Privacy Policy

Last updated: April 1, 2026

MerchantOS: Visitor Intent ("the App") is operated by Nepila ("we", "us", "our"). This policy describes how we collect, use, and protect data when merchants install and use the App on their Shopify stores.

1. Data We Collect

From storefront visitors (on behalf of merchants):

• Behavioral events — page views, product views, cart actions, checkout steps, search queries, scroll depth, and time on page. These are collected through a Shopify web pixel and an optional theme app extension.
• Device information — browser type, screen resolution, language, and device category (desktop/mobile/tablet). IP addresses are hashed (SHA-256, truncated) and never stored in plain text.
• Customer identity — if a visitor is a logged-in customer or completes checkout, we may receive their name and email address from Shopify's customer data APIs.
• Chat messages — if a visitor uses the live chat widget, their messages are stored to enable the conversation.

From merchants:

• Shopify store data — shop domain, shop name, and an OAuth access token (encrypted at rest) to access Shopify APIs on your behalf.
• Order and product data — read-only access to orders and products for visitor enrichment and intent scoring.

2. How We Use Data

• Visitor intent scoring — behavioral events are analyzed to calculate a purchase-intent score for each visitor, helping merchants focus on high-intent shoppers.
• AI-powered analysis — anonymized visitor behavior summaries are sent to an AI service (DeepSeek) to generate human-readable insights. No personally identifiable information (PII) is included in AI requests.
• Email offers — if a merchant chooses to send an offer, we generate a Shopify discount code and send the email via Resend (our email provider). This only happens with explicit merchant action.
• Live chat — messages are stored to enable real-time merchant-customer communication.
• Dashboard and analytics — aggregated data is displayed to merchants through the App's dashboard.

3. Data Sharing

We do not sell, rent, or share visitor data with third parties for advertising purposes. Data is only shared with:

• AI analysis provider (DeepSeek) — anonymized behavioral summaries only, no PII.
• Email provider (Resend) — only when a merchant explicitly sends an email offer to a customer.
• Shopify — as required by the Shopify platform (webhooks, API callbacks).

4. Data Retention

• Raw events are automatically deleted after 90 days.
• Inactive visitors (low intent, no purchase, no chat or outreach) are automatically deleted after 180 days.
• Converted customers and visitors with active chat/outreach history are retained until the merchant or customer requests deletion.
• Merchants can manually delete any visitor's data at any time from the dashboard.

5. Data Security

• All communication between the App and Shopify uses HTTPS/TLS encryption.
• Shopify OAuth access tokens are encrypted at rest using Fernet symmetric encryption.
• Session cookies are signed with HMAC-SHA256 and are HttpOnly and Secure in production.
• CSRF protection is enforced on all state-changing requests.
• IP addresses are hashed before storage — we never store raw IP addresses.
• Admin access is password-protected with session-based authentication.

6. GDPR and Data Subject Rights

We fully support GDPR and Shopify's mandatory privacy webhooks:

• Data access requests — when a customer requests their data, we compile a complete export of all visitor records, events, insights, and outreach associated with their identity.
• Customer data deletion — when a customer requests deletion, we permanently remove all their data including visitor records, events, insights, chat messages, and outreach records.
• Shop data deletion — when a merchant uninstalls the App or requests shop-level deletion, we remove all data associated with that store, including all visitors, events, and the merchant record itself.

These requests are processed automatically via Shopify's webhook system.

7. Cookies and Local Storage

• The App uses a session cookie (merchantos_session) for merchant dashboard authentication. It is HttpOnly, Secure, and SameSite=Lax.
• On the storefront, a localStorage key (merchantos_session_id) is used to track visitor sessions across page navigations. This is not a tracking cookie and contains only a random session identifier.
• No third-party tracking cookies are used.

8. Merchant Responsibilities

By installing the App, merchants acknowledge that:

• They have a lawful basis for collecting visitor behavioral data on their storefront (e.g., legitimate interest for analytics).
• They will disclose the use of analytics tools like this App in their own store's privacy policy.
• They are responsible for responding to their customers' privacy inquiries related to their store's data practices.

9. Changes to This Policy

We may update this policy from time to time. The "Last updated" date at the top reflects the most recent revision. Continued use of the App after changes constitutes acceptance of the updated policy.

10. Contact

For privacy-related questions or data requests, contact us at:

Email: nepilanep@gmail.com