Privacy Policy

2.1 Shop Information (Merchants)

When you install Bubl CX, we collect:

• Shop domain and name
• Shop owner email (for account management)
• Billing information (managed through Shopify's billing system)
• OAuth access tokens (to access your Shopify store data)

2.2 Product, Collection, and Page Data (Merchants)

To provide AI-powered sales assistance, we analyze:

• Product information: titles, descriptions, images, variants, pricing, inventory
• Collection information: titles, descriptions, product groupings
• Page content: About pages, FAQ pages, and other store pages
• Custom context: merchant-provided notes about products (max 1000 characters per product)

This data is processed by our AI agents to generate personalized sales recommendations and chat responses.

2.3 Customer Behavior Data (Customers)

We collect behavioral data about your store's visitors to provide personalized engagement:

• User events: page views, product views, cart actions, searches, checkout initiation
• Device information: browser type, operating system, screen resolution, timezone
• Session data: visitor IDs (anonymous), session IDs, timestamps
• UTM parameters: campaign attribution data (source, medium, campaign)
• Navigation patterns: page journey tracking, time-on-page calculations

Important: Visitor IDs are randomly generated identifiers. For anonymous visitors, we do not automatically collect personally identifiable information (PII) such as names, emails, or addresses. However, if visitors voluntarily provide this information through the chat widget or are logged into their Shopify customer account, we may collect and process it as described below.

2.4 Customer Profile Data (Logged-In Customers Only)

When a visitor is logged into their Shopify customer account:

• Shopify Customer ID: to link behavior with customer account
• Customer first and last name: cached from Shopify API for display purposes in the admin dashboard
• Order history: accessed via Shopify API during chat conversations (not stored in our database; retrieved on-demand only)

2.5 Conversation Data (Customers)

When customers interact with the Bubl CX chat widget, we collect and store:

• Chat messages: both customer messages and AI responses, which may contain personal information voluntarily provided by customers (such as names, email addresses, phone numbers, shipping addresses, payment preferences, or other details shared during conversation)
• Conversation metadata: trust level, active status, timestamps
• Extracted context: user preferences, experience level, budget orientation, urgency (with confidence scoring)
• Strategic guidance: AI-generated sales recommendations for improving conversations

Important: Customers should not share sensitive personal information (such as credit card numbers or passwords) through the chat widget. We process chat messages to provide sales assistance and product recommendations.

2.6 Sales Hook Data (Customers)

We generate and track personalized engagement messages:

• Hook text: short messages displayed in the orb widget
• Engagement tracking: delivery status, read status, dismissal status
• Performance data: which hooks led to conversations or conversions

2.7 Brand Context (Merchants)

We collect and process:

• Brand guidelines: merchant-provided tone, voice, and messaging guidelines (max 3000 characters)
• Processed brand context: AI-validated brand context used in chat responses

2.8 Analytics and Usage Data (Both)

To improve service quality and monitor performance:

• AI token usage: tracking of Anthropic API consumption by agent and resource
• Response times: server-side latency measurements
• Error logs: application errors and debugging information (via Sentry, if enabled)
• Quality flags: manual annotations of conversation quality issues
• Conversion tracking: sales attributed to Bubl CX interactions

2.9 IP Addresses (Customers)

• We hash IP addresses using SHA-256 for rate limiting and abuse prevention
• We never store raw IP addresses in our database
• Hashed IPs are retained for 24 hours in our caching layer (Redis)

3.1 Core Service Functionality

• AI-powered chat assistance: providing real-time product recommendations and sales support
• Personalized engagement: generating contextual sales hooks based on visitor behavior
• Behavioral analysis: classifying visitors by intent and familiarity to optimize engagement
• Product intelligence: analyzing products for conversion optimization insights
• Collection intelligence: understanding category themes and cross-sell opportunities
• Page intelligence: extracting messaging context from store pages

3.2 Service Operation

• Authentication: validating your Shopify store access via OAuth
• Billing: processing subscription payments through Shopify's billing system
• Feature delivery: enabling chat widgets, sales hooks, and admin dashboard functionality

3.3 Performance and Quality

• Token tracking: monitoring AI API costs and usage patterns
• Error monitoring: detecting and resolving technical issues
• Quality evaluation: reviewing conversation quality and conversion outcomes
• Performance optimization: improving response times and accuracy

3.4 Background Processing

• Async jobs: processing user behavior profiles, context extraction, and intelligence scans via Inngest
• Caching: storing frequently accessed data in Redis for faster response times

