact us:

any.market, Corp.

251 Little Falls Drive

Wilmington, DE 19808

United States

Delaware File Number: 3840142

Email: privacy@any.market

Support: support@any.market

Document Version: 6.0 (Google OAuth Verification Compliant)
Prepared: November 04, 2025
Legal Entity: any.market, Corp. (Delaware C-Corporation)
Delaware File Number: 3840142

By using any.market, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.