Privacy policy
This policy explains how Always Awake processes information when a Shopify merchant installs the app and when a visitor uses its storefront sales guide.
Information we process
- Shop domain, app configuration, granted access scopes and Shopify authentication sessions.
- Published store information the merchant authorises us to read, including products, inventory, pages, articles, policies, menus, public metaobjects, markets, locales and delivery configuration.
- Anonymous storefront identifiers, page context, chat messages, recommendation events and cart interactions needed to provide and measure the service.
- Brand images uploaded by the merchant, plus filenames, media types and sizes.
- Token counts, model name, error and operational records needed to monitor reliability and control cost. We hash network addresses for short-lived abuse prevention and do not store the original address in the app database.
How we use information
We use information to authenticate the merchant, answer shopper questions, recommend relevant products, restore recent conversations, display analytics, prevent abuse, provide support and comply with law. We do not sell personal information or use merchant or shopper data to train our own general-purpose model.
AI processing and service providers
Relevant shopper questions and selected store context are sent to Google’s Gemini API to generate an answer. Shopify provides store access, authentication, billing and app delivery. Netlify provides hosting, managed database and object storage. These providers process data under their own contractual security and privacy commitments.
Retention and deletion
Merchants choose retention periods between 30 and 365 days for anonymous conversation and journey data. The default is 90 days for conversations and 365 days for aggregated journey events. Merchants can delete interaction data immediately from Settings. Uploaded brand assets are retained until replaced, removed with the app’s shop data, or deletion is requested. Shopify shop-redaction requests delete all shop-owned app records.
Security and access
We use signed Shopify app-proxy requests, server-side credentials, per-store data isolation, encrypted HTTPS transport, managed infrastructure, rate limits and least-privilege Shopify access. No internet service can guarantee absolute security.
Your choices
Merchants can change retention, export conversation data, disable the storefront widget or uninstall the app. Store visitors should contact the merchant first because the merchant controls the storefront relationship. We will support lawful access, correction or deletion requests.
International processing and changes
Providers may process information outside the United Kingdom. Appropriate contractual and technical safeguards are used where required. We may update this policy as the service or law changes; the effective date will show the latest version.
Email hello@neat.digital with the store domain and the nature of the request.