Privacy Policy

We collect the following categories of information when you use ShopifyGenie:

**Account Information:** When you register, we collect your name, email address, and any other information you provide during account creation.

**Shopify Store Data:** With your explicit authorization, we access your Shopify store data via Shopify's official read-only API. This includes order history, product catalog, customer purchase data (aggregated, not individual PII beyond what Shopify exposes), inventory levels, and discount usage. We access only what is necessary to provide analytics.

**Usage Data:** We collect information about how you interact with the Service, including queries you submit, features you use, session duration, and error logs.

**Technical Data:** We collect your IP address, browser type, operating system, and device identifiers for security and performance purposes.

We use the information we collect solely to provide and improve the Service:

• To connect to your Shopify store and generate analytics in response to your queries.
• To maintain and improve the accuracy and performance of our AI models (using anonymized, aggregated patterns only).
• To communicate with you about your account, updates, and service-related notices.
• To detect and prevent fraud, abuse, and security incidents.
• To comply with applicable legal obligations.

We do not sell your data. We do not use your store data to train general-purpose AI models accessible to other customers. Your data is processed only to answer your specific queries.

ShopifyGenie connects to your store exclusively through Shopify's Partner API using read-only OAuth scopes. This means:

• We can read your store data but cannot create, modify, or delete any records.
• Access is granted by you and can be revoked at any time through your Shopify admin.
• We query your data in real time as needed to answer your questions.
• We cache query results for a limited time (up to 24 hours) to improve performance.

Your Shopify store credentials are never stored by ShopifyGenie. Authentication is handled entirely through Shopify's OAuth flow.

We implement industry-standard security measures to protect your information:

• All data in transit is encrypted using TLS 1.2 or higher.
• Data at rest is encrypted using AES-256.
• Access to production systems is restricted to authorized personnel and governed by role-based access controls.
• We conduct regular security reviews and vulnerability assessments.
• We maintain incident response procedures and will notify you of any breach affecting your data as required by applicable law.

No method of transmission over the Internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

We retain your data only as long as necessary to provide the Service and fulfill legal obligations:

• Account information is retained for the duration of your subscription plus 90 days after termination.
• Query logs and cached analytics results are retained for up to 90 days.
• Aggregated, anonymized usage data may be retained indefinitely for product improvement.

Upon account termination, we will delete your personal data and store data within 30 days, unless retention is required by law or legitimate business necessity (such as resolving disputes or enforcing agreements).

You may request deletion of your data at any time by contacting support@shopifygenie.ai.

We use the following categories of third-party services to operate ShopifyGenie:

• **Cloud Infrastructure:** Hosting and data storage providers (e.g., AWS, Vercel) subject to their own security and privacy standards.
• **AI Providers:** Large language model APIs used to process your natural-language queries. Queries may be transmitted to these providers but are not retained for their training purposes under our agreements.
• **Analytics:** Internal usage analytics to understand product performance (anonymized data only).
• **Payment Processing:** Billing providers who process subscription payments under their own privacy policies.

We do not share your Shopify store data with any third party except as necessary to fulfill a query (e.g., sending a query to an LLM provider). All third-party providers are bound by data processing agreements.

We use cookies and similar tracking technologies to operate and improve the Service:

• **Essential cookies:** Required for authentication and session management. Cannot be disabled.
• **Performance cookies:** Used to understand how users interact with the Service (anonymized). You may opt out via your browser settings.
• **Preference cookies:** Store your settings and preferences across sessions.

We do not use third-party advertising cookies or track you across other websites for advertising purposes.

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• **Access:** Request a copy of the personal data we hold about you.
• **Rectification:** Request correction of inaccurate or incomplete data.
• **Erasure:** Request deletion of your personal data ("right to be forgotten").
• **Restriction:** Request that we limit how we process your data.
• **Portability:** Request your data in a structured, machine-readable format.
• **Objection:** Object to processing based on legitimate interests.
• **Withdraw Consent:** Where processing is based on consent, withdraw it at any time.

To exercise any of these rights, contact us at support@shopifygenie.ai. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

The Service is intended for use by adults operating Shopify stores. We do not knowingly collect personal information from individuals under the age of 16. If we become aware that we have collected data from a minor without appropriate consent, we will take steps to delete that information promptly.

If you believe we may have collected data from a child, please contact us at support@shopifygenie.ai.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will notify you by email or by displaying a prominent notice within the Service at least 14 days before the changes take effect.

The date at the top of this page reflects when this Policy was last updated. We encourage you to review this Policy periodically.

Your continued use of the Service after the effective date of the revised Policy constitutes your acceptance of the changes.