4.1 Anthropic (Claude API)

• Purpose: AI inference for all agent functionality (chat, product analysis, behavioral analysis, hook generation)
• Data Shared: Product descriptions, customer messages (which may contain personal information), behavioral context, brand guidelines
• Data Processing Agreement: We have executed a GDPR-compliant Data Processing Agreement (DPA) with Anthropic covering their role as a data processor
• Privacy Policy: https://www.anthropic.com/privacy
• Data Retention: Anthropic may retain API request data for up to 30 days for abuse monitoring, then deletes it (per their data retention policy)

4.2 Shopify APIs

• Purpose: Accessing your store's product, collection, page, customer, and order data
• Data Shared: OAuth tokens, shop domain
• Privacy Policy: https://www.shopify.com/legal/privacy

4.3 Vercel (Hosting)

• Purpose: Application hosting and serverless function execution
• Data Shared: All application data (transit only, not stored by Vercel)
• Privacy Policy: https://vercel.com/legal/privacy-policy

4.4 Neon (PostgreSQL Database)

• Purpose: Primary data storage for conversations, profiles, events, and analytics
• Data Shared: All database records
• Security: Encryption at rest and in transit, SOC 2 Type II certified
• Privacy Policy: https://neon.tech/privacy-policy

4.5 Upstash (Redis Cache)

• Purpose: Distributed caching for AI responses and rate limiting
• Data Shared: Cached product analysis, hashed IP addresses (24-hour TTL)
• Privacy Policy: https://upstash.com/trust/privacy

4.6 Inngest (Background Jobs)

• Purpose: Asynchronous processing of profiles, intelligence scans, and context extraction
• Data Shared: Job payloads containing shop domain, visitor IDs, resource IDs
• Privacy Policy: https://www.inngest.com/privacy

4.7 Sentry (Optional - Error Tracking)

• Purpose: Error monitoring and debugging (if enabled)
• Data Shared: Error messages, stack traces, request metadata (scrubbed of sensitive information)
• Privacy Policy: https://sentry.io/privacy/

5.1 Security Measures

We implement industry-standard security practices:

• HTTPS/TLS encryption for all data in transit
• HMAC signature verification for webhook authenticity
• OAuth 2.0 for secure Shopify authentication
• SHA-256 hashing for IP addresses (never storing originals)
• Database encryption at rest via Neon PostgreSQL
• Environment variable protection for API keys and secrets
• Rate limiting to prevent API abuse
• Regular security audits of code and infrastructure

5.2 Data Storage Locations

• Primary database: Neon PostgreSQL (serverless, auto-scaling)
• Shopify metafields: Product/collection/page intelligence analysis (stored in your Shopify store)
• Redis cache: Upstash (distributed, 24-hour maximum TTL)
• Vercel edge network: Application hosting (global CDN)

5.3 Infrastructure Providers

Our infrastructure is hosted on:

• Vercel (application hosting)
• Neon (PostgreSQL database)
• Upstash (Redis caching)

All providers implement SOC 2 Type II compliance and encryption at rest.

6.1 Active Installation Data Retention

While Bubl CX is installed on your store, we retain data for the following periods:

Merchant Data:

• Shop settings: Retained for duration of subscription plus 7 years (tax and accounting legal requirements)
• Brand context: Retained for duration of subscription
• Product/collection/page intelligence: Stored in Shopify metafields until you uninstall or manually delete

Customer Data:

• Conversations and messages: Retained for 2 years from last message, or until merchant requests deletion
• Customer profiles and behavioral events: Retained for 90 days of inactivity, then anonymized (visitor ID replaced with random hash)
• Sales hooks and engagement tracking: Retained for 90 days from last interaction
• Analytics and token usage data: Retained for 1 year for performance tracking and cost monitoring

Technical Data:

• Error logs: Retained for 30 days
• Session data: Retained for duration of active session (typically 24 hours)

6.2 Upon Uninstallation

When you uninstall Bubl CX:

Immediate deletion (via app/uninstalled webhook):

• OAuth access tokens
• Active sessions
• Conversations and messages
• Customer profiles and behavioral events
• Sales hooks and engagement tracking
• Intelligence analysis records (database only)
• Brand context

48-hour delayed deletion (via shop/redact webhook):

• Shopify sends a second deletion request 48 hours after uninstallation
• Complete shop data removal (same as immediate deletion above)
• Ensures compliance with GDPR right to erasure

