ShopGeist Privacy Policy

Last updated: June 11, 2026

ShopGeist ("the App", "we", "us") provides an AI-powered chat assistant that merchants embed in their Shopify storefronts. This policy explains what data the App processes, why, and how it is protected. It applies to the merchants who install ShopGeist and to the shoppers who interact with the chat widget.

1. Data we collect

From the merchant's store. When the App is installed we access store data via the Shopify Admin API under the scopes you grant: product listings, store content and pages, published legal policies, and theme data. We use this only to build the knowledge base the assistant answers from.

From shoppers using the chat widget. We store the chat messages exchanged between a shopper and the assistant, along with a randomly generated session identifier, the detected language, and timestamps. The chat is anonymous: we do not collect a shopper's name, email, address, payment details, or Shopify customer identifier, and we do not link conversations to a specific customer account. We ask shoppers not to enter personal or sensitive information into the chat.

Merchant account data. Standard Shopify session data (shop domain, access token, granted scopes) needed to operate the App.

2. How we use data

• To generate relevant answers in the chat widget.
• To build and refresh the store's knowledge base from public store content.
• To show merchants their conversation history and usage in the App dashboard.
• To operate, secure, and improve the service.

3. Sub-processors

To deliver the service we share the minimum necessary data with the following providers:

• OpenRouter — routes chat messages to large language models to generate responses. Message content is sent to OpenRouter and its upstream model providers at request time.
• Vercel — application hosting.
• Managed PostgreSQL database — stores the data described above.
• Shopify — the platform the App runs on.

We do not sell personal data and do not use chat content for advertising.

4. Data retention

Chat sessions and messages are retained while the App is installed so merchants can review conversation history. When a store uninstalls the App, Shopify sends us a redaction request and we delete all data associated with that store — chat messages, chat sessions, indexed pages, and configuration — within 48 hours, in line with Shopify's mandatory data-protection webhooks.

5. Your rights (GDPR / CCPA)

Depending on where you live, you may have the right to access, correct, export, or delete personal data we hold about you, and to object to or restrict certain processing. Because shopper chat is anonymous, we are usually unable to associate a conversation with an individual; if you believe we hold data about you, contact us using the details below and we will respond as required by law. Merchants can also exercise these rights through Shopify's customer data request and redaction flows, which we support.

6. Security

Data is transmitted over encrypted connections (HTTPS) and stored in an access-controlled database. Access to merchant and shopper data is limited to what is required to operate the service.

7. Children

The App is not directed to children and we do not knowingly collect data from children under the age required by local law.

8. Changes to this policy

We may update this policy from time to time. Material changes will be reflected by updating the "Last updated" date above.

9. Contact

For privacy questions or data requests, contact us at louischiarelli0@gmail.com.