Privacy Policy

Last updated: December 4, 2025

Introduction

Supportify ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your data. This Privacy Policy explains how we collect, use, store, and protect information when you use our AI-powered customer support application for Shopify stores.

By installing or using Supportify, you agree to the collection and use of information in accordance with this policy. We take data privacy seriously and comply with applicable privacy laws, including GDPR and CCPA.

1. Information We Collect

1.1 Store and Business Information

When you install Supportify on your Shopify store, we collect:

  • Store details: Shop domain, store name, email address, and timezone
  • Authentication tokens: Encrypted Shopify access tokens to interact with your store's API
  • App configuration: Your chatbot settings, customizations, and preferences

1.2 Customer Data

To provide customer support services, we process:

  • Customer identifiers: Customer IDs, email addresses, and names
  • Chat conversations: Messages exchanged between your customers and our AI chatbot
  • Order information: Order numbers, statuses, and details when customers inquire about orders
  • Support tickets: Ticket content, status, and related customer communications
  • Email correspondence: Email replies from customers to support tickets

1.3 Technical and Usage Data

  • Session data: IP addresses, user agents, session timestamps
  • Tool execution logs: Records of AI tool calls and actions performed
  • Analytics data: Usage statistics, feature adoption, and performance metrics
  • Data access logs: Audit trails of customer data access (for compliance purposes)

2. How We Use Your Information

We use the collected information for the following purposes:

2.1 Providing Core Services

  • Delivering AI-powered customer support responses
  • Managing support tickets and customer inquiries
  • Processing customer requests (order lookups, address updates, etc.)
  • Sending email notifications about ticket updates

2.2 Service Improvement

  • Analyzing usage patterns to improve our AI models
  • Monitoring system performance and reliability
  • Developing new features and functionality
  • Training and refining our chatbot responses

2.3 Security and Compliance

  • Detecting and preventing fraud or unauthorized access
  • Maintaining audit logs for compliance with privacy regulations
  • Responding to data subject requests (access, deletion, portability)
  • Ensuring data retention and deletion policies are enforced

2.4 Communication

  • Sending service-related notifications and updates
  • Responding to support requests from merchants
  • Providing important security or privacy updates

3. Data Storage and Security

3.1 Data Storage

Your data is stored securely in encrypted databases hosted on trusted cloud infrastructure. We implement industry-standard security measures including:

  • Encryption in transit: All data transmitted between your browser, our servers, and Shopify is encrypted using TLS 1.2+
  • Encryption at rest: Sensitive authentication tokens are encrypted using AES-256-GCM
  • Access controls: Strict role-based access controls limit who can access your data
  • Database security: SSL-enforced database connections with regular security patches

3.2 Data Retention

We retain your data only as long as necessary to provide our services and comply with legal obligations:

  • Active stores: Data is retained while your store actively uses Supportify
  • Chat sessions: Ended chat sessions and messages are automatically deleted after 90 days
  • Support tickets: Tickets are retained according to your preferences (minimum 90 days)
  • Audit logs: Data access logs are retained for 90 days for compliance purposes
  • App uninstall: All data is deleted when you uninstall the app (see section 6 for details)

4. Data Sharing and Third Parties

4.1 We Do NOT Sell Your Data

We do not sell, rent, or trade your customer data or store information to third parties for marketing purposes.

4.2 Service Providers

We may share data with trusted third-party service providers who assist us in operating our service:

  • Shopify: We access your store data via the Shopify API to provide our services
  • Cloud hosting providers: For secure data storage and application hosting
  • Email service provider (Resend): For sending support ticket notifications
  • AI/ML providers: For processing natural language and generating customer support responses

All third-party providers are contractually bound to protect your data and use it only for the purposes we specify.

4.3 Legal Requirements

We may disclose your information if required by law or in response to:

  • Valid legal processes (subpoenas, court orders, etc.)
  • Protection of our rights, property, or safety
  • Emergency situations involving potential harm to individuals

5. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal data:

5.1 Access and Portability

  • Right to access: Request a copy of the personal data we hold about you
  • Data portability: Receive your data in a structured, machine-readable format

5.2 Correction and Deletion

  • Right to rectification: Correct inaccurate or incomplete data
  • Right to erasure: Request deletion of your personal data (subject to legal retention requirements)

5.3 Control and Restriction

  • Right to restrict processing: Limit how we use your data in certain circumstances
  • Right to object: Object to processing based on legitimate interests
  • Right to withdraw consent: Withdraw consent at any time (by uninstalling the app)

5.4 Exercising Your Rights

To exercise any of these rights, please contact us at privacy@supportify.no. We will respond to your request within 30 days.

6. GDPR Compliance and Data Subject Requests

Supportify is fully compliant with the General Data Protection Regulation (GDPR) and has implemented the following measures:

6.1 Shopify GDPR Webhooks

We automatically process Shopify's GDPR webhooks to handle data subject requests:

  • Customer Data Request: When a customer requests their data via Shopify, we automatically compile and export all chat sessions, messages, and support tickets associated with that customer.
  • Customer Data Erasure: When a customer requests deletion via Shopify, we automatically delete all their chat sessions, messages, and associated data from our systems.
  • Shop Data Erasure: When you delete your Shopify store, we automatically delete all associated data including all customer information, chat sessions, tickets, and store configuration.

6.2 Data Protection Officer

For GDPR-related inquiries, you can contact our Data Protection Officer at dpo@supportify.no.

6.3 Legal Basis for Processing

We process your data based on the following legal grounds:

  • Contract performance: Processing necessary to provide our services
  • Legitimate interests: Improving our service, security, and fraud prevention
  • Legal obligations: Compliance with applicable laws and regulations
  • Consent: Where you have given explicit consent (e.g., email notifications)

7. Cookies and Tracking

Supportify uses minimal cookies and tracking technologies:

7.1 Essential Cookies

  • Session cookies: Used to maintain your login session and application state
  • Security tokens: For authentication and CSRF protection

7.2 Analytics

  • We use anonymous analytics to understand how our service is used
  • We do not use third-party advertising cookies or trackers

7.3 Customer Portal

When customers access the ticket portal, we use token-based authentication instead of cookies to protect their privacy.

8. International Data Transfers

Your data may be transferred to and processed in countries outside of your jurisdiction. When we transfer data internationally, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data processing agreements with all service providers
  • Compliance with applicable data protection laws in each jurisdiction

9. Children's Privacy

Supportify is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a child, please contact us immediately.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, regulatory, or operational reasons. We will notify you of any material changes by:

  • Updating the "Last updated" date at the top of this policy
  • Sending an email notification to your registered email address
  • Displaying a prominent notice in the Supportify app

Your continued use of Supportify after any changes indicates your acceptance of the updated Privacy Policy.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: privacy@supportify.no

Data Protection Officer: dpo@supportify.no

General Support: support@supportify.no

We will respond to your inquiries within 30 days and work with you to resolve any privacy concerns.

12. Shopify App Requirements

As a Shopify app, Supportify adheres to Shopify's App Store requirements and Partner Program Agreement, including:

  • Transparent data usage and collection practices
  • Secure handling of merchant and customer data
  • Proper implementation of GDPR webhook handlers
  • Regular security audits and vulnerability assessments
  • Compliance with Shopify's API Terms of Service

For more information about Shopify's privacy practices, please visit Shopify's Privacy Policy.

← Back to Home