🔒 ReplyGuru Privacy Policy

Last updated: March 26, 2026

1. Introduction

ReplyGuru ("we", "our", "us") is an AI-powered customer support suite for Shopify merchants. This Privacy Policy describes how we collect, use, and protect your data when you use our application.

2. Data We Collect

When you install ReplyGuru, we access the following Shopify data through authorized API scopes:

• Store information: Shop name, email, and domain
• Orders: Order details, fulfillment status, and tracking information (read-only)
• Products: Product titles, descriptions, inventory, and pricing (read-only)
• Customers: Customer names, emails, and purchase history

We also process:

• Customer support messages: Inbound emails and conversation threads
• Store policies: Refund, shipping, and exchange policies you configure
• AI-generated replies: Responses generated by our AI engine

3. How We Use Your Data

• Generate AI-powered customer support replies using Google Gemini API
• Detect shipping delays and send proactive notifications (DelayGuru)
• Automate return/exchange offers based on your policies (ReturnGuru)
• Provide analytics and performance dashboards

4. Data Storage & Security

• Data is stored in Google Cloud Firestore (US region)
• Shopify access tokens are encrypted with AES-256-GCM
• All communications use TLS 1.3 encryption
• Webhook payloads are verified using HMAC-SHA256
• We do not sell, rent, or share your data with third parties

5. AI Processing

Customer messages are processed by Google's Gemini API to generate reply suggestions. We send only the minimum data necessary (message content, relevant order data, and store policies). Google processes this data under their Data Processing Addendum and does not use it to train their models.

6. Data Retention

• Conversation data is retained while your app is installed
• AI usage logs are retained for 90 days for billing purposes
• Upon app uninstallation, we delete your access tokens immediately
• Upon GDPR deletion request, all associated data is permanently removed within 48 hours

7. GDPR Compliance

We comply with the EU General Data Protection Regulation:

• Data access: You can request all stored data at any time
• Data deletion: You can request complete data deletion
• Data portability: You can export your data in standard formats

We handle Shopify's mandatory GDPR webhooks:customers/data_request, customers/redact, and shop/redact.

8. Your Rights

You can:

• Uninstall the app at any time from your Shopify Admin
• Request data deletion by emailing us
• Control AI features and notification preferences in Settings

9. Contact

For privacy inquiries, data requests, or concerns:
📧 info@polenest.com
🌐 reply.polenest.com