Privacy Policy for ShopAgent AI
Last updated: June 21, 2025
1. Information We Collect
- From Shopify APIs: Product catalog and order metadata—only data needed to power our chatbot.
- From merchants: We do not collect personal data directly.
- From end‑customers: We do not track visitors and set no cookies or analytics.
2. How We Use Data
- To answer product questions in real time.
- To provide relevant product suggestions during chat sessions.
- We never use data for advertising, profiling, or share it with third parties.
3. Data Storage & Retention
- Data is encrypted in transit (TLS) and at rest.
- Information is retained only while the merchant uses ShopAgent AI.
- All data is deleted automatically within 30 days of app uninstallation.
4. International Data Transfers
Our servers are located in the European Union. Transfers outside the EU leverage Standard Contractual Clauses (SCCs) to ensure GDPR compliance.
5. Merchant & Customer Rights
Merchants and their customers may:
- Request access, correction, or deletion of their data.
- Opt out of automated features by contacting us.
6. Security Measures
- All traffic is served over HTTPS.
- API tokens are rotated regularly and stored using environment secrets.
- Internal staff access is restricted and logged.
7. Compliance & Legal Basis
We subscribe to Shopify’s mandatory privacy webhooks (customers/data_request, customers/redact, shop/redact) and respond per Shopify’s guidelines. Our processing of personal data is based on the merchant’s consent and contractual necessity.
8. Contact & Further Resources
If you have questions about this policy, email us at [email protected].