Privacy Policy

Last updated: March 30, 2026

1. Introduction

RMS Shop Assistant ("we", "our", or "the App") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard information when you use our Shopify application.

2. Information We Collect

2.1 Store Information

When you install our app, we access and store:

Store name and domain
Product catalog information (titles, descriptions, prices, images)
Store policies (shipping, returns, privacy)
Basic store settings and locale information

2.2 Customer Interaction Data

When customers interact with the chat assistant, we collect:

Chat conversation content (questions and responses)
Session identifiers (anonymous)
Product context (which product page they're viewing)
Customer email (only if voluntarily provided during escalation)

2.3 WhatsApp Integration Data

If a merchant enables WhatsApp notifications, we collect and store:

WhatsApp Business Account credentials (Phone Number ID and access token)
Staff notification phone number
WhatsApp message IDs (for reply correlation)
Inbound reply content from merchant staff via WhatsApp

Access tokens are encrypted at rest using AES-256-GCM before storage. We do not access or store end-customer WhatsApp phone numbers or profiles.

2.4 Usage Analytics

We collect aggregated, anonymous usage statistics including:

Number of conversations
Response times
Escalation rates

3. How We Use Information

We use collected information to:

Provide AI-powered customer support responses
Improve response accuracy and relevance
Generate analytics for store owners
Process escalation requests
Deliver escalation notifications via WhatsApp when enabled by the merchant
Correlate merchant replies received via WhatsApp with the original escalation
Maintain and improve our service

4. Data Sharing

We do not sell your data. We share data only with:

Anthropic (Claude AI): Conversation content is sent to Anthropic's API to generate responses. Anthropic's privacy policy applies to this processing.
Meta (WhatsApp Business Platform): When WhatsApp notifications are enabled, escalation details (shop name, category, question excerpt) are sent via the Meta Cloud API to deliver WhatsApp messages. Meta's privacy policy applies to message delivery and storage on their platform.
Service providers: Email delivery (for escalation notifications) and hosting infrastructure.

5. Data Retention

Conversation data: Retained for 90 days, then automatically deleted
Store data cache: Refreshed daily, deleted upon app uninstallation
Analytics: Aggregated data retained for 12 months
WhatsApp messages: Message records (IDs and reply content) are retained alongside escalation data and deleted upon app uninstallation or GDPR data deletion requests
WhatsApp credentials: Encrypted access tokens are deleted immediately upon app uninstallation

6. Data Security

We implement industry-standard security measures including encryption in transit (TLS), secure database storage, and access controls. WhatsApp Business access tokens are encrypted at rest using AES-256-GCM. We regularly review and update our security practices.

7. GDPR Compliance

For EU users, we comply with GDPR requirements:

Right to access: Request a copy of your data
Right to deletion: Request deletion of your data
Right to portability: Receive your data in a portable format
Right to rectification: Correct inaccurate data

To exercise these rights, contact us at info@reedmace.net

8. CCPA Compliance

For California residents:

We do not sell personal information
You may request disclosure of data collected
You may request deletion of your data

9. Children's Privacy

Our service is not directed to children under 13. We do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this policy periodically. Significant changes will be communicated through the app or via email to store owners.

11. Contact Us

For privacy-related questions or requests:
Email: info@reedmace.net