PrudiX

Privacy Policy

Last updated: 2026-06-13

This policy explains what PrudiX Commerce - our single Shopify app - collects, why, where it goes, and how long we keep it. It matches the Protected Customer Data declaration we submit to Shopify's Partner Dashboard, so what's described here is what's actually wired in code.

1. Who we are

PrudiX ("we", "us", "our") publishes PrudiX Commerce on the Shopify App Store. You can reach us at support@prudix.app.

2. What we collect from your shop

When you install PrudiX Commerce, we collect:

  • Shop identity - your myshopify.com domain and a Shopify-issued access token (Fernet-encrypted at rest)
  • Product catalog - titles, descriptions, vendor, images, metafields under our prudix_* namespaces, inventory levels, prices
  • Reviews - review text and ratings from your Judge.me or Shopify Reviews integration (used to generate ad copy, FAQs, and descriptions)
  • Order line items, return reasons, checkout events - used for Sales Leak Finder, Customer Retention Operator, and Inventory & Cash Flow Operator analytics. Shopify scrubs PII (name, email, phone, address) from these webhook payloads before delivery, and we never re-fetch the scrubbed fields.
  • Customer first names (Retention Operator only) - live-fetched, never stored. Used to display the cohort dashboard and personalize merchant-side retention copy.
  • Shopper questions (AI Concierge only) - typed product questions from the PDP widget. Stored for 30 days under an opaque session_hash that is not tied to any Shopify customer record.
  • Generated outputs - ad copy, FAQs, descriptions, content kits, AI Concierge answers we produced for you
  • Usage logs - which features you use, which AI model was selected, generations consumed, token counts, cost (USD)
  • Billing state - plan tier, status (active / trial / cancelled), Shopify billing events

3. What we don't collect

  • Your customers' names, emails, phone numbers, or addresses (except the single first-name carve-out above)
  • Payment card information - Shopify handles all billing directly under their App Billing API
  • Behavioral tracking of your storefront shoppers - the AI Concierge widget uses an opaque per-session hash that is cleared on browser close and never linked to a Shopify customer record
  • Anything we use to train AI models - see Section 5

4. How we use it

We process the data above for two purposes only:

  • Analytics - computing per-SKU return rates, cohort scoring, inventory velocity, content gaps, and the metrics surfaced in your dashboard and four weekly digests
  • Marketing or advertising - generating AI-written product descriptions, FAQs, ad copy, retention messages, and clearance email bodies for content you publish or send via your own ESP

We do not sell or share your data, we do not use it for any other purpose, and we do not let third parties use it to advertise to you.

5. Third-party processors

The following processors handle data on our behalf:

  • OpenAI and Anthropic - we send selected prompts (including your product, review, and order metadata) to their APIs to generate content. Both providers commit not to train on API data by default.
  • Supabase - hosts our PostgreSQL database (US region, AES-256 encryption at rest, automated encrypted backups)
  • Railway - hosts our application servers
  • Postmark - sends the four weekly digest emails (Sales Leak, Retention, Inventory, AI Concierge) to merchant owners
  • Sentry - error monitoring; sensitive headers are scrubbed before events are recorded

6. Data retention

  • While your subscription is active, your data is retained for as long as it's useful to deliver the service
  • AI Concierge shopper questions are retained for 30 days from the moment the question was asked, then auto-purged
  • When you uninstall, your Shopify access token is revoked immediately and a 30-day data retention window begins
  • At the end of the 30-day window, all your shop data is permanently purged from our database, including all seven AI Concierge tables
  • On a Shopify shop/redact webhook, we purge immediately rather than waiting 30 days

7. GDPR / CCPA rights

We support all three Shopify-mandated GDPR webhooks (customers/data_request, customers/redact, shop/redact) and they are wired to real handlers - not stubs. You can request your data export, data deletion, or any other rights request by emailing support@prudix.app; we respond within Shopify's mandated window.

8. Security

  • Shopify access tokens encrypted at rest using Fernet symmetric encryption
  • Database at rest encrypted via Supabase AES-256 (managed)
  • All HTTP traffic over TLS
  • Internal admin dashboard behind HTTP Basic Auth (2FA via TOTP planned before public launch)
  • Application-level access scoped per shop - no cross-shop data leakage
  • Encrypted automated database backups
  • Documented incident-response flow (identify → contain → purge via shop/redact → notify Shopify + affected merchants → remediate)

9. Changes

We'll update this page when our practices change. Material changes will be communicated to active merchants by email at least 14 days before they take effect.

10. Contact

Privacy questions: support@prudix.app.