Privacy Policy

1. Introduction

Shopify Assistant is operated by Gossiper (gossiper.ai). Gossiper is based in Switzerland and complies with the Swiss Federal Act on Data Protection (FADP) and the EU General Data Protection Regulation (GDPR) where applicable.

This policy explains how we collect, use, and protect your information when you use the Shopify Assistant app.

2. Information We Collect

2.1 Shopify Store Data

When you connect your Shopify store, we access store data through the Shopify API using OAuth. This includes products, orders, customers, collections, inventory, content, and other store resources you interact with through the assistant. We only access the data necessary to fulfil your requests.

2.2 Account & Session Information

We collect Shopify session tokens for authentication, the shop domain of connected stores, and chat session identifiers.

2.3 Chat Data

Messages you send to the assistant and the responses generated are processed in real time to provide the service. Chat history is stored locally in your browser and is not persisted on our servers beyond the active session.

2.4 Payment Information

All billing and payment processing is handled entirely by Shopify through their built-in app billing system. We do not collect, process, or store any payment or credit card information.

2.5 Usage Data

We collect basic usage metrics such as feature usage patterns, error logs, and session metadata to maintain and improve the service.

3. How We Use Your Information

• Provide, operate, and maintain the Shopify Assistant service
• Execute store management actions you request through the chat interface
• Authenticate your identity and authorise access to connected stores
• Process transactions and manage subscriptions
• Send technical notices, security alerts, and support messages
• Monitor for errors, abuse, and service disruptions
• Comply with legal obligations

4. Shopify Store Data Access

• Store data is accessed on-demand to fulfil your requests — it is not bulk-downloaded or warehoused
• Backup data you explicitly request is stored securely and associated with your account
• Store data is never shared between different users or stores
• You can disconnect a store at any time, which revokes our access

5. Data Storage and Security

Data is processed and stored using Vercel (hosting) and Supabase (database). Payments are handled by Shopify's billing system. We implement technical and organisational safeguards to protect personal data against unauthorised access, alteration, disclosure, or destruction. All data in transit is encrypted via TLS. Stored credentials and access tokens are encrypted at rest.

6. Data Sharing

We do not sell your personal information. Data may be shared with:

• Service providers — infrastructure providers (Vercel, Supabase) that help us operate the service
• AI providers — chat messages are sent to third-party AI model providers to generate responses; these providers are contractually prohibited from using your data for training
• Legal requirements — when required by law, regulation, or legal process
• Business transfers — in connection with a merger, acquisition, or sale of assets

7. AI and Machine Learning

We do not use your data to train AI models. Your store data, chat messages, API requests, and usage patterns are never used for training or improving AI or machine learning systems. AI model providers we work with are contractually bound to the same restriction.

8. Your Rights

You have the right to:

• Access the personal data we hold about you
• Correct inaccurate information
• Request deletion of your data
• Export your data in a portable format
• Restrict or object to processing
• Withdraw consent at any time

To exercise any of these rights, contact us at support@gossiper.ai.

9. Data Retention

We retain personal data for as long as your account is active or as needed to provide the service. Backup data is retained according to your subscription plan and preferences. After account deletion, we may retain certain information as required by law or for legitimate business purposes such as fraud prevention.

10. Cookies and Local Storage

The app uses essential browser storage (localStorage) to persist your connected store information and preferences. As an embedded Shopify app, we rely on Shopify's session management. We do not use third-party tracking cookies.

11. Children's Privacy

The service is intended for Shopify store owners and operators and is not directed at children under 16. We do not knowingly collect information from anyone under 16 years of age.

12. International Data Transfers

Data may be transferred to and processed in countries outside your country of residence, including Switzerland and the United States. We ensure appropriate safeguards are in place in compliance with applicable data protection laws, including FADP and GDPR requirements.

13. Changes to This Policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated revision date. For material changes, we will provide notice through the app.

14. Contact Us

Gossiper
Email: support@gossiper.ai
Web: gossiper.ai