Privacy Policy
Konvarr (a product of RunMyStore AI LLC, a US limited liability company) · Effective 2026-05-01 · Version 2.1
1. Who we are
Konvarr is a financial-visibility tool for small US ecommerce merchants. We operate as RunMyStore AI LLC (the "legal entity," "we," "our") and present the product to merchants under the brand name "Konvarr."
2. What this policy covers
This policy describes how Konvarr handles merchant data and our extremely limited handling of any incidental personal data we encounter via merchant-authorized third-party connections (Shopify, Etsy, Stripe, Plaid, etc.).
3. What we collect, store, and do NOT store
What we DO store (minimal)
| Data | Form | Purpose |
|---|
| OAuth tokens / API keys for the merchant's authorized third-party connections (Plaid, Shopify, Etsy, Stripe, etc.) |
Encrypted at rest with Fernet AES-256; encryption key held only in environment variable, never database |
Connect to merchant-authorized data sources on the merchant's behalf |
| Merchant account record (UUID, tier, timestamps, optionally email for support contact) |
Database |
Identify which merchant a session belongs to |
| Bearer token hashes (one-way) |
Database |
Validate MCP session tokens |
| Application logs |
PII-redacted at write time, rotated per system defaults |
Operational debugging |
What we DO NOT store
- No customer PII. Names, emails, phone numbers, addresses, IPs of merchants' end customers — stripped at ingest before any persistence.
- No bank account numbers, no routing numbers, no card numbers, no bank login credentials. When a merchant connects their bank via Plaid Link, the bank-credential exchange happens entirely between the merchant and Plaid in the merchant's browser. Konvarr only ever receives an opaque
access_token (which is itself encrypted before storage).
- No persistent transaction data, no persistent order data, no persistent ad spend, no persistent balance information. Konvarr operates on-demand: when the merchant requests a close-out memo, we fetch fresh data from each connected source, compute the memo, return it, and drop the raw data from memory.
- No identity-verification data. We do not request Plaid's Identity, Identity Match, Income, Assets, or Investments products.
- No payment instrument data. We do not initiate ACH or any money movement. We do not request Plaid's Auth product.
4. Where data flows
When a merchant requests a close-out memo, the following parties may briefly handle merchant data:
| Sub-processor | Role |
|---|
| Anthropic, PBC | Generates the natural-language memo from pre-computed financial findings (we feed it aggregated, PII-stripped numbers) |
| Plaid Inc. | Provides bank transaction data on the merchant's authorization |
| Shopify Inc. | Provides order and payout data on the merchant's authorization |
| Stripe, Inc. | Provides charge, payout, and dispute data when the merchant connects Stripe |
| Etsy Inc. | Provides order, fee, and ad-spend data when the merchant connects Etsy |
| Hosting provider | Operates the Konvarr server |
| PostgreSQL provider | Stores the encrypted tokens and minimal account records |
A complete list with locations and links is in our Sub-processor List, available on request to contact@konvarr.com.
5. How we secure data
- TLS 1.2+ for all data in transit
- Fernet AES-256 encryption for all stored tokens; key in environment variable, never database
- Per-merchant credential isolation — no cross-merchant data access by design
- PII redaction at ingest and again at log-write time
- Scope minimization on every integration (Plaid: Transactions only; never Auth/Identity)
- Rate limiting and webhook signature verification on every external endpoint
- 24-hour breach notification commitment to data controllers (the merchants), 72-hour regulatory notification per GDPR
A standalone Information Security Policy documents the full set of controls and is available on request.
6. Merchant rights
Merchants can at any time:
- Disconnect any source. Konvarr immediately revokes the relevant access token; no further data is fetched. Any cached data is dropped.
- Delete their account. Triggers full deletion of all encrypted tokens and the account record. Confirmation within 30 days.
- Export their data. Konvarr returns the merchant's stored records (mostly: which sources are connected and timestamps). Since we don't persist transaction data, there is little to export.
- Object to processing or restrict use. Contact contact@konvarr.com.
- Lodge a complaint with their relevant supervisory authority (state AG in the US, DPA in the EU/UK).
7. Plaid-specific terms
When a merchant connects their bank via Plaid:
- Plaid is a sub-processor. Plaid's own privacy policy and end-user services agreement apply to Plaid's collection of bank-login credentials. See plaid.com/legal.
- Konvarr never sees the merchant's bank login. That happens between merchant and Plaid in the merchant's browser via Plaid Link.
- Konvarr only stores the encrypted Plaid
access_token for the merchant's authorized item(s). This token grants read-only access to transactions and balances for the accounts the merchant explicitly selected during Plaid Link.
- Konvarr does not initiate ACH, transfers, or any money movement. We do not request Plaid's Auth product. We are read-only.
- Merchant can revoke at any time by disconnecting in Konvarr, which triggers Plaid
/item/remove and deletion of the encrypted access_token.
8. Children
Konvarr is sold to and used by businesses. We do not knowingly collect data from children under 16. If we learn that we have, we delete it.
9. Changes
Material changes to this policy are emailed to merchants 30 days before they take effect. Minor changes (clarifications, formatting) are published with the date below.
10. Contact