Skip to content
Trust & data

AI you can trust
with your money.

Updated June 11, 2026

The short version: Your numbers stay yours. Every account is completely walled off from every other. We never train AI on your data, never sell it, never share it. Export or delete everything in one click. For the legally-binding version, read our Privacy Policy.

Your data

Your numbers belong to your business.

Ecom Forwardis a tool you rent — not a service that consumes your data in exchange for “free” features.

  • Export everything, anytime. One click in your account downloads every record we hold for you. No support ticket required.
  • Delete everything, anytime. Owners can wipe the account with a 30-day grace window. Team members can self-remove instantly.
  • You own your integrations. Connecting Shopify or any ad platform authorizes us to READ your data — never to change it without your explicit action. Disconnect anytime from your Stores page.
  • No long-term commitments. Cancel in two clicks from your account. No email-the-team friction. No “contact us to downgrade” trap.
Isolation

Each account is walled off from every other.

The database refuses to return another customer's data to your query. It isn't a policy or a code review — it's a structural lock. That's the difference between “we promise” and “it can't happen.”

  • Everything is encrypted in transit and at rest.
  • Magic-link sign-in — no password to leak or reuse.
  • Your tokens stay server-side; team members can sync data without ever seeing the credentials.
  • Custom team roles let you give each person (your accountant, your agency, your VA) exactly the right slice — and nothing more.
What we never do

Commitments, not features.

These are what we refuse to do, regardless of business pressure.

  • Never train AI on your data. When Ford writes a summary or generates a listing, the prompt covers that one call. The model providers we use don't retain prompts for training — and we have a written agreement saying so.
  • Never sell your data. Not aggregated, not anonymized, not in any form. No “data partner” relationships, ever.
  • Never share with third parties beyond the infrastructure providers below.
  • Never plant tracking pixels on your customers. We read official APIs only. Your customers are your customers.
  • Never read your data “by hand” — except when you give explicit consent for support, when required by law, or to investigate a confirmed security incident. Even then, only the minimum needed.
  • Never lock you in. Your data exports cleanly the moment Ecom Forward stops being right for you.
Sub-processors

Where your data goes.

We use these companies to deliver the service. Each is bound by a Data Processing Addendum.

  • Supabase — database + authentication + storage. United States. Your data lives here.
  • Vercel — application hosting. United States. Your data passes through, never stored.
  • Stripe — payment processing. United States. We never see your full card.
  • Resend — transactional email. United States. Only the address and email body.
  • Anthropic / ElevenLabs / Google AI — Ford's brain, voice, and image generation. United States. Each call sends the prompt for that one call only — no retention for training.
  • Upstash — rate limiting (anti-abuse). United States. Only request metadata, never your business data.
  • Recall.ai — meeting recording + transcription, for the optional Meeting Notetaker only. United States. Used solely when you turn it on and accept the terms — see “Meeting recordings” below.

EU/UK customers: data transfers between the EU and the US run on Standard Contractual Clauses, the lawful mechanism under GDPR. Full details in our Privacy Policy.

Meeting recordings

Ford only records meetings with your explicit consent.

The Meeting Notetaker is optional and off by default. It does nothing until you turn it on and accept the recording terms — and even then, here's the deal:

  • Off until you opt in. No meeting is ever recorded unless you've explicitly enabled recording and accepted the terms. You can turn it off in one click, and recording stops immediately.
  • Ford joins in plain sight. The bot appears as a clearly-named participant, “Ford Notetaker,” and posts a message in the meeting so nobody is recorded secretly.
  • You handle attendee consent. As the host you're responsible for getting the consent your local laws require (many places — including the EU and several US states — require everyone's consent). We make the recording visible; getting consent is your call, and you confirm you will before you switch it on.
  • Read-only calendar, if you connect one. Optionally connect your Google Calendar so Ford joins your scheduled meetings automatically. We use read-only access — only your meeting times and join links — so we can join on schedule. We can't edit your calendar or read your email, you can pause auto-join or disconnect anytime, and it's off until you set it up.
  • Only you see your meetings. Your recordings, transcripts, and notes are private to you — not your teammates, and not us by hand.
  • Never used to train AI. Transcripts are summarised by a single isolated model call and nothing more. We don't train on them, sell them, or share them.
  • Deleted on a clock. Recordings and transcripts auto-delete after 90 days, and you can delete any meeting (and its copy at Recall.ai) yourself anytime.
Numbers

Every figure traces to a source you can verify.

No black-box attribution. No proprietary maths. If a number is on your screen, it came from somewhere you can check.

  • Revenue comes from Shopify's Orders API — the same figure you see in Shopify Admin.
  • Ad spend comes from each platform's reporting API — the same figure each ad manager shows.
  • Email revenue comes from Klaviyo's “Placed Order” metric, attributed the same way Klaviyo does it.
  • COGS is what YOU type in Catalog. We never guess.
  • Refunds, discounts, tax, shipping all come from the Shopify order detail, broken out so you can see exactly what's being subtracted.
  • Override anything. Click any cell in Daily Profit to edit it. The change is recorded with timestamp and who did it.
Activity history

Trust but verify, on the people on your account.

Every meaningful action — edits to financial data, team-member changes, integration connections, role changes, plan changes — is recorded so you can see who did what, when. Searchable, filterable, exportable. Visible to owners and admins.

This is what makes Ecom Forwardsafe to share with your team. If your bookkeeper edits a P&L line, you see it. If your agency disconnects an integration, you see it.

Honest limits

What we don't have yet.

We're early. Some institutional trust signals come with time, revenue, and customer demand. Here's what we don't have today and what we'll add when it makes sense:

  • SOC 2 Type II report. A third-party audit of our security controls. We'll pursue it when an enterprise customer needs it. The controls listed above are real — just not externally audited yet.
  • Public uptime status page. We monitor uptime internally; we'll publish a public status page within the next 6 months.
  • Independent security audit. Planned for after $300k ARR. Until then, the codebase is security-reviewed on every change.
  • EU-only data residency. Our hosting is in the US under Standard Contractual Clauses. EU-only is on the roadmap but not yet available.

We surface these honestly because pretending to be enterprise-grade when we're not is a worse trust signal than saying what we are: a small, focused team with strong structural commitments and a path to the rest.

Questions

Email us anything.

Email info@ecomforward.io with anything — security questions, DPA requests, data-deletion clarifications, or just “is this real?” The founder responds directly.