1. Scope and Acceptance
This Privacy Policy ("Policy") describes how agentShop collects, uses, discloses, and otherwise processes Personal Information in connection with our websites, web applications, mobile applications, APIs, and related services (collectively, the "Services").
By accessing or using the Services, or by submitting information to us, you acknowledge that you have read, understood, and agree to the practices described in this Policy. If you do not agree, you must immediately cease all use of the Services.
This Policy is incorporated by reference into our Terms of Use.
2. Definitions
For purposes of this Policy:
"Personal Information" means information that identifies, relates to, describes, or can reasonably be linked to an identified or identifiable natural person or household, as defined under applicable law.
"Process," "Processing" means any operation performed on Personal Information, whether by automated means or otherwise.
"Controller" / "Business" and "Processor" / "Service Provider" have the meanings given under GDPR and CCPA/CPRA, respectively, as applicable.
3. Categories of Information We Collect
We may collect, use, and Process the following categories of information:
3.1 Identifiers and Contact Information
- Name, email address, phone number
- Business name and role
- Usernames, account identifiers, and authentication data
3.2 Business and Commerce Data
- E-commerce store data, including product catalogs, SKUs, pricing
- Orders, revenue, and performance metrics
- Site activity, conversion data, and customer behavior data retrieved via integrations (e.g., Shopify, WooCommerce, Meta/Instagram Shops)
3.3 Technical and Usage Information
- IP address, device identifiers, browser type, operating system
- Log data (timestamps, pages viewed, referring URLs)
- Session data, heatmaps, clickstream, scroll and interaction data
- Cookies, pixels, tags, SDKs, and similar technologies
3.4 AI-Related Data
- Prompts, queries, instructions, and configurations you provide
- AI model outputs, enrichments, scores, and rankings
- Derived metadata, internal labels, and analytics generated by the Services
3.5 Inference and Derived Data
- Inferences drawn from any of the above categories to create profiles, scores, or predictions about store performance, catalog quality, or similar metrics.
We do not intentionally collect "sensitive personal information" (as defined under CPRA) beyond what is strictly necessary for account security and fraud prevention.
4. Sources of Information
We obtain information:
- Directly from you (account creation, support requests, uploads).
- Automatically through your use of the Services (logs, cookies, analytics).
- From third parties, such as e-commerce platforms (Shopify, WooCommerce), social commerce platforms (Meta/Instagram Shops), analytics providers, and payment processors.
You represent and warrant that you have all rights, consents, and authority necessary to provide or connect such information to the Services.
5. Purposes of Processing
We Process Personal Information for the following purposes:
- Service Delivery: To provide, operate, maintain, secure, and improve the Services.
- AI-Powered Features: To generate, display, and refine AI-based insights, rankings, scores, and recommendations.
- Account and Authentication: To create and manage user accounts, and authenticate access.
- Integrations: To connect and synchronize with third-party platforms you authorize.
- Analytics and Product Improvement: To understand usage patterns, measure performance, and improve features.
- Security and Abuse Prevention: To detect, prevent, and respond to fraud, abuse, and security incidents.
- Legal and Compliance: To comply with applicable laws, regulations, legal process, and enforce our Terms.
- Communications: To send transactional messages, product updates, and (where permitted) marketing communications.
- Billing and Payments: To process subscription fees via Stripe or other processors (we do not store full payment card numbers).
6. Disclosures of Personal Information
We may disclose Personal Information to:
6.1 Service Providers / Processors including cloud hosting (AWS), AI providers (OpenAI, AWS AI services), authentication providers (Clerk Inc.), payment processors (Stripe), and analytics tools (Google Analytics, Mixpanel, Segment, FullStory, Hotjar).
6.2 Third-Party Integrations: When you connect a third-party platform, you authorize us to exchange relevant data with that platform.
6.3 Corporate Transactions: In connection with mergers, acquisitions, or similar transactions.
6.4 Legal and Security: Where we reasonably believe it necessary to comply with law or protect rights and safety.
6.5 Aggregated / De-Identified Data: We may share anonymized data for any lawful purpose.
6.6 No "Sale" of Personal Information: We do not "sell" Personal Information as defined under CCPA/CPRA.
7. AI-Specific Disclosures
We use third-party AI models and infrastructure to Process prompts and outputs. We do not use identifiable customer Personal Information to train our own proprietary general-purpose models. Certain features involve automated decision-making or scoring. You remain solely responsible for reviewing and validating any AI outputs.
8. Cookies and Tracking Technologies
We use cookies, pixels, beacons, SDKs, and similar technologies to keep you signed in, remember preferences, measure usage, and optimize marketing. You may manage cookie preferences through your browser settings. We do not currently respond to "Do Not Track" signals.
9. Data Security
We implement reasonable technical and organizational measures including encryption in transit and at rest, role-based access controls, and regular security testing. However, no security measure is entirely secure, and we cannot guarantee absolute security.
10. Data Retention
We retain Personal Information for as long as reasonably necessary to provide and maintain the Services, fulfill the purposes described in this Policy, comply with legal obligations, resolve disputes, and enforce agreements. We may retain de-identified or aggregated data indefinitely.
11. International Data Transfers
We may transfer, store, and process information in the United States and other jurisdictions. Where required, we rely on appropriate safeguards such as standard contractual clauses.
12. Your Rights
12.1 U.S. / California (CCPA/CPRA): California residents may request access, deletion, and correction of Personal Information.
12.2 EU/EEA and UK: You may have rights to access, correction, deletion, restriction, portability, and to lodge complaints with supervisory authorities.
12.3 Exercising Rights: Contact us at info@useagentshop.com. We may need to verify your identity before fulfilling requests.
13. Children's Data
The Services are not directed to children under 13, and we do not knowingly collect Personal Information from children under 13.
14. Changes to This Policy
We may revise this Policy from time to time. The "Last Updated" date indicates the effective date. Your continued use after changes become effective constitutes acceptance of the revised Policy.