Privacy Policy

Last updated: April 4, 2026

ShopWhisper ("we", "us", "our") operates the ShopWhisper application for Shopify. This Privacy Policy explains how we collect, use, and protect information when merchants install and use our app, and when their customers interact with the ShopWhisper AI advisor widget.

1. Information We Collect

From Merchants (App Users):

• Shopify store domain and store name
• Shopify access tokens (used to read product catalog and order data)
• App configuration settings (advisor name, personality, widget colors)
• Billing and subscription information (processed through Shopify's billing system)

From Store Customers (Widget Users):

• Conversation transcripts (text messages exchanged with the AI advisor)
• Voice audio (processed in real time for voice conversations, not permanently stored)
• Session identifiers (anonymous, randomly generated per visit)
• Products viewed, recommended, and added to cart during AI conversations

We do NOT collect:

• Customer names, email addresses, or contact information
• Payment or credit card information
• Browsing history outside of AI advisor interactions
• IP addresses or precise geolocation data

2. How We Use Information

We use the information we collect to:

• Provide and operate the AI shopping advisor service
• Sync product catalog data to power accurate recommendations
• Generate analytics for merchants (session counts, products recommended, cart adds)
• Improve the quality and accuracy of AI responses
• Process billing through Shopify's payment system
• Provide customer support to merchants

3. AI Processing

ShopWhisper uses Google's Gemini AI models to power the voice and text advisor. When a customer interacts with the widget:

• Text messages are sent to Google's Gemini API for processing
• Voice audio is streamed to Google's Gemini Live API in real time
• The AI processes the conversation along with the merchant's product catalog to generate responses
• Voice audio is not stored after the session ends

Google's API usage is subject to Google's Privacy Policy. We use enterprise API agreements that prohibit Google from using conversation data to train their models.

4. Data Storage and Security

All data is stored on secure cloud infrastructure (Microsoft Azure) with encryption at rest and in transit. Access to merchant data is restricted to authorized personnel and protected by industry-standard security measures including:

• SSL/TLS encryption for all data transmission
• Encrypted database connections
• OAuth 2.0 authentication with Shopify
• HMAC verification on all webhook communications

5. Data Retention

• Conversation transcripts: Retained for 90 days, then automatically deleted
• Analytics data: Retained for 12 months
• Voice audio: Processed in real time and not stored after the session
• Merchant account data: Retained while the app is installed. Upon uninstallation, data is retained for 48 hours per Shopify requirements, then permanently deleted

6. Data Sharing

We do not sell, rent, or share personal information with third parties for marketing purposes. We share data only with:

• Google (Gemini API): Conversation content for AI processing
• Shopify: As required for app functionality and billing
• Law enforcement: Only when required by law or valid legal process

7. GDPR and Data Rights

ShopWhisper complies with Shopify's mandatory GDPR requirements. We handle:

• Customer data requests: We provide all data stored about a customer upon request
• Customer data deletion: We delete all identifiable customer data upon request
• Shop data deletion: We permanently delete all merchant data 48 hours after app uninstallation

For data access or deletion requests, merchants can contact us at privacy@shopwhisper.ai or through the Shopify admin.

8. Cookies and Tracking

The ShopWhisper widget uses browser localStorage and sessionStorage to maintain widget state (orb position, chat open/closed, welcome shown). These are first-party storage mechanisms used solely for functional purposes. We do not use tracking cookies or third-party analytics on the widget.

9. Children's Privacy

ShopWhisper is a business-to-business service for Shopify merchants. We do not knowingly collect information from children under 13. If you believe a child has provided us with personal information, please contact us at privacy@shopwhisper.ai.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify merchants of material changes through the Shopify admin dashboard or via email. Continued use of ShopWhisper after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or our data practices:

• Email: privacy@shopwhisper.ai
• Company: ShopWhisper.ai
• Address: Vista, CA, United States