RoMuAI – Privacy Policy

Last updated: [2025-10-02]

RoMuAI (“we”, “us”, “our”) provides an AI customer support application for Shopify merchants (“Merchants”). This policy explains how we collect, use, and share information when you install, access, or use our app and dashboard.

If you have questions, contact us at support@romuai.com or by mail at.

1) What data we process

a) Merchant & account data

  • Contact and account details you provide (name, email, store URL, role).

  • Subscription and billing metadata from Shopify (no full card numbers).

b) Store data we access from Shopify

  • Required for core functionality: product catalog (titles, descriptions, variants, inventory), collections, store settings, languages.

  • Optional / if you grant scopes or approval: order metadata and customer data (name, email, phone, shipping/billing address) only when necessary for customer support features and only after you grant the relevant Shopify permissions and (where applicable) Shopify’s Protected Customer Data approval.

c) Conversation & events

  • By default: we do not permanently store end-customer chat transcripts on our servers.

  • Merchant-configurable (optional): you may enable limited logging for quality/analytics. If enabled, we store message events and bot responses for up to 30 days (or the period you configure) and then delete them.

  • We do keep technical logs (request IDs, timestamps, error messages) for up to 30 days for security and troubleshooting.

d) Configuration data

  • Prompts, response rules, language settings, and knowledge snippets you add in the dashboard.

  • These are stored in AWS DynamoDB in [AWS region] until you delete them.

2) Sources of data

  • You (Merchant) and your authorized users.

  • Your Shopify store via the Shopify Admin/API and webhooks (after you install the app and approve scopes).

  • If enabled, third-party model providers to generate AI responses (see Sub-processors).

3) Purposes & legal bases (GDPR/UK GDPR)

PurposeExamplesLegal basisProvide the app & AI responsesRender answers from your catalog/rules; operate the chat widgetPerformance of contract (Art. 6(1)(b))Improve & secure the serviceDebugging, fraud/abuse prevention, analytics on aggregated dataLegitimate interests (Art. 6(1)(f))ComplianceTax, accounting, legal requestsLegal obligation (Art. 6(1)(c))Optional logging/marketingIf you enable logging or subscribe to updatesConsent (Art. 6(1)(a))

4) Retention

  • Product/config data: until you delete it or close your account.

  • Technical logs: 30 days.

  • Optional chat/event logs (if enabled): up to 30 days (configurable).

  • Backups: up to 30 days rolling backup.

5) Sharing & sub-processors

We share data only to operate the service:

  • Shopify Inc. – platform & integration.

  • Amazon Web Services (AWS) – hosting & database (DynamoDB) in [AWS region].

  • LLM provider – to generate responses (e.g., [LLM provider]; prompts and necessary context are transmitted; we disable training with your data where the provider offers that control).

  • Analytics/error monitoring vendors (if used) with minimal data.

Current sub-processor list and regions are available on request at support@romuai.com.

We do not sell personal data.

6) International transfers

Where data leaves your country/region, we rely on recognized transfer mechanisms (e.g., Standard Contractual Clauses) and apply appropriate safeguards.

7) Security

  • TLS in transit; encryption at rest for stored data.

  • Principle of least privilege; access controls & audit logging.

  • Segregated environments for test and production.

8) Your choices & rights

  • You can disable optional logging at any time.

  • You can edit or delete configurations and knowledge.

  • EU/UK/EEA residents: right to access, rectify, erase, restrict, object, and data portability.

  • California residents: rights under CCPA/CPRA (access, deletion, correction, opt-out of “sale/sharing”; we do not sell personal data).
    Request by emailing support@romuai.com. We will verify and respond within statutory timelines.

9) Children

Our app is for business use and not directed to children under 16. We do not knowingly collect children’s data.

10) Data from end-customers

When you (Merchant) use RoMuAI to interact with your customers, you are the controller of that personal data. We act as your processor and process such data only on your documented instructions and in accordance with this policy and our Terms/Data Processing Addendum.

11) Cookies

The public chat widget generally does not set cookies beyond what is necessary for session/anti-abuse. Our dashboard may use essential cookies (authentication, security) and, if you enable analytics, strictly necessary analytics cookies.

12) Deleting your data / uninstalling

  • Uninstalling the Shopify app revokes our API access.

  • We remove residual store-linked data and tokens within 30 days of uninstall, except where we must retain minimal logs for fraud/security or legal obligations.

13) Changes

We may update this policy from time to time. We will post the new version with an updated date and, where required, notify you.

Contact:
RoMuAI – support@romuai.com
[RoMuAI Technologies], [Muradiye Mh.BESIKTAS], [TURKEY/ISTANBUL]