Shopvibe
Install on Shopify

Legal

Privacy Policy

We built Shopvibe because shoppers deserve search that understands them — not because we want their data. This policy explains exactly what we collect, why, and the controls you have.

Last updated: April 14, 2026 Effective: April 21, 2026 GDPR · CCPA · SOC 2 Type II

This Privacy Policy describes how Shopvibe, Inc. ("Shopvibe", "we", "us") handles personal information when Shopify merchants install our app and when shoppers interact with the search and checkout experiences we power. If anything here is unclear, email privacy@shopvibe.app.

1. Overview

Shopvibe is a B2B service for Shopify merchants. Two roles interact with our service:

  • Merchants — Shopify store owners and staff who install and configure Shopvibe.
  • Shoppers — visitors to a merchant's storefront who use AI search or see checkout bundle suggestions.

For shopper data, the merchant is the controller and Shopvibe is the processor under GDPR. For merchant account data, Shopvibe is the controller. Our standard Data Processing Addendum is available at shopvibe.app/dpa.

2. What we collect

2.1 From merchants (account data)

  • Name, work email, role, and Shopify store domain.
  • Billing information (processed by Shopify Billing — we do not store card numbers).
  • Configuration choices: synonyms, merchandising rules, A/B test setups.
  • Communications you send to support.

2.2 From the Shopify store (catalog data)

  • Product catalog: titles, descriptions, images, variants, inventory, metafields.
  • Collection structure and tags.
  • Order history (only counts and SKUs, used to learn co-purchase patterns) — never individual customer PII.

2.3 From shoppers

  • Search queries and clicked results.
  • Cart contents and bundle interactions in checkout.
  • A device-scoped anonymous identifier (rotated every 30 days) used to personalize results within a single session.
  • Coarse-grained location (country / region) inferred from IP for currency and locale.

We do not collect shopper names, email addresses, phone numbers, payment details, or precise location. We do not build cross-merchant shopper profiles.

2.4 Automatically

  • Service logs (timestamps, IP, user agent, request path) retained for security and debugging.
  • Aggregate performance metrics (latency, error rates).

3. How we use it

  • Provide the service: rank search results, generate bundle suggestions, render the checkout extension.
  • Improve the service: tune ranking models per-store, never on shared models across customers.
  • Insights: show merchants what shoppers searched for, including zero-result queries.
  • Security: detect abuse, scraping, or attacks on the merchant's storefront.
  • Billing & support: manage subscriptions and respond to questions.
  • Legal compliance: respond to lawful requests and enforce our Terms.

We never sell personal information, train shared LLMs on merchant catalog data, or use shopper data for advertising on third-party platforms.

4. Sharing & subprocessors

We share data only with the following categories of recipients:

  • Subprocessors we use to operate the service (listed below).
  • Shopify, when required by the platform's APIs you have authorized.
  • Authorities, when compelled by valid legal process. We notify the merchant unless legally prohibited.
  • Acquirer, in the event of a merger or acquisition — subject to this policy.
SubprocessorPurposeRegion
Amazon Web ServicesHosting & storageUS, EU
CloudflareCDN & DDoS protectionGlobal
AnthropicQuery understanding (zero-retention)US
DatadogLogs & observabilityUS
Stripe (via Shopify)BillingUS, EU
PostmarkTransactional emailUS

5. Data retention

  • Search and cart events: 13 months, then aggregated & anonymized.
  • Merchant account & configuration: kept for the life of the account; deleted within 30 days of cancellation.
  • Backups: rotated out within 35 days.
  • Service logs: 30 days.

Merchants can request earlier deletion of shopper events at any time from the app's Privacy panel.

6. Your rights

Depending on where you live, you may have the right to:

  • Access the personal information we hold about you.
  • Correct or update inaccurate information.
  • Delete your information ("right to be forgotten").
  • Port your data to another service.
  • Object to or restrict certain processing.
  • Lodge a complaint with your local data protection authority.

For shopper data, please contact the merchant whose store you visited (they are the controller). We will assist them in honoring your request. To exercise your rights against Shopvibe directly, email privacy@shopvibe.app — we respond within 30 days.

7. Security

Shopvibe is SOC 2 Type II audited (annually). Highlights:

  • Data encrypted in transit (TLS 1.3) and at rest (AES-256).
  • Least-privilege access, enforced with hardware security keys for engineers.
  • Quarterly penetration tests and a public security disclosure program.
  • Incident response with merchant notification within 72 hours of confirmed breach.

Read more at shopvibe.app/security.

8. International transfers

EU/UK data is hosted in eu-west-1 (Ireland) by default. When data must transit to the US (for example, to compute query embeddings), we rely on the EU Standard Contractual Clauses and the UK Addendum, and we apply supplementary measures (encryption, pseudonymization).

9. Cookies & similar technologies

Shopvibe sets a single first-party cookie on the storefront (_sv_id) — an anonymous, rotating identifier used to keep results consistent within a session. It does not track shoppers across stores. Merchants who use a Consent Management Platform can integrate via our consent API.

10. Children

Shopvibe is not directed at children under 16 and we do not knowingly collect their personal information. Merchants are responsible for ensuring their storefronts comply with applicable child-protection laws.

11. Changes to this policy

If we make material changes, we'll email merchant administrators at least 30 days before they take effect, and we'll update the "Last updated" date at the top of this page. Past versions are archived at shopvibe.app/legal/archive.

12. Contact

Privacy questions, DSARs, or DPO contact:
Shopvibe, Inc. · 548 Market St, Suite 87432 · San Francisco, CA 94104
Email: privacy@shopvibe.app
EU representative: VeraSafe Ireland Ltd. · Unit 3D North Point House, North Point Business Park, Cork

See our Terms of Service

The legal contract between you and Shopvibe.

Read Terms