Privacy Policy

Voice AI: Cart Recovery — Shopify App
Last updated: February 2026

1. Introduction

This Privacy Policy describes how Voice AI: Cart Recovery ("the App", "we", "us") collects, uses, and protects data when a Shopify merchant installs the App and when the App interacts with their store customers.

By installing the App, the merchant ("you") agrees to this Privacy Policy on behalf of yourself and, where applicable, your end customers. If you do not agree, please uninstall the App.

2. Who We Are

The App is operated as a Shopify integration. For data protection enquiries, contact us at the address in Section 14.

3. Data We Collect

We collect data in two roles:

• Merchant data — shop configuration, billing, and authentication details.
• Customer data — end-customer records obtained via Shopify webhooks or API calls on the merchant's behalf.

3.1 Merchant Data

Category	What is stored	Purpose
Shop credentials	Shopify shop domain, offline access token (encrypted at rest), API session IDs	Authenticating App to Shopify Admin API
Configuration	Calling window times, telephony provider keys (encrypted), OpenAI key (encrypted), notification settings	Delivering the App's features per merchant preferences
Billing	Shopify subscription charge ID, plan name, status	Subscription management
Onboarding state	Setup completion flags	Resuming multi-step setup wizard
Promo code restrictions	Email and phone allow-lists stored in JSONB fields	Restricting promo code usage to specific recipients

3.2 End-Customer Data

Category	What is stored	Sensitivity
Customer identifiers	Full name, email address, phone number, Shopify customer ID	High
Abandoned cart records	Line items, prices, cart total, recovery URL, cart status	Medium
Call records	Call transcripts, recording URLs, call duration, call outcome, agent decision flags	Critical
Consent tracking	Consent given flag, consent timestamp, do-not-call flag	High
Webhook payloads	Full Shopify JSON event payloads (may contain PII embedded by Shopify)	High
Notifications	WhatsApp message SIDs, email delivery status	Medium

4. How We Use the Data

• Abandoned cart recovery — We use customer phone numbers to place outbound voice calls offering recovery incentives, within the calling window configured by the merchant.
• WhatsApp / email follow-ups — After a call we may send follow-up messages with discount codes or order summaries, subject to merchant configuration.
• TRAI compliance (India) — All outbound calls are restricted to the 9 AM–9 PM calling window mandated by the Telecom Regulatory Authority of India. Do-not-call flags are honoured.
• Analytics — Aggregated, anonymised statistics are presented to the merchant in their dashboard (call success rates, recovery revenue).

5. Legal Basis for Processing

We process data on behalf of the merchant as a data processor. The merchant is the data controller responsible for ensuring a lawful basis exists for processing their customers' data. Typical lawful bases include:

• Legitimate interest (cart recovery outreach to recent customers).
• Consent (where collected at checkout via opt-in mechanisms).
• Contractual necessity (follow-up communications tied to the purchase contract).

6. Data Retention

• Call records and transcripts are retained for 90 days by default, or until the merchant deletes them via the dashboard.
• Customer records are retained for as long as the App is installed, then deleted within 30 days of uninstallation.
• Abandoned cart records are purged after 30 days or upon cart recovery, whichever is earlier.
• Backup copies may be retained for an additional 7 days in encrypted form.

7. Third-Party Sub-Processors

We share data with the following sub-processors to deliver the App's functionality:

Sub-processor	Purpose	Data transferred
Twilio / Exotel / Bolna	Telephony — placing and recording outbound voice calls	Customer phone number, call audio, call metadata
OpenAI	LLM inference for voice conversation and call transcript analysis	Call audio / text during the live call; no persistent storage by OpenAI per their API policy
PostgreSQL hosting provider	Primary database storage	All data categories listed in Section 3
Redis / Celery broker	Async task queue for scheduling calls	Transient job payloads (customer ID, cart ID); purged after job completion

All sub-processors are required to maintain appropriate technical and organisational security measures.

8. Security

• Shopify access tokens and third-party API keys are encrypted at rest using Fernet symmetric encryption.
• All data in transit is protected by TLS 1.2+.
• Webhook authenticity is verified using HMAC-SHA256 signatures.
• App access requires a valid Shopify session token (JWT) for every authenticated request.

9. GDPR / Data Subject Rights

Merchants can submit data subject requests (erasure, access, portability) through the Shopify Partner Dashboard or directly via the GDPR webhooks that the App processes automatically:

• customers/redact — permanently erases all records for a customer (calls, carts) in cascade.
• shop/redact — erases all shop and customer data within 48 hours of uninstall + 30-day grace period.
• customers/data_request — triggers a data export of all records associated with the customer.

These webhooks are handled at /api/shopify/gdpr/* and comply with Shopify's GDPR requirements.

10. Do-Not-Call & Opt-Out

Customers who wish to opt out of future calls may request the merchant mark them as do-not-call. The App stores a do_not_call flag per customer and will never initiate calls to opted-out numbers. Merchants are responsible for honouring opt-out requests in accordance with applicable telecom regulations.

11. Cookies

The App itself does not use cookies or tracking pixels. The Shopify Admin embed may use cookies as described in Shopify's Privacy Policy.

12. International Transfers

Data may be transferred to and processed in countries outside your jurisdiction (including the United States) where our sub-processors operate. Where required by law, we rely on Standard Contractual Clauses or equivalent transfer mechanisms approved by the relevant data protection authority.

13. Changes to This Policy

We will notify merchants of material changes to this Privacy Policy by updating the "Last updated" date at the top of this page and, where required, by sending a notice to the merchant's registered email address. Continued use of the App after the effective date constitutes acceptance of the revised policy.