Privacy Policy

Last updated: 2026-05-01

1. Who we are

Woodpigeon Inc. ("we", "our", "us") operates SeedPeep, a creator-seeding tool for Shopify merchants. This policy explains what data we collect, how we use it, and the rights you have over it.

2. Information we collect

When you use SeedPeep, we collect:

• Account information. Your name, email, and Shopify store domain when you sign in via Shopify OAuth.
• Shopify store data. Product titles, variants, orders, and metaobjects necessary to generate creator pitches and attribute sales. Accessed via OAuth tokens you grant us.
• Gmail OAuth tokens (if you connect Gmail). Access and refresh tokens that let SeedPeep send pitch emails on your behalf. We store these tokens encrypted at rest. We never read messages from your inbox.
• Public TikTok data. Creator handles, follower counts, bios, and post metadata fetched from TikAPI for creator discovery. This is data TikTok exposes publicly; we do not access private creator data.
• Operational data. Pitch drafts you generate, gift orders you create, post-performance metrics for tracked creator posts, and click-through events on creator tracking links.

3. How we use information

• To run the SeedPeep service: discover creators, generate pitches, send those pitches via your connected sender, attribute revenue.
• To send transactional emails about your account (e.g., post-detected notifications, system alerts).
• To improve the product (aggregated, non-identifying analytics).

We do not sell your data, share it with advertisers, or use it to train AI models on your behalf without your explicit opt-in.

4. Google API Services User Data — Limited Use Disclosure

SeedPeep's use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.

Specifically, when you connect a Gmail account to SeedPeep:

• We use the gmail.send scope solely to send pitch emails to creators on your behalf, at your direction.
• We use the gmail.metadata scope solely to detect when creators reply to those pitch emails. We read only message metadata (sender address, timestamp, thread ID, and message labels) within threads SeedPeep originated, so we can auto-halt outreach sequences once a creator has replied. We do not access message bodies, attachments, or threads SeedPeep did not originate through this scope.
• We do not read, store, or analyze the content of messages in your Gmail inbox.
• We do not use Gmail data for advertising, profiling, or any purpose other than the user-facing feature you connected the account for.
• We do not allow humans (including our staff) to read Gmail data, except where you have given us explicit permission for support, where required for security purposes (e.g. abuse investigation), or where required by law.
• We do not transfer Gmail data to third parties except as necessary to deliver the SeedPeep service (e.g., the Google API itself), to comply with applicable law, or as part of a merger/acquisition with equivalent privacy protections.

5. Third-party services we use

SeedPeep relies on the following providers, each of which receives only the data necessary for their function:

• Shopify — store data, OAuth, draft order creation.
• Google (Gmail API) — sending pitch emails, only when you connect Gmail.
• Resend — transactional system emails (waitlist confirmations, post-detected alerts).
• Anthropic — generating personalized pitch text from product and creator context. Your data is not used to train Anthropic's models.
• TikAPI — discovering public TikTok creators by keyword.
• Railway / PostgreSQL — hosting and database.

6. Data retention

We retain account, store, and operational data for as long as your account is active. You may request deletion at any time by emailing [email protected]. Gmail OAuth tokens are deleted immediately when you disconnect your Gmail account in SeedPeep.

7. Your rights

You can:

• Request a copy of the data we hold about you.
• Request correction or deletion of your data.
• Withdraw consent for any optional integrations (e.g., disconnect Gmail).
• Uninstall the SeedPeep app from your Shopify store, which terminates our access to your store data.

To exercise any of these, email [email protected].

8. Security

OAuth tokens and other secrets are encrypted at rest. All connections to SeedPeep are served over HTTPS. We follow industry best practices for credential storage and access control, but no system is perfectly secure — if you become aware of a vulnerability, please report it to [email protected].

9. Changes to this policy

We may update this policy as the product evolves. Material changes will be posted here and, where appropriate, communicated via email. The "Last updated" date at the top of this page reflects the latest revision.

10. Contact

Questions or requests: [email protected]