This page is currently available in English and French only. Use the switcher above to pick your preferred version.

Privacy Policy

Last updated: 2 May 2026

1. Controller

CleanINCI is a Shopify app operated by A&N Advisory. Contact: support@inci.unlawck.fr.

2. Data we collect

• Shopify shop identifiers: shop domain, offline access token, product GIDs.
• INCI formulas entered by the merchant: ingredient list and concentrations.
• Preferences: enabled storefront languages, regulatory notification email, hashed public API key.
• Audit trail retained for 10 years to satisfy Article 11 of EU Regulation 1223/2009 (PIF).

We do not collect or store any personal data of the merchant's end customers. No customer name, email, address, cart or order is read or transmitted.

3. Hosting and subprocessors

Hosted on Fly.io in the CDG (Paris) region. All data is stored within the European Union. No transfer outside the EU.

4. Retention

• Active store data: lifetime of the subscription.
• PIF audit trail: 10 years from the last placement on the market (EU Regulation 1223/2009 Article 11).
• Uninstall: full erasure 48 hours after uninstall via the GDPR shop/redact webhook.

5. Merchant rights (GDPR)

You may at any time access, rectify, erase, or export your data and object to email notifications. Email support@inci.unlawck.fr. We respond within 30 days.

6. Security

All traffic uses HTTPS. Public API keys are stored as SHA-256 hashes only. The database is encrypted at rest by Fly.io.

7. Updates

We may update this policy. Material changes will be notified by email to merchants who provided a contact address.

Terms of service · Help center · App