Privacy Policy

Introduction

Ustam "the App" provides AI-powered customer support chat assistant service "the Service" to merchants who use Shopify to power their stores. This Privacy Policy describes how personal information is collected, used, and shared when you install or use the App in connection with your Shopify-supported store.

Personal Information the App Collects

We collect personal information directly from the relevant individual, through your Shopify account, and through the technologies described below.

Information Accessed from Your Shopify Account

When you install the App, we are automatically able to access certain types of information from your Shopify account:

• Store information — shop name, domain, email address, address, phone number, currency, and timezone; used to configure and identify your account
• Product catalog — product titles, descriptions, prices, variants, and inventory; used to power AI assistant responses
• Customer profiles — name and email address of customers who are actively logged in and using the chat; used solely to personalize the chat experience
• Order information — order status and details for logged-in customers who ask about their orders; used to provide accurate order support

Information Collected Directly from Merchants

When you create an account and use the App, we additionally collect:

• Registration information — name, email address, and billing information provided during sign-up
• Usage and analytics data — feature usage, conversation volumes, and performance metrics used to operate and improve the Service
• Device and browser information — IP address, browser type, and time zone collected when you access the admin dashboard

Information from Merchant Customers (Chat Users)

When end customers use the chat assistant on a merchant's store, we collect minimal personal data:

• Name — only when the customer is logged in to the merchant store
• Email address — only when the customer is logged in to the merchant store
• Conversation messages and content exchanged during the chat session
• Current page context — the page type (e.g. product, collection, home) and page path the customer is currently viewing on the storefront; used to provide relevant chat assistance. Page navigation events are recorded in the conversation to help support staff understand the customer's browsing context.
• Cart summary — the number of items, total price, and product titles in the customer's shopping cart; used to provide cart-aware assistance. Cart data is not stored beyond the active chat session.

Note: We do NOT collect addresses, phone numbers, payment information, or order data beyond what is needed to answer a specific support query. Personal data is limited to name and email address, and only when these are made available by the merchant store. Cart data (item count, total, and product titles) is used only during the active chat session and is not persisted.

Tracking Technologies

We collect information using the following technologies when you access the App or the merchant-facing dashboard:

• "Cookies" are data files placed on your device or computer that often include an anonymous unique identifier. For more information about cookies and how to disable them, visit http://www.allaboutcookies.org.
• "Log files" track actions on the site and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.
• "Web beacons," "tags," and "pixels" are electronic files used to record information about how you browse the site.

How Do We Use Your Personal Information?

We use the personal information we collect from you and your customers in order to provide the Service and to operate the App. Additionally, we use this personal information to:

• Provide, maintain, and improve the App and the Service
• Communicate with you about your account, billing, and updates to the Service
• Analyze usage patterns to enhance the user experience and develop new features
• Detect and prevent fraud, abuse, and security incidents

Sharing Your Personal Information

We do not sell your personal information. We may share your information only with the following parties and in the following circumstances:

• AI service providers (such as Anthropic) — conversation data is shared to generate assistant responses. These providers process data solely on our behalf under strict confidentiality obligations.
• Infrastructure and hosting providers — cloud database and server providers used to store and process data on our behalf.
• Legal compliance — when required by applicable law, regulation, court order, or to protect the rights and safety of Ustam or others.
• Business transfers — in connection with a merger, acquisition, financing, or sale of all or a portion of our assets.

Data Security

We implement appropriate technical and organizational measures to protect your personal information, including encryption at rest and in transit, access controls, and regular security reviews. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

Data Retention

We retain your personal data only for as long as necessary to provide our services. Personal data is automatically deleted when:

• You request deletion of your personal data
• A shop uninstalls our app — all shop and related data is deleted within 48 hours of uninstallation
• The data is no longer needed for the purpose for which it was collected

Data Deletion When You Uninstall

When you uninstall the Ustam app from your Shopify store, Shopify sends us a compliance webhook (shop/redact) 48 hours after uninstallation. Upon receiving this webhook, we permanently delete your shop record and all associated data. This includes: store information and settings, all conversations and messages, AI assistants and their configurations, product and recommendation data we cached, subscriptions and service connections, and related files (e.g. assistant logos). We also remove any external resources linked to your shop (e.g. search indexes). We do not retain your data after uninstall except as needed for backups (see below).

Backup copies are retained for up to 30 days and are automatically purged after this period.

Your Rights

You have the right to:

• Access and receive a copy of your personal data
• Request correction of inaccurate or incomplete data
• Request deletion of your personal data
• Opt out of certain data collection or processing practices

European Residents

If you are a European resident, you have the right to access personal information we hold about you and to ask that your personal information be corrected, updated, or deleted. If you would like to exercise this right, please contact us using the details below. We note that we process your information in order to fulfill contracts we might have with you, or otherwise to pursue our legitimate business interests described above.

Please note that your information may be transferred outside of Europe, including to the United States, where it will be processed in accordance with this Privacy Policy.

Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our service and hold certain information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. Note that refusing cookies may affect the functionality of certain parts of the App.

Changes

We may update this privacy policy from time to time in order to reflect changes to our practices or for other operational, legal, or regulatory reasons. We will notify you of material changes by posting the updated policy on this page and updating the "Last Updated" date.

Contact Us

For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by email at info@ustam.ai or by mail using the details below:

Email: info@ustam.ai