Privacy Policy

AIrise is an AI visibility tool for Shopify merchants. When you install AIrise on a Shopify store, we collect only the information necessary to generate llms.txt files, AI-optimized product feeds, JSON-LD schemas, and AI visibility scoring. Specifically, we collect:

• Store information. The store’s Shopify domain (e.g. example.myshopify.com), primary custom domain, store name, shop description, country, province/state, city, currency, and primary locale, as returned by the Shopify Admin API at install and during sync.
• Product catalog. Product titles, descriptions, handles, prices, compare-at prices, variants, images, tags, vendor, product type, availability status, and the canonical product URL. This catalog data is used to build AI-readable feeds and structured data.
• Order metadata. Non-identifying order-level metadata (such as aggregate currency and catalog activity signals used for scoring) may be collected. AIrise does not request or store customer personal data, payment details, shipping addresses, or individual order line items.
• Installation and authentication data. The Shopify access token issued to AIrise for your store, the OAuth scope granted, install/uninstall timestamps, and the merchant email used to create an AIrise account (automatically derived from the shop domain when you install via Shopify).
• Operational logs. Timestamps of API calls, job runs (sync, feed generation, schema generation, visibility scans), and error messages, retained for troubleshooting and abuse prevention.

AIrise does not collect customer personal data, email addresses of shoppers, payment card data, buyer IP addresses, or any special-category data (health, biometric, political, religious, etc.). AIrise is a merchant-facing tool only.

• Database. All merchant data is stored in a managed PostgreSQL database hosted on Abacus.AI infrastructure. Data is encrypted in transit (TLS 1.2+) and at rest using industry-standard AES-256 encryption provided by the database host.
• Access tokens. Shopify access tokens are stored server-side only and are never exposed to the client browser.
• Access controls. Database access is restricted to authorised AIrise production systems over private network connections. No shared administrative credentials are distributed.
• Data location. Data is hosted on US-based cloud infrastructure operated by Abacus.AI. Where you are located in the European Economic Area (EEA) or the United Kingdom, transfers are performed under appropriate safeguards (see Section 6).
• Retention. We retain your data only for as long as the app is installed on your store. Uninstalling triggers automatic deletion as described in Section 5.

Access to merchant data is strictly limited to:

• You, the merchant. The Shopify user(s) who installed AIrise can view and manage their store’s data from the AIrise dashboard.
• AIrise operations personnel. A minimal number of authorised AIrise staff may access production data solely for the purposes of operating the Service, providing support, enforcing the terms of service, and meeting legal obligations. All staff are bound by confidentiality obligations.

We do not sell your data. We do not share, rent, trade, or license merchant data to third parties for advertising, profiling, training third-party AI models, or any other commercial purpose. AIrise uses your data only to provide the Service to you.

The following limited third-party sub-processors are used strictly to operate the Service on our behalf:

• Shopify, Inc. — source of your store, product, and installation data (under your existing agreement with Shopify).
• Abacus.AI — application hosting, PostgreSQL database hosting, and the large language model API used to generate AI-optimised descriptions. Product text sent to the LLM is not used to train third-party foundation models.

We use the information described in Section 1 only for the following purposes:

• To generate your store’s llms.txt file, AI feed, JSON-LD schemas, and visibility score.
• To keep your data synchronised with Shopify via webhooks (product create/update/delete, app uninstall).
• To authenticate you into the AIrise dashboard.
• To monitor, maintain, and improve the reliability and security of the Service.
• To respond to support requests and comply with legal obligations.

We do not perform automated decision-making that produces legal or similarly significant effects on any data subject.

Uninstalling the AIrise app from your Shopify admin triggers automatic deletion of your data. When Shopify sends the app/uninstalled webhook to AIrise, we:

• Mark the store as uninstalled and revoke the stored access token.
• Delete the store’s generated feeds and the imported product records associated with the store.
• Remove any cached content (llms.txt, ai-feed.json, JSON-LD) so that public AIrise URLs for the store stop resolving.

Residual operational logs and backups are purged on a rolling 30-day cycle. After that period, no identifiable merchant data remains on AIrise systems.

You may also request deletion at any time, without uninstalling, by emailing [email protected] from the address associated with your AIrise account or from the merchant email registered with your Shopify store. We will confirm the request, complete the deletion within 30 days, and notify you when it is done.

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, the General Data Protection Regulation (EU) 2016/679 and the UK GDPR apply to our processing of personal data relating to you as a merchant.

• Roles. For data you as a merchant provide or authorise (store information, catalog, access token), AIrise acts as a data processor, processing on your behalf as the data controller. For the limited account data AIrise needs to operate the Service (your AIrise user record, audit logs), AIrise acts as a data controller.
• Legal bases. Our lawful bases are: (a) performance of a contract with you (Art. 6(1)(b) GDPR); (b) compliance with legal obligations (Art. 6(1)(c)); and (c) our legitimate interests in securely operating and improving the Service (Art. 6(1)(f)).
• Your rights. You have the right to access, rectify, erase, restrict processing of, and port your personal data, and to object to processing based on legitimate interests. You also have the right to lodge a complaint with a supervisory authority in your jurisdiction.
• International transfers. Where data is transferred outside the EEA/UK, we rely on the European Commission’s Standard Contractual Clauses (and the UK International Data Transfer Addendum where applicable) with our hosting sub-processors.
• Shopify Protected Customer Data. AIrise does not request level 1 or level 2 protected customer data scopes and does not process end-customer personal data. This minimises the scope of personal data handled by AIrise.

To exercise any of the rights above, contact us at [email protected]. We will respond within 30 days.

The AIrise dashboard uses a single strictly-necessary session cookie (issued by NextAuth.js) to keep you signed in. AIrise does not use tracking cookies, advertising cookies, or third-party analytics trackers.

The Service is offered to businesses and is not directed to children. We do not knowingly collect personal data from children under the age of 16.

In the unlikely event of a personal data breach affecting your data, we will notify affected merchants without undue delay and, where required, the relevant supervisory authority within 72 hours of becoming aware of the breach, in accordance with Article 33 GDPR.

We may update this Privacy Policy from time to time. Material changes will be communicated by updating the “Effective date” at the top of this page and, where appropriate, by notice in the AIrise dashboard or by email to the merchant address on file.

If you have any questions about this Privacy Policy or how AIrise handles your data, please contact us:

• Email: [email protected]
• Website: https://airise.app

For data protection requests, please mark your email subject line with “Data Request” and include the Shopify store domain associated with your account so we can verify and action the request promptly.