Privacy Policy

Last Updated: April 6, 2026

1. Introduction

This Privacy Policy describes how Shopify Agent ("we", "our", "the App") collects, uses, stores, and protects information when you install and use our application through the Shopify App Store. This policy applies to both merchants who install the App and their end customers who interact with the chat widget.

By installing or using Shopify Agent, you agree to the practices described in this Privacy Policy.

2. Information We Collect

2.1 Data from Shopify (Merchant Data)

When a merchant installs the App, we request the following OAuth scopes:

ScopeData AccessedPurpose
read_productsProduct titles, descriptions, pricing, variants, images, tagsBuild AI knowledge base for product recommendations and Q&A
read_ordersOrder numbers, status, fulfillment state, shipping addresses, line itemsOrder tracking, refund eligibility evaluation
write_ordersOrder cancellations, refund creationProcess approved refunds and cancellations
read_customersCustomer email addresses (linked to order lookups only)Verify identity for refund and order modification requests
read_contentStore policies (refund, privacy, terms, shipping)Power policy-aware AI responses

We adhere to the principle of minimal data access and only request scopes strictly necessary for the App's functionality.

2.2 Customer Interaction Data

When an end customer uses the chat widget, we collect:

2.3 Technical Data

2.4 Data We Do NOT Collect

3. How We Use Your Data

DataUseLegal Basis
Products and policiesBuild and maintain AI knowledge baseLegitimate interest (contract performance)
Order dataVerify order status, evaluate refund eligibilityContract performance
Customer emailIdentity verification for sensitive operationsLegitimate interest (fraud prevention)
Chat messagesGenerate AI responses, maintain contextContract performance
Satisfaction ratingsAggregate analytics for merchantsLegitimate interest
IP addressesRate limiting to prevent abuseLegitimate interest (security)

4. Data Storage and Security

5. Data Retention and Deletion

Data TypeRetentionDeletion Trigger
In-memory conversations2 hoursAutomatic TTL eviction
Persisted chat sessions30 daysAutomatic scheduled purge
Knowledge baseUntil uninstallapp/uninstalled or shop/redact webhook
OAuth sessionsUntil uninstallapp/uninstalled or shop/redact webhook
Analytics dataUntil uninstallshop/redact webhook
Refund historyUntil uninstall or customer redactcustomers/redact or shop/redact
Support ticketsUntil uninstall or customer redactcustomers/redact or shop/redact
Billing recordsUntil uninstallshop/redact webhook

5.1 Data Retention Policy

Chat conversations are automatically deleted after 30 days. All other merchant data is retained only for the duration of the app installation. We do not retain any data beyond what is necessary for the App's operation.

5.2 Uninstallation

When a merchant uninstalls the App, all stored data is permanently deleted within 48 hours. Upon receiving Shopify's shop/redact webhook, the following data is immediately and irrevocably deleted in a single database transaction: knowledge base entries, chat sessions, OAuth tokens, analytics data, refund history, support tickets, billing usage records, billing subscriptions, and shop configuration.

5.3 Customer Data Deletion

Individual customer data can be deleted via the customers/redact webhook. This removes all chat sessions, refund history, and anonymizes any analytics records associated with the customer's email address. Ticket records are anonymized by removing the customer email while preserving aggregate data for the merchant.

6. GDPR Compliance

We fully support Shopify's mandatory GDPR webhooks. All operations are processed within 48 hours of receipt, as required by Shopify.

WebhookAction
customers/data_requestExports all stored data for the requested customer in JSON format, including chat sessions, refund history, and satisfaction ratings
customers/redactPermanently deletes all data associated with the customer's email (chat sessions, refund history) and anonymizes analytics records. Executed in a single database transaction.
shop/redactPermanently deletes all data for the shop (knowledge base, chat sessions, OAuth tokens, analytics, refund history, tickets, billing records, shop configuration). Executed in a single database transaction.

Data Collected and Purposes

Data CategoryWhat We CollectWhyRetention
Chat MessagesMessage content, session ID, timestampsProvide AI-powered customer support30 days
Customer EmailEmail address (when voluntarily provided)Identity verification for refunds/order changes30 days (with chat session)
Satisfaction Ratings1-5 star rating per sessionMerchant analytics dashboardUntil uninstall
Refund HistoryOrder ID, amount, decision, emailFraud prevention and audit trailUntil uninstall
Product DataTitles, descriptions, pricing, variantsAI knowledge base for product Q&AUntil uninstall
Store PoliciesRefund, privacy, terms, shipping policiesPolicy-aware AI responsesUntil uninstall

Data Subject Rights

Under the GDPR, individuals have the following rights:

Merchants should use the Shopify admin panel to initiate GDPR requests. End customers should contact the merchant directly, who can then process the request through Shopify.

A verified privacy contact must be configured before production activation. This public preview does not collect personal data.

7. Third-Party Services

Anthropic (Claude AI)

Customer chat messages and store data are shared with Anthropic to generate AI responses. Anthropic does not use API inputs/outputs to train models. Subject to Anthropic's Privacy Policy.

AfterShip

Order tracking numbers and carrier information are shared for real-time shipment tracking. This integration is optional. Subject to AfterShip's Privacy Policy.

Shopify

OAuth tokens are exchanged with Shopify's API for core integration. Governed by Shopify's Privacy Policy.

We do not share data with advertising networks, data brokers, or analytics platforms.

8. Cross-Border Data Transfers

The App processes data on the server where it is deployed. Data shared with Anthropic may be processed in the United States. For merchants in the EEA, we rely on Standard Contractual Clauses (SCCs) for transfers outside the EEA.

9. Children's Privacy

The App is not directed at children under 16. We do not knowingly collect personal data from children. If we become aware of such collection, we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated by updating the "Last Updated" date. Continued use after changes constitutes acceptance.

11. Contact Us

For privacy questions or data rights requests:

For unresolved privacy complaints, you may contact your local data protection authority.