Skip to main content

Privacy Policy

Last updated: February 13, 2026 · GDPR Compliant

1. Introduction

ShopAssist AI (“we”, “us”) is committed to protecting your privacy. This policy explains how we collect, use, and protect your personal data in compliance with the General Data Protection Regulation (GDPR) and other applicable laws.

2. Data We Collect

Account Data: Email address, store name, Shopify URL when you create an account.

Knowledge Base Data: Documents, text, and URLs you upload to train your chatbot.

Conversation Data: Chat messages between your customers and the AI chatbot, including session IDs and optional customer emails.

Usage Data: Message counts, API calls, feature usage for billing and analytics.

Technical Data: IP addresses, browser type, and device information for security and performance.

3. How We Use Your Data

We use your data to: provide and improve the Service, process payments, send transactional emails, generate analytics, ensure security, and comply with legal obligations. We do not sell your data to third parties.

4. Data Processing

Your knowledge base documents are processed by OpenAI's API to generate embeddings and AI responses. Conversation data is sent to OpenAI for response generation. OpenAI does not use your data to train their models when accessed via their API.

5. Data Storage & Security

Data is stored in Supabase (PostgreSQL) with row-level security. All data is encrypted at rest (AES-256) and in transit (TLS 1.3). We use strict multi-tenant isolation to ensure your data is never accessible to other customers.

6. Your GDPR Rights

Under GDPR, you have the right to: access your data, rectify inaccurate data, erase your data, restrict processing, data portability, and object to processing. To exercise these rights, contact privacy@shopassist.ai.

7. Data Retention

We retain your data for as long as your account is active. Upon account deletion, all data is permanently erased within 30 days. Conversation data can be exported before deletion.

8. Cookies

We use essential cookies for authentication and session management. Analytics cookies (PostHog) are used with your consent only. You can manage cookie preferences at any time.

9. Sub-Processors

We use the following sub-processors: Supabase (database), OpenAI (AI processing), Stripe (payments), Resend (email), Vercel (hosting), Railway (API hosting). All sub-processors are GDPR-compliant.

10. Contact

Data Protection Officer: privacy@shopassist.ai. You also have the right to lodge a complaint with your local data protection authority.