Privacy Policy

Last updated: March 3, 2026

What data we collect

Replori accesses the following data from your Shopify store through the Shopify API:

  • Product information (titles, descriptions, prices, images, inventory, variants)
  • Order data (order number, status, fulfillment, tracking, line items)
  • Customer names and email addresses (from orders and chat conversations)
  • Store pages and content
  • Inventory levels and locations

Additionally, when customers interact with the chat widget, we collect:

  • Chat conversation messages
  • Visitor browsing context (current page URL, product being viewed, cart item count)
  • Customer-provided email and name (if shared during conversation)

How we use your data

  • AI-powered customer support: Product and order data is embedded and used for retrieval-augmented generation (RAG) to provide accurate, context-aware responses to customer inquiries.
  • Order tracking: Order data enables the AI to help customers check order status and tracking information.
  • Analytics: Conversation data is aggregated to provide metrics such as response confidence, escalation rates, and revenue attribution.
  • Product image analysis: Product images are analyzed to generate detailed visual descriptions, improving AI response quality.

Third-party services

We use the following third-party services to process data:

  • OpenAI: Chat conversation text is sent to OpenAI's API to generate AI responses. OpenAI does not use this data for training.
  • Google Gemini: Product images are sent to Google's Gemini API for visual analysis and description generation.

Data storage and security

  • All data is stored in a PostgreSQL database with pgvector extension for embeddings.
  • Shopify access tokens are encrypted at rest using AES-256-GCM.
  • All data in transit is protected via TLS/HTTPS.
  • API keys are hashed using SHA-256 before storage.

Data retention

Data is retained while the app is installed and active. When you uninstall the app, your Shopify access token is immediately revoked by Shopify and marked as revoked in our system. Full data erasure (products, orders, customer data, and conversation records) is completed within 48 hours of uninstallation via Shopify's mandatory shop/redact webhook.

GDPR and your rights

We comply with GDPR requirements through Shopify's mandatory webhooks:

  • Right to access: Customer data requests are handled via Shopify's customers/data_request webhook.
  • Right to erasure: Customer data deletion requests are handled via Shopify's customers/redact webhook. All personally identifiable information is anonymized or deleted.
  • Data portability: Merchants can export their data through the Replori dashboard at any time.

Cookies

The embedded chat widget does not set any cookies on your customers' browsers. The Replori admin dashboard uses session cookies for authentication purposes only.

Contact

For questions about this privacy policy or to exercise your data rights, contact us at support@replori.com.