Introduction

OnAnthem ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform.

Information We Collect

Information You Provide

Account Information

Name, email address, password, company name, and contact details when you create an account

Business Information

Merchant or partner business details, tax information, and payment details

Communications

Information you provide when contacting support or providing feedback

Buyer Information

When you make a purchase through the OnAnthem checkout experience (including checkout widgets embedded on partner websites), we collect:

Contact Information

Name, email address, and phone number

Shipping Address

Street address, city, state, postal code, and country

Payment Information

Payment details are collected and processed directly by Stripe. OnAnthem does not store your full card number.

Order Information

Products purchased, quantities, prices, and transaction details

Information from Third-Party Integrations

When you connect third-party services (such as Shopify), we collect:

Product Data

Product names, descriptions, images, prices, variants, and inventory levels

Order Data

Order numbers, dates, line items, prices, discounts, taxes, and fulfillment status

Customer Data

Customer names, email addresses, phone numbers, and shipping/billing addresses associated with orders

Automatically Collected Information

  • Device information and browser type
  • IP address and general location
  • Usage patterns and interactions with the Service
  • Log data and analytics

Page Context from Embedded Widgets

When you visit a website that has installed the OnAnthem checkout widget, our embed script may collect contextual information from the page to provide relevant product recommendations. This includes:

  • Page title, headings, and visible text content
  • Meta tags, Open Graph data, and structured data (such as Schema.org markup)
  • Image URLs and descriptive text
  • The URL of the page where the widget is displayed

This information describes the content of the web page, not the individual viewing it. It is used solely for contextual product matching and is not combined with personal data to build user profiles or track browsing activity across sites. Page analysis results are cached by URL so that the same page is not processed repeatedly.

How We Use Your Information

We use the collected information for the following purposes:

Store Management

  • Syncing and displaying orders in merchant dashboards
  • Tracking order fulfillment and status
  • Managing product catalogs and inventory
  • Generating sales reports and analytics

App Functionality

  • Processing orders placed through partner storefronts
  • Calculating and distributing commissions
  • Facilitating communication between merchants and partners
  • Providing customer support

Contextual Product Recommendations

  • Analyzing page content where the widget is displayed to understand the context of the page
  • Using automated systems, including third-party AI services, to match page context with relevant products from merchant catalogs
  • Caching page analysis results to improve performance and reduce redundant processing

Service Improvement

  • Analyzing usage patterns to improve the platform
  • Debugging and fixing technical issues
  • Developing new features

Data Sharing and Disclosure

We do not sell your personal data. When you make a purchase through OnAnthem, your information is shared with the parties necessary to complete and support your transaction:

Merchants (Sellers)

Your name, shipping address, email, phone number, and order details are shared with the merchant who fulfills your order. Merchants need this information to process, ship, and support your purchase.

Partners (Creators and Affiliates)

Order details and limited buyer information may be shared with the partner whose storefront or content led to the purchase. This is used for commission tracking and may be used for marketing communications, subject to applicable opt-out rights.

Stripe (Payment Processing)

Your payment information is collected and processed directly by Stripe. OnAnthem does not store your full payment card details.

OnAnthem (Platform Operations)

We use your information to facilitate orders, provide customer support, prevent fraud, improve the platform, and comply with legal obligations.

We may also share information in the following circumstances:

  • Service Providers: We use third-party services (hosting, analytics, email delivery) that may process data on our behalf under contractual obligations to protect your information
  • Legal Requirements: We may disclose information if required by law, legal process, or to protect the rights, property, or safety of OnAnthem, our users, or the public
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction

Cookies and Tracking Technologies

We use cookies and similar technologies to operate and improve the Service:

  • Essential Cookies: Required for the Service to function, including session management, authentication, and checkout functionality
  • Analytics: We may use analytics tools to understand how users interact with the platform and to improve our services
  • Third-Party Cookies: Some third-party services we integrate with (such as Stripe) may set their own cookies as necessary to provide their services

Most web browsers allow you to control cookies through their settings. Disabling certain cookies may limit your ability to use some features of the Service, including the checkout experience.

