Merchant Copilot ("we", "our", or "the app") is a Shopify application that provides an AI-powered chat widget for Shopify storefronts. This Privacy Policy explains what information we collect, how we use it, and your rights.
1. Information We Collect
When a merchant installs Merchant Copilot, we collect and store:
Shop domain and OAuth access token — required by Shopify to authenticate Admin API requests on your behalf. Stored in our database.
Product information — titles, descriptions, variants, and prices fetched from your Shopify store via the Admin API. Used to answer shopper questions. Stored as text chunks in our database.
Usage counts — number of chat conversations per billing cycle, used to enforce plan limits and generate billing records.
Billing plan selection — which subscription tier (Free, Starter, Growth, Scale) you are on.
2. Information We Do NOT Collect
We do not store any shopper (customer) personally identifiable information (PII) such as names, email addresses, or order details.
We do not store chat transcripts persistently. Conversations are held in-memory for the duration of the session.
We do not collect payment card data. All billing is handled by Shopify.
We do not sell or share your store data with third parties, except as described in Section 4.
3. How We Use Your Information
Authenticate API requests to your Shopify store.
Index your product catalogue to power the AI chat widget.
Track usage to apply plan limits and process charges via Shopify Billing.
4. Third-Party Services
Anthropic Claude API — shopper messages and relevant product context are sent to Anthropic to generate responses. Anthropic's Privacy Policy applies to data processed by Claude.
Voyage AI — product text is sent to Voyage AI to generate vector embeddings for semantic search. No shopper PII is transmitted.
Fly.io — our hosting provider. Infrastructure is located in the United States. See Fly.io Privacy Policy.
Neon (PostgreSQL) — our managed database provider for storing shop data and product chunks.
5. Data Retention and Deletion
When you uninstall Merchant Copilot, we delete your OAuth access token and all associated product chunks immediately upon receiving the app/uninstalled Shopify webhook. Any remaining data is purged within 48 hours via the shop/redact GDPR webhook.
You may also request deletion at any time by contacting us at the email below.
6. GDPR and Data Subject Rights
Because we do not store customer PII, there is no customer personal data to export or redact in response to customers/data_request or customers/redact webhooks. We respond to all Shopify mandatory GDPR webhooks within the required timeframe.
Merchants (data controllers) may contact us to request access, correction, or deletion of their shop-level data (shop domain, product chunks, usage records).
7. Security
Shopify OAuth tokens are stored in an encrypted PostgreSQL database. All traffic between the app and Shopify is over HTTPS. Webhook requests are validated using HMAC-SHA256 signatures before processing.
8. Changes to This Policy
We may update this policy from time to time. The "Last updated" date at the top reflects the most recent revision. Continued use of the app after changes constitutes acceptance of the updated policy.