Intentionally preserved (GDPR Article 17(3) legal basis):

• Billing records: Required for tax compliance and accounting (7-year legal retention under tax law)
• Trial tracking data: Legitimate interest in preventing trial abuse and fraud detection
• Aggregated analytics: Pseudonymized and aggregated per GDPR Recital 26 (no longer constitutes personal data; shop identifiers removed)

6.3 Shopify Metafields

Intelligence analysis stored in Shopify metafields (bubl-cx.product_analysis, bubl-cx.collection_analysis, bubl-cx.page_analysis, etc.) is:

• Owned by you and stored in your Shopify store
• Included in Shopify's backup system
• Not automatically deleted when you uninstall (you can delete manually via Shopify admin or API if desired)

6.4 Cache Expiration

• Redis cache: 15-60 minute TTL (depending on resource type)
• Hashed IP addresses: 24-hour maximum retention
• Admin API enrichment cache: 2-minute TTL

7.1 Right of Access (Article 15)

Merchants: You can request access to all data we hold about your store by contacting us through the Bubl CX admin dashboard support feature or via our website contact form at https://www.bubls.ai.

Customers: Customers can request access to their personal data via the customers/data_request webhook submitted through your Shopify store's privacy settings. We log all data access requests for audit purposes and provide the requested data within 30 days.

Note: Bubl CX stores minimal direct customer PII (cached customer names from Shopify, and chat messages containing information voluntarily provided). Customers can also export their complete data directly from Shopify.

7.2 Right to Rectification (Article 16)

Merchants: You can update shop information, brand context, and product custom context directly in the Bubl CX admin dashboard.

Customers: Customers can request correction of inaccurate personal data by contacting the merchant directly through the merchant's Shopify store contact page. The merchant can then update or delete the relevant conversation data via the Bubl CX admin dashboard.

7.3 Right to Erasure (Article 17)

Customer data deletion: When a customer requests deletion via Shopify's privacy settings, we receive the customers/redact webhook and delete all data associated with that customer ID and visitor ID within 30 days. This includes:

• All chat conversations and messages
• Customer profile and behavioral data
• Sales hooks targeted to that customer
• Any cached or stored personal information

Shop data deletion: When you uninstall the app, we receive the shop/redact webhook (48 hours post-uninstall) and delete all shop data within 30 days, except for data we are legally required to retain (see Section 6.2).

7.4 Right to Data Portability (Article 20)

Merchants: You can export conversation data, analytics, and customer profiles from the Bubl CX admin dashboard in machine-readable format (JSON/CSV). For bulk export assistance, contact us through the admin dashboard support feature.

Customers: Customers can request a copy of their chat conversation history by contacting the merchant directly through the merchant's Shopify store contact page.

7.5 Right to Object (Article 21)

Merchants: You can uninstall Bubl CX at any time to stop all data processing for your store.

Customers: Customers can object to processing of their personal data by:

• Not using the chat widget
• Requesting deletion via the merchant's privacy policy
• Requesting the merchant uninstall Bubl CX

7.6 Right to Restrict Processing (Article 18)

Merchants: You can request that we temporarily restrict processing of personal data while we verify accuracy or assess legitimate grounds for processing. Contact us through the Bubl CX admin dashboard support feature.

Customers: Contact the merchant directly through the merchant's Shopify store contact page to request restriction of processing.

7.7 Right to Withdraw Consent (Article 7(3))

Where we rely on your consent to process personal data (such as optional analytics or brand guideline processing), you have the right to withdraw that consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

To withdraw consent:

• Merchants: Disable optional features in the admin dashboard or uninstall Bubl CX
• Customers: Stop using the chat widget or contact the merchant directly through the merchant's Shopify store contact page to request deletion

7.8 Automated Decision-Making (Article 22)

Bubl CX uses AI to:

• Classify visitor behavior (intent, familiarity)
• Generate sales hooks and chat responses
• Provide product recommendations

These automated decisions do not have legal or similarly significant effects on individuals. They are designed to assist with sales and customer service, not to make binding decisions about individuals. Customers are not subject to automated decisions that would significantly affect their rights.