Advertising and Marketing

We may use your information, or enable merchants and partners to use your information, for marketing purposes including:

  • Transactional Communications: Order confirmations, shipping updates, and other messages related to your purchase
  • Merchant Communications: Merchants may use your contact information to communicate about your order or their products, subject to their own privacy practices
  • Partner Marketing: Partners may use limited information from your transaction for marketing communications, subject to applicable laws and your opt-out rights
  • Contextual Recommendations: Our widget may display product recommendations based on the content of the page where it is embedded. These recommendations are contextual — they are based on page content, not on your browsing history, personal profile, or activity across other websites
  • Retargeting and Personalization: We or our partners may use advertising identifiers, cookies, or similar technologies to show you relevant content or ads based on your interactions with the platform

You may opt out of marketing communications at any time by following the unsubscribe instructions in any marketing email, or by contacting us at support@onanthem.com. Opting out of marketing communications does not affect transactional messages related to your orders.

Data Security

We implement appropriate technical and organizational measures to protect your data:

Encryption

Data is encrypted in transit (TLS/HTTPS) and at rest

Access Controls

Role-based access controls limit who can access personal data

Token Security

Third-party access tokens are encrypted before storage

Audit Logging

We maintain logs of access to sensitive data

Regular Backups

Data is backed up regularly with encrypted backups

Data Retention

We retain your information for as long as necessary to provide the Service and comply with legal obligations:

Account Data

Retained while your account is active and for a reasonable period after deletion

Order Data

Retained for the period required by tax and accounting laws in your jurisdiction (typically 7 to 10 years)

Analytics Data

Aggregated and anonymized data may be retained indefinitely

Your Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your personal data
  • Portability: Request your data in a portable format
  • Opt-Out: Opt out of certain data processing activities
  • Withdraw Consent: Withdraw consent where processing is based on consent

How We Handle Your Requests

When you request a copy of your data, we'll prepare a structured export of the orders, account information, and contact details we hold for you, and email it to the merchant you ordered from so they can deliver it to you.

When you request deletion of your data, we'll anonymize your name, email, phone number, and address from your order records. We're required to keep some financial information about the transaction itself (amounts, taxes, dates) to comply with tax and accounting laws, but anything that personally identifies you is removed.

When a merchant uninstalls OnAnthem from their store, we automatically remove their store's information from our systems within the timeframe required by Shopify and applicable law.

Most requests are fulfilled within a few business days.

To make any of these requests, contact us at legal@onanthem.com.

If You've Shopped with Multiple Merchants or Partners

When you make a purchase on OnAnthem, your information is held by both the merchant who fulfills your order and the partner whose storefront introduced you to the product. These are independent businesses, and your data is stored separately for each relationship.

If you ask one merchant or partner to delete your data, we'll remove your information from their records — but data held by the others stays in place unless you ask them too.

The simplest way to request a complete deletion across every merchant and partner you've interacted with on OnAnthem is to email legal@onanthem.com. We'll coordinate the full redaction on your behalf.

Third-Party Services

Our Service integrates with third-party services that have their own privacy policies:

Shopify

View Shopify Privacy Policy

Stripe

View Stripe Privacy Policy

Supabase

View Supabase Privacy Policy

Anthropic

Page content may be processed by Anthropic's AI services to generate contextual product recommendations. No personal data is sent — only page content such as text, headings, and metadata.

View Anthropic Privacy Policy

International Data Transfers

Your data may be processed in countries other than your own. We ensure appropriate safeguards are in place for international transfers, including standard contractual clauses where applicable.

Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service. The "Last updated" date at the top indicates when the policy was last revised.

Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Privacy Inquiries

legal@onanthem.com

California Privacy Rights (CCPA/CPRA)

California residents have additional rights under the California Consumer Privacy Act and the California Privacy Rights Act:

  • Right to Know: Request what personal information we collect, use, disclose, and sell or share
  • Right to Delete: Request deletion of your personal information, subject to certain exceptions
  • Right to Correct: Request correction of inaccurate personal information
  • Right to Opt-Out of Sale or Sharing: Opt out of the sale of your personal information or the sharing of your personal information for cross-context behavioral advertising
  • Right to Limit Use of Sensitive Information: Limit the use and disclosure of sensitive personal information to what is necessary to provide the Service
  • Right to Non-Discrimination: Not receive discriminatory treatment for exercising your privacy rights

We do not sell personal information as defined by the CCPA. When buyer information is shared with merchants or partners for order fulfillment, commission tracking, or marketing purposes, this may constitute "sharing" under the CPRA. You may opt out of such sharing by contacting us at legal@onanthem.com. We also honor Global Privacy Control (GPC) signals sent by your browser.

GDPR Compliance

For users in the European Economic Area (EEA), we process personal data based on the following legal bases:

Contract

Processing necessary to provide the Service

Legitimate Interests

Processing for fraud prevention, security, and service improvement

Legal Obligation

Processing required by law

Consent

Where you have provided explicit consent