Privacy Policy

At Zavtra ("we", "us", or "our"), we respect your privacy and are committed to protecting your personal data. This policy explains how we collect, use, and protect data when you use our services, including our Shopify app.

1. Information We Collect

From Merchants (Shopify App Users):

• Store information (shop domain, store name, contact email) obtained via the Shopify API during app installation
• Shopify access tokens (AES-256 encrypted) to enable API access to your store
• Product catalog data synced from your Shopify store
• Billing information processed through Shopify's Billing API or Stripe

From Store Visitors (End Customers):

• Conversation messages submitted through the Zavtra chat widget
• Email address, if voluntarily provided during a conversation or escalation request
• Session identifiers to maintain conversation continuity

Technical Data:

• IP addresses, browser type, and operating system for security and performance monitoring

2. How We Use Your Data

Merchant data is used to:

• Provide and operate the Zavtra virtual sales assistant on your store
• Sync your product catalog to power AI-driven product recommendations
• Process billing and subscription management
• Send service-related communications

Store visitor data is used to:

• Generate AI-powered responses to customer queries
• Maintain conversation history for merchant review
• Enable escalation to human support when requested

We do not sell personal data to third parties. We do not use customer data for advertising or marketing purposes.

3. Shopify Data Use

Zavtra accesses Shopify store data solely to provide the app's core functionality. We access this data under the following Shopify API scopes:

• read_products — to sync your product catalog for AI responses

Data accessed through Shopify's API is processed in accordance with Shopify's Partner API License and Terms.

4. Third-Party Subprocessors

We share data with the following trusted providers:

OpenAI data sent via API is not used to train their public models per their enterprise privacy commitments.

5. Data Retention

• Conversation data is retained until the merchant deletes it or uninstalls the app
• Product catalog data is deleted when the merchant disconnects their Shopify store or requests erasure
• Account data is retained for 30 days after account deletion to allow for recovery, then permanently deleted
• Upon receiving a Shopify shop/redact webhook, all merchant and customer data is permanently deleted within 30 days

6. Data Deletion & Privacy Requests

Merchants can request deletion by:

• Uninstalling the Zavtra app from their Shopify admin (triggers automatic data cleanup)
• Emailing legal@zavtra.ai

Store customers can request data access or deletion by:

• Contacting the merchant directly. We fully support Shopify's mandated privacy webhooks (customers/redact and customers/data_request) to automatically process shopper data requests initiated through the Shopify admin.
• Contacting us directly at legal@zavtra.ai. We will respond within 30 days.

7. Your Rights (GDPR)

If you are located in the European Economic Area, you have the following rights:

• Right of access — request copies of your personal data
• Right to rectification — request correction of inaccurate data
• Right to erasure — request deletion of your personal data
• Right to data portability — request transfer of your data
• Right to object — object to processing of your personal data

To exercise any of these rights, contact us at legal@zavtra.ai. We will respond within 30 days.

8. Security

• AES-256 encryption for sensitive data at rest (including Shopify access tokens)
• HTTPS/TLS encryption for all data in transit
• Firebase Security Rules for database access control
• Google Cloud Audit Logs for access monitoring
• Regular security reviews

In the event of a data breach affecting your personal data, we will notify affected merchants within 72 hours of becoming aware of the breach, in accordance with GDPR requirements.

9. Cookies

We use strictly necessary cookies for authentication and session management. For full details, see our Cookie Policy.

10. Changes to This Policy

We may update this policy periodically. We will notify merchants of significant changes via email. The "last updated" date at the top of this page reflects the most recent revision.

11. Contact Us