Privacy Policy

Ask AI - Data Connector is designed to provide analytics and insights without compromising customer privacy.

Last updated: February 2026

Overview

Ask AI - Data Connector (“we”, “our”, “the app”) connects your e-commerce data sources to AI through the Model Context Protocol (MCP). This privacy policy explains what data we collect, how we use it, and how we protect it.

What We Do NOT Store

We do not store personally identifiable information (PII):

• Customer names, email addresses, or phone numbers
• Full billing or shipping addresses
• Credit card or payment details
• IP addresses or device identifiers
• Email message content from campaigns
• Support ticket message contents

What We DO Store

We store only the data necessary to provide analytics and insights:

• Anonymized customer IDs — For aggregate analysis only, not linked to personal information
• Geographic data — At country/region level only (no full addresses)
• Transaction amounts and order metadata — Order totals, discounts, taxes, shipping costs, and status
• Product information — Titles, descriptions, vendors, SKUs, prices, and inventory levels
• Aggregated marketing and support metrics — Campaign performance, flow stats, ticket counts, and response times

Data Sources

When you connect third-party data sources (Klaviyo, Triple Whale, Gorgias, etc.), we sync only aggregated metrics and performance data. We do not access or store the underlying personal data from these platforms. See our Data Sources page for a detailed breakdown of exactly what is synced from each provider.

Data Security

• All data is encrypted in transit using TLS
• All data is encrypted at rest
• API keys are stored securely and never exposed after initial creation
• We use industry-standard security practices for data storage and access

Data Retention

• Your data is retained for as long as your app subscription is active
• Data history varies by plan (7 days for Free, 90 days for Pro, unlimited for Business)
• When you uninstall the app, your data is scheduled for deletion

Data Deletion

• When a customer requests deletion through Shopify’s privacy webhooks, we automatically remove all associated data
• You can uninstall the app at any time to trigger data cleanup
• You can contact us to request manual data deletion

Compliance

We comply with:

• GDPR (General Data Protection Regulation)
• CCPA (California Consumer Privacy Act)
• Shopify’s data protection requirements for app developers

Third-Party Services

We integrate with the following categories of third-party services:

• Shopify — Your store data is accessed through Shopify’s API with the permissions you grant during installation
• Third-party integrations — Data from Klaviyo, Triple Whale, Gorgias, and other connected services is accessed using the API keys you provide
• AI clients — When you use the MCP endpoint, your data is sent to the AI client you’ve configured (Claude Desktop, Claude Code, etc.)

Your Rights

You have the right to:

• Access your data through the app’s dashboard and AI queries
• Delete your data by uninstalling the app or contacting us
• Restrict data collection by disconnecting specific data sources
• Port your data by exporting it through the app

Changes to This Policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated revision date.

Contact

If you have questions about this privacy policy or your data, please contact us through the Shopify App Store listing.