Privacy Policy

1. Introduction

ShopPilot ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard information when you use our Shopify app for AI-powered customer service automation.

2. Information We Collect

2.1 Store Information:

• Shop domain (e.g., yourstore.myshopify.com)
• OAuth access token (to interact with your Shopify store)
• OAuth scopes granted (permissions you authorize)

2.2 Customer Interaction Data:

• Customer email addresses
• Email subject lines and message content
• Inquiry types and AI-generated responses
• Interaction timestamps and status

2.3 Usage Data: We may collect analytics data about how you use the app, including page views, features used, and performance metrics.

3. How We Use Your Information

• To provide AI-powered customer service automation
• To classify customer inquiries and generate responses
• To display interaction history in your dashboard
• To improve our AI models and service quality
• To send transactional emails related to app functionality
• To comply with legal obligations

4. Data Storage and Security

4.1 Storage: Your data is stored in a secure PostgreSQL database hosted on Neon (neon.tech) with encryption at rest and in transit.

4.2 Access: Access to your data is restricted to authorized personnel and systems necessary to provide the service.

4.3 Retention: We retain your data for as long as your shop is installed and active. Customer interaction data is retained indefinitely for analytics purposes unless you request deletion (see Section 7).

5. Third-Party Services

We use the following third-party services:

• Shopify: For OAuth authentication and API access
• OpenAI/Anthropic: For AI-powered inquiry classification and response generation
• Polsia Email Proxy: For sending automated email responses
• Stripe: For payment processing (if applicable)
• Neon: For database hosting
• Render: For application hosting

These services have their own privacy policies and data processing agreements. We recommend reviewing their policies.

6. Data Sharing

We do not sell, trade, or rent your data to third parties. We may share data with:

• Service Providers: Third-party services necessary to operate the app (listed in Section 5)
• Legal Requirements: When required by law or to protect our rights
• Business Transfers: In the event of a merger, acquisition, or sale of assets

7. Your Rights (GDPR Compliance)

You have the right to:

• Access: Request a copy of your data
• Rectification: Request correction of inaccurate data
• Erasure: Request deletion of your data ("right to be forgotten")
• Data Portability: Request your data in a machine-readable format
• Object: Object to processing of your data
• Withdraw Consent: Withdraw consent for data processing at any time

8. GDPR Webhooks (Shopify)

We comply with Shopify's GDPR requirements by implementing the following webhooks:

• customers/data_request: Returns all data we store for a specific customer
• customers/redact: Deletes all data for a specific customer within 30 days
• shop/redact: Deletes all data for your shop within 48 hours of uninstallation

Store owners can trigger these requests through Shopify's admin interface.

9. Children's Privacy

Our app is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on this page and updating the "Last updated" date.

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us:

• Email: shoppilot@polsia.app
• Support: For Polsia platform issues, email support@polsia.com