Privacy Policy

2. Information We Collect

2.1 Store Information

When you install our app, we collect:

• Shop domain and store name
• Store ID and access tokens (encrypted)
• Store owner email address
• Store configuration and preferences
• Billing and subscription information

2.2 Customer Data

To provide our AI-powered marketing services, we process:

• Customer email addresses
• Customer names and contact information
• Order history and purchase data
• Cart abandonment events
• Customer browsing behavior (via theme extension)
• Email engagement metrics (opens, clicks)

2.3 Analytics Data

We collect aggregated analytics to improve our service:

• Campaign performance metrics
• Revenue attribution data
• AI decision effectiveness
• App usage statistics

3. How We Use Your Information

We use the collected information for the following purposes:

• Service Provision: To provide AI-powered abandoned cart recovery and email marketing automation
• Personalization: To personalize email content and timing based on customer behavior
• Analytics: To measure campaign effectiveness and provide insights
• AI Training: To improve our AI models (using anonymized, aggregated data only)
• Billing: To process payments and manage subscriptions
• Support: To provide customer support and respond to inquiries
• Compliance: To comply with legal obligations and Shopify requirements

4. Data Storage and Security

4.1 Data Storage

• PostgreSQL database with encryption at rest
• Redis cache for temporary data (encrypted)
• Data stored in secure, SOC 2 compliant data centers
• Regular automated backups with encryption

4.2 Security Measures

• TLS 1.3 encryption for all data in transit
• AES-256 encryption for sensitive data at rest
• OAuth 2.0 for secure Shopify authentication
• HMAC signature verification for webhooks
• Regular security audits and penetration testing
• Role-based access control (RBAC)
• IP whitelisting and rate limiting

5. Third-Party Services

We use the following third-party services to provide our app:

• Shopify: For store integration and data access
• OpenAI: For AI-powered content generation (data is not used to train OpenAI models)
• Amazon SES: For email delivery
• Supabase: For database hosting
• Redis Cloud: For caching
• Vercel: For application hosting

All third-party services are vetted for security and compliance. We only share data necessary to provide our services.

6. Data Retention

We retain data for the following periods:

• Active Stores: Data retained while app is installed and for 30 days after uninstall
• Analytics Data: Anonymized and retained for up to 2 years for product improvement
• Email Logs: Retained for 90 days for deliverability monitoring
• Billing Records: Retained for 7 years for tax and accounting purposes

Upon uninstall, all customer PII is deleted within 48 hours as required by Shopify. Aggregated, anonymized analytics may be retained.

7. Your Rights and Choices

7.1 Merchant Rights

As a merchant using our app, you have the right to:

• Access all data we store about your store
• Request deletion of your store data
• Export your data in a machine-readable format
• Update or correct inaccurate information
• Opt-out of non-essential communications

7.2 Customer Rights (GDPR/CCPA)

Your customers have the following rights regarding their data:

• Right to Access: Request a copy of their personal data
• Right to Rectification: Request correction of inaccurate data
• Right to Erasure: Request deletion of their personal data
• Right to Object: Object to processing for marketing purposes
• Right to Data Portability: Receive data in a portable format

We automatically process customer data requests through Shopify's GDPR webhooks within the required timeframes.

8. Marketing and Communications

We respect your customers' communication preferences:

• All marketing emails include an unsubscribe link
• Unsubscribe requests are processed within 24 hours, well within the 10 business days required by CAN-SPAM
• We honor Shopify's marketing consent preferences
• Customers can manage preferences through our preference center

9. International Data Transfers

Your data may be transferred to and processed in countries outside of your residence, including the United States. We ensure appropriate safeguards are in place:

• Standard Contractual Clauses (SCCs) for EU data transfers
• Adequacy decisions where applicable
• Data Processing Agreements with all subprocessors

10. Children's Privacy

Our app is not intended for use by children under 16. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the “Last Updated” date. For significant changes, we will provide additional notice through the app or via email.

12. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

13. GDPR Compliance

For users in the European Union, we comply with the General Data Protection Regulation (GDPR):

• We act as a Data Processor for your customer data
• You act as the Data Controller
• We have implemented appropriate technical and organizational measures
• We maintain records of processing activities
• We notify you of any data breaches within 72 hours

Our Data Processing Agreement is available upon request.

14. Shopify Partner Program Compliance

As a Shopify Partner, we adhere to the Shopify Partner Program Agreement and all applicable Shopify policies, including the API Terms of Service.