Privacy Policy for AI Manager

AI Manager ("we", "our", "us") respects your privacy and is committed to protecting your data. This Privacy Policy explains how we collect, use, store, and share information when you install and use our Shopify app, including the optional storefront assistant (widget). If you are a shopper on a merchant's store, your store's operator (the merchant) is responsible for their own storefront notices; we process widget interactions on their behalf to provide the assistant.

1. Information We Collect

When you install AI Manager on your Shopify store, we may collect:

a. Store & session information

• Store domain (for example, your-store.myshopify.com)
• OAuth access tokens and related session data provided by Shopify
• Store metadata available through Shopify (for example, currency or timezone where exposed to the app)

b. Shopify data (via API permissions you grant)

The app's requested permissions may include reading orders, customers, products, and store content; reading and managing script tags (used to load the storefront widget); and limited order writes when you enable features that perform order actions from the assistant. We use this data only to provide documented app functionality (support-style answers, automation you configure, billing, and reliability).

c. Merchant and app operational data

To operate AI Manager we store information you configure and records tied to your shop, for example:

• FAQs, policy-derived imports you choose, and related metadata used to power AI-assisted answers
• Widget settings and storefront assistant preferences
• Subscription and billing state mirrored from Shopify
• Admin activity logs describing changes and notable events in the app
• Aggregated or summarized storefront prompts (for example, "unanswered question" queues keyed by normalized text)
• FAQ usage counters (which saved answers were surfaced or selected)
• Optional satisfaction signals from the storefront assistant ("helpful / not helpful")
• Optional order-level attribution metadata derived from Shopify orders when attribution features are enabled

d. Storefront visitors and the widget

When shoppers use the assistant, we process their messages to generate replies. The widget may set a first-party cookie so we can correlate requests with the same browser session for the assistant. Where Shopify's Customer Privacy API is available, we only set that cookie when the visitor's settings allow preference storage; otherwise we use a per-page identifier that is not stored in that cookie. Where the same API indicates the visitor has opted out of data sale or sharing in a way that applies to our assistant, we do not send their message to external AI processing for a reply. A conversation transcript may be kept in the visitor's browser storage on their device for continuity; we do not store full shopper chat transcripts as a default centralized product feature, though short operational log lines and the records in (c) may reference that a message was handled.

2. How We Use Your Information

We use collected data to:

• Provide AI-powered answers, insights, and automation you enable
• Process and analyze store events (for example, orders, webhooks, and in-app activity)
• Operate, secure, monitor, and improve the service
• Deliver in-app notifications, alerts, or recommendations
• Honor legal obligations and Shopify Partner / mandatory webhook requirements

3. AI processing and how we store data

To generate replies, content required for a specific request (for example a shopper question and relevant store context) may be processed by secure third-party AI systems acting on our instructions. We minimize what is sent to what is reasonably needed for that interaction; those systems may retain or handle data according to their own terms, which we do not fully control.

In our own databases we retain only the categories of information described in this policy that are needed to operate the app, honor subscriptions and support, and improve reliability—such as settings, operational logs, and summarized queues—not full centralized copies of every shopper conversation. Data is protected in transit using encryption (HTTPS/TLS). Data at rest is stored using industry-standard protections, including encryption at rest where supported by our environment, and access is limited to authorized systems and personnel for legitimate operational purposes.

We do not sell personal information.

4. Data storage, retention, and deletion

Data is kept in our application databases and related storage while your shop uses the app. Typical maximum retention periods for automatically pruned operational data are: admin-style activity log lines and satisfaction ratings about 90 days; aggregated "unanswered question" queue entries with no further updates about 365 days; optional sales-attribution order snapshots about 730 days (or sooner if you uninstall or disable the feature). FAQs, widget settings, billing mirrors, and merchant-entered content stay until you delete them or uninstall, except where we must retain longer for legal, security, tax, or accounting reasons.

Uninstalling the app triggers Shopify's app uninstall flow; we also support mandatory compliance webhooks (including customer data requests and redaction, and shop data redaction) as required by Shopify for public apps.

You may contact us to request deletion or export where applicable. Uninstall alone may not remove every copy immediately from backups or logs; we delete or anonymize retained copies on a reasonable schedule.

5. Data sharing

We do not sell or rent your data.

We may share data only:

• With infrastructure and service providers that process data only as needed to operate the service
• When required by law, regulation, legal process, or governmental request
• To enforce our terms or protect the rights, property, or safety of AI Manager, merchants, or others

6. Data security

We implement reasonable technical and organizational measures appropriate to the service, including access controls for production systems, encrypted transport (HTTPS/TLS) for client and Shopify traffic, and protecting stored data with encryption in transit and at rest where our platform supports it.

7. Your rights

Depending on your location, you may have rights to access, correct, delete, or export certain information, or to object to or restrict certain processing. To make a request, contact hello@aimanager.studio or https://aimanager.studio/support.

8. Shopify requirements

AI Manager complies with Shopify's API Terms and Partner Program requirements. We request scopes and access only as needed for documented functionality and handle mandatory privacy webhooks as required for public apps.

9. GDPR and CCPA

We aim to comply with applicable data protection laws, including the GDPR (EEA/UK, where applicable) and the CCPA (California), including honoring applicable rights requests and not selling personal information.

Legal bases (GDPR) may include: performance of a contract (providing the app), legitimate interests (security, product improvement, and merchant support), consent where required (for example certain optional analytics or marketing if we add them and ask), and legal obligation.

International transfers: Your data may be processed in countries where we or our vendors operate. Where required, we rely on appropriate safeguards such as standard contractual clauses offered by vendors.

To exercise GDPR or CCPA rights, contact hello@aimanager.studio or https://aimanager.studio/support. We will respond within the timeframes required by applicable law.

10. Changes to this policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with a new effective date.

11. Contact

Questions: hello@aimanager.studio
Website: https://aimanager.studio
Support: https://aimanager.studio/support