Privacy Policy

When you connect your Shopify store, we access store-level data including product catalogue information, order records, and customer conversation history. This data is used solely to power the automation modules you enable.

We collect account information you provide during onboarding (e.g. email address, store domain). We do not collect payment card details directly — billing is handled by a PCI-compliant third-party processor.

We collect usage telemetry within the dashboard (page views, feature interactions) to improve the product. This data is anonymised and never linked to individual customer records.

Store and order data is used to train your AI assistant, generate automated responses, and trigger recovery workflows. Data from one store is never used to train models for another store.

We may use anonymised, aggregated metrics (e.g. average automation rates across pilot users) to improve the platform. No personally identifiable information is included in these aggregations.

We do not sell, rent, or trade your data to third parties.

Store data is retained for the duration of your active subscription. Upon cancellation or account deletion, store data is permanently deleted within 30 days, except where retention is required by law.

Conversation logs are retained for up to 90 days by default to support debugging and escalation review. This window can be shortened on request.

All data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Access to production databases is restricted to authorised personnel via multi-factor authentication.

We undergo regular security reviews. If a breach affecting your data occurs, we will notify you within 72 hours of becoming aware, as required under applicable data protection law.

Nexus integrates with third-party platforms including Shopify, Klaviyo, and Gorgias. Each integration is governed by the respective platform's privacy policy. We only request the minimum permissions required for the features you enable.

We use OpenAI's API for AI-generated responses. Conversation data sent to OpenAI is subject to their data processing terms. We do not enable OpenAI's training opt-in for data processed through our platform.

You may request access to, correction of, or deletion of your personal data at any time by contacting us at privacy@aicommerce.app.

If you are located in the EU or UK, you have rights under the General Data Protection Regulation (GDPR), including the right to data portability and the right to lodge a complaint with a supervisory authority.

We use essential session cookies to maintain your authenticated state in the dashboard. We do not use third-party advertising or tracking cookies.

You can disable cookies in your browser settings, but doing so may prevent the dashboard from functioning correctly.

We may update this policy as the product evolves. Material changes will be communicated via email to the registered account address with at least 14 days' notice before taking effect.

Questions about this policy can be directed to: privacy@aicommerce.app. We aim to respond within 5 business days.