Privacy Policy

Effective date: May 30, 2026 · Last updated: May 30, 2026

Conversatio.ai (“Conversatio,” “we,” “us”) provides an AI shopping assistant that merchants install on their Shopify stores. This policy explains what data we collect, how we use it, who we share it with, and the choices available to you. It covers two groups: merchants who install and configure the app, and shoppers who interact with the assistant on a merchant’s storefront.

Who is the data controller

For data processed about a merchant’s account (installation, configuration, billing contact), Conversatio is the controller. For shopper data generated on a merchant’s storefront, the merchant is the controller and Conversatio acts as a processor/service provider on the merchant’s behalf, in line with the merchant’s own privacy policy and our agreement with them.

Information we collect

From merchants

• Store identity & authorization: your Shopify store domain, OAuth access tokens and the permission scopes you grant, and installation metadata.
• Configuration: assistant settings, branding/appearance choices, and feature preferences you set in the admin app.
• Contact details: the email address associated with your store or that you provide to us for support.
• Catalog data: product information synced from your store so the assistant can search and recommend your products.

From shoppers

• Conversation content: the messages you send to the assistant and the responses it returns.
• Shopping activity: product impressions, clicks, and add-to-cart events generated while using the assistant, along with the product and page context.
• Pseudonymous identifiers: a randomly generated visitor ID and session ID, a conversation ID, and (for cart events) the Shopify cart token. Where the storefront makes it available, a Shopify customer ID may be associated.
• Technical data: standard request metadata such as approximate timing and the store the request relates to.

Free-text redaction

Shoppers sometimes type personal details into a chat. Before conversation text is stored for analytics, we run automated redaction that masks common categories of personal data — including email addresses, phone numbers, postal addresses, payment-card numbers, and government identifiers — replacing them with placeholders such as [EMAIL]. We ask shoppers not to share sensitive personal information in chat.

How we use information

• To operate the assistant: understand a shopper’s request, search the merchant’s catalog, and generate recommendations and answers.
• To provide merchant analytics: aggregate conversation, engagement, and conversion/attribution reporting in the admin app.
• To maintain, secure, and debug the Service.
• To improve the Service: we may review and analyze conversation and usage data — where feasible in de-identified or aggregated form — to diagnose problems (for example, when the assistant returns poor results) and improve our search, ranking, and recommendation quality.
• To communicate with merchants about support, security, and service changes.

Service providers

We share data with a limited set of service providers strictly to operate the Service. They are bound by contract to protect it and to use it only on our instructions. They fall into these categories:

• Cloud infrastructure, database, and search providers — host the application, store data, and index catalog data for search.
• AI / large-language-model providers — process requests to interpret shopper messages and generate responses and recommendations.
• Error-monitoring providers — help us detect and diagnose problems (configured to not collect personally identifying information).

We do not sell personal information, and we do not use your conversations to train artificial-intelligence or large-language models. As described above, we may review and analyze conversation and usage data to operate, debug, and improve the Service, including our search and recommendation quality.

Cookies & local storage

The storefront assistant uses your browser’s local storage to keep a session identifier and your in-progress conversation so the experience persists across page loads. This site also stores your light/dark theme preference locally. These are functional and are not used for cross-site advertising.

Data storage, location & retention

Data is stored on cloud infrastructure located in the United States. We retain conversation and engagement data only as long as needed to provide analytics and operate the service, and then delete or aggregate it. When a merchant uninstalls the app or closes their store, we delete or anonymize associated data within a commercially reasonable period, subject to legal retention obligations.

Security

Storefront requests are authenticated with a per-store widget token, and admin requests use Shopify’s signed session tokens. Data is encrypted in transit (TLS) and at rest by our infrastructure providers. Access to production data is limited to what is necessary to operate the service.

Your rights & choices

Depending on where you live, you may have rights to access, correct, delete, or port your personal data, or to object to or restrict its processing (for example under the GDPR or CCPA/CPRA). Shoppers should direct requests to the merchant whose store they used; the merchant can act on them through us. We honor Shopify’s mandatory privacy webhooks — customers/data_request, customers/redact, and shop/redact — to fulfill data-access and deletion requests routed through Shopify.

International data transfers

We are based in the United States and store data there. If you access the Service from the European Economic Area, the United Kingdom, or Switzerland, your information may be transferred to and processed in the United States. Where required, such transfers are made under appropriate safeguards, such as the European Commission’s Standard Contractual Clauses.

Automated recommendations

The assistant uses automated processing to interpret requests and suggest products. These recommendations are informational and do not produce legal or similarly significant effects about you. If you have questions about this automated processing, you can contact us or the merchant whose store you used.

Children

The service is intended for use by businesses and adult shoppers. It is not directed to children, and we do not knowingly collect personal information from children.

Changes to this policy

We may update this policy from time to time. Material changes will be reflected by updating the “Last updated” date above and, where appropriate, by notifying merchants.

Contact

Questions about this policy or your data can be sent to hello@conversatio.ai. Conversatio.ai is based in Los Angeles, California, USA.