Privacy Policy

HHSHOPPI AI PRIVATE LIMITED (“Shoppi”, “we”, “us”, or “our”), a company registered at E-49/5, Okhla Industrial Area, Phase II, New Delhi 110020, India, operates the Shoppi platform, including the Shopify app, merchant dashboard, storefront search widgets, and APIs. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services.

From platform integrations (when you connect your store)

• Store information: shop name, domain, email, currency
• Product catalog: titles, descriptions, images, prices, variants, tags, product type
• App subscription status (for billing, Shopify only)

We do not access customer data, orders, checkouts, or payment information.

From merchants directly

• Email address (provided during onboarding or OAuth)
• Store URL and configuration preferences set in the dashboard

From storefront visitors

• Search queries (text, voice, and image searches)
• Product interactions (clicks, similar product requests)

We do not collect personally identifiable information from storefront visitors. No cookies are set, no accounts are required, and no IP addresses are stored.

Automated data

• Server logs: request timestamps, response codes, and latency (for performance monitoring)
• Error reports (for debugging)

• Product search and recommendations: We index your product catalog to power AI search, similar products, outfit recommendations, and chat-based shopping assistance.
• Service operation: Account management, billing, support, and app functionality.
• Improvement: Aggregated, anonymized search analytics to improve search relevance. We do not sell or share individual merchant or shopper data.

We use trusted third-party service providers to operate Shoppi. These fall into the following categories:

• AI processing: Large-language-model providers that process product metadata (titles, descriptions) to power AI chat and recommendations. No customer personally identifiable information is sent.
• Vector search database: Stores product embeddings used for similarity search and discovery.
• Document database: Primary storage for catalog, configuration, and account data.
• Cloud infrastructure and file storage: Hosts the Shoppi services and stores product-related assets (US region).
• Application performance monitoring: Operational telemetry to keep the service reliable. No customer PII is collected.

A current list of our specific sub-processors is available on request — please contact privacy@shoppi.ai. We do not sell, rent, or trade your data to any third party.

Our business operates from India. Your data is stored on servers located in the United States (AWS, MongoDB Atlas). By using the Service, you consent to the transfer and processing of your data outside of India. We employ industry-standard security measures including:

• Encryption in transit (TLS/HTTPS)
• Encryption at rest for sensitive credentials (AES-256-GCM)
• Access controls and authentication on all internal APIs
• HMAC signature verification on all Shopify webhooks

• Active accounts: Data is retained while your subscription is active.
• Disconnected stores (Shopify): When a Shopify merchant uninstalls our app, Shopify sends a shop/redact webhook approximately 48 hours later requesting permanent deletion of all merchant data. We honor this request by purging the merchant's data from all systems upon receiving the webhook.
• GDPR/shop redact: Upon receiving a data erasure request, all data is permanently deleted across all systems (MongoDB, Pinecone, S3, Redis) immediately.

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data
• Export your data in a portable format
• Withdraw consent for data processing

To exercise any of these rights, contact us at privacy@shoppi.ai. We will respond within 30 days.

India — Digital Personal Data Protection Act, 2023 (DPDP Act)

HHSHOPPI AI PRIVATE LIMITED is registered in India and complies with the DPDP Act. We process personal data only for the purposes stated in this policy. We obtain consent during onboarding before accessing your store data. You have the right to withdraw consent, request data correction, and request erasure by contacting us at privacy@shoppi.ai. We will appoint a Data Protection Officer as required by the Act, and their contact details will be published here once mandated.

European Economic Area — GDPR

For merchants and users in the EEA, we process data under the legal basis of contractual necessity. We respond to all mandatory Shopify GDPR webhooks including customer data requests, customer data erasure, and shop data erasure. Data is transferred to the US under standard contractual clauses.

California — CCPA/CPRA

For California residents: we do not sell personal information. You have the right to know what data we collect and to request its deletion. Contact privacy@shoppi.ai to exercise these rights.

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children.

We may update this Privacy Policy from time to time. We will notify merchants of material changes via email or a notice in the merchant dashboard at least 30 days before the changes take effect.

If you have questions about this Privacy Policy, please contact us at:

• Email: privacy@shoppi.ai
• Support: support@shoppi.ai
• Address: E-49/5, Okhla Industrial Area, Phase II, New Delhi 110020, India
• CIN: U62099DL2025PTC444176