8.1 Right to Know

You can request disclosure of:

• Categories of personal information collected (see Section 2)
• Sources of personal information (Shopify APIs, customer input, behavioral tracking)
• Business purposes for collecting personal information (see Section 3)
• Categories of third parties we share data with (see Section 4)

8.2 Right to Delete

You can request deletion of your personal information, subject to exceptions for:

• Legal retention requirements for billing and tax records (7 years)
• Fraud prevention and security (trial tracking)
• Completing transactions for which the information was collected

8.3 Right to Opt-Out of Sale

We do not sell personal information to third parties. We do not share personal information for monetary or other valuable consideration.

8.4 Right to Non-Discrimination

We will not discriminate against you for exercising your CCPA rights. Specifically, we will not:

• Deny you goods or services
• Charge you different prices or rates
• Provide you a different level or quality of service

8.5 How to Exercise Your Rights

Merchants: Contact us through the Bubl CX admin dashboard support feature or via our website contact form at https://www.bubls.ai with your shop domain to submit a CCPA request.

Customers: Submit a request through the merchant's Shopify store privacy settings, or contact the merchant directly through the merchant's Shopify store contact page with details about your interaction.

9.1 Shopify Cookies

Bubl CX relies on Shopify's standard storefront cookies for:

• Session management
• Cart persistence
• Customer authentication (if logged in)

These cookies are set by Shopify, not Bubl CX. Please refer to Shopify's Cookie Policy for details.

9.2 Local Storage and Consent

We use browser local storage for the following purposes:

Strictly Necessary (no consent required under ePrivacy Directive):

• Session ID tracking: Temporary identifier for maintaining chat session state
• Cart synchronization: Enabling add-to-cart functionality from chat widget

Analytics and Personalization (requires consent in EU/EEA):

• Visitor ID persistence: Randomly generated UUID for behavioral analysis and personalization
• Orb dismissal state: Tracking whether a customer dismissed a sales hook (user experience)
• Debug mode: Developer debugging flag (opt-in only, not used for tracking)

Consent Mechanism:

For visitors in the European Economic Area (EEA) and UK, we obtain consent for non-essential local storage through:

• A consent banner displayed on first visit (if merchant has enabled it)
• Compliance with merchant's existing cookie consent solution (if integrated)
• Graceful degradation: If consent is denied, we only use strictly necessary local storage

Note: Merchants are responsible for ensuring their Shopify store has an appropriate cookie consent mechanism in place for their region.

9.3 Web Pixels API

We use Shopify's Web Pixels API to track behavioral events:

• Page views
• Product views
• Cart actions
• Search queries
• Checkout initiation

This tracking is anonymous by default and uses visitor IDs (not customer PII) unless the customer is logged into their Shopify account.

10.1 Contract Performance (Article 6(1)(b))

• Providing AI chat assistance and sales hooks to fulfill our service agreement with merchants
• Processing product/collection/page intelligence as part of the contracted service
• Delivering admin dashboard functionality
• Processing customer chat messages to provide requested sales assistance

10.2 Legitimate Interest (Article 6(1)(f))

We have conducted Legitimate Interest Assessments (LIAs) for the following processing activities:

LIA documentation is available upon request through our website contact form at https://www.bubls.ai.

10.3 Consent (Article 6(1)(a))

• Processing brand guidelines for chat personalization (merchant consent via app installation)
• Optional analytics and quality tracking features (merchant consent via settings)
• Non-essential local storage for EU/EEA visitors (customer consent via cookie banner)

10.4 Legal Obligation (Article 6(1)(c))

• Responding to GDPR data requests (Articles 15-22)
• Complying with Shopify App Store requirements (GDPR webhooks)
• Retaining billing records for tax compliance (7 years)

13.1 Notification to Merchants

• Notify affected merchants via email within 72 hours of becoming aware of the breach (GDPR Article 33 requirement)
• Provide details about:

• - The nature of the breach
• - Categories and approximate number of affected data subjects and records
• - Likely consequences of the breach
• - Measures taken or proposed to address the breach and mitigate harm

13.2 Notification to Supervisory Authorities

Report the breach to relevant data protection supervisory authorities within 72 hours if the breach is likely to result in a risk to individuals' rights and freedoms (GDPR Article 33)

13.3 Notification to Customers (Data Subjects)

• Assist merchants in notifying their affected customers if required by law (GDPR Article 34 - when breach likely to result in high risk to individuals)
• Provide merchants with necessary information to fulfill their notification obligations

13.4 Incident Response

• Immediately contain and investigate the breach
• Document all breach-related activities for regulatory compliance
• Implement remediation measures to prevent future incidents