SupportifySupportify
Install for FreeInstall for Free
Back to Documentation

Privacy & Data

How we handle your data, comply with GDPR, and what happens when you uninstall.

1

Data Retention

Supportify automatically deletes chat data to comply with GDPR and Shopify's data protection requirements:

Important

If you need to keep conversation records longer than 90 days, export them before they're automatically deleted. There is no way to recover deleted conversations.

2

What Data We Collect

From you (the merchant)

  • Account information (email, store name, store URL)
  • Billing information (processed through Shopify — we never see your credit card)
  • Chatbot configuration and knowledge base content you upload
  • Usage analytics (session counts, feature usage)

From your customers (shoppers)

  • Chat messages sent through the Supportify widget
  • Email addresses (only when voluntarily provided for email verification or order lookup)
  • Session metadata (browser type, approximate location from IP address)

AI processing

Chat messages are sent to AI providers (Anthropic or OpenAI) for processing. These providers do not use your data for model training. We process data on servers located in the EU (Stockholm region).

3

Customer Email Verification

When customers want to access order data through the chat, they need to verify their email address first. This protects your customers from unauthorized access to their order information.

How it works:

  1. Customer provides their email address.
  2. We send a verification code to that email.
  3. Customer enters the code in the chat.
  4. If the code matches, the AI can access order data for that email.

Customers get a maximum of 3 attempts to enter the correct code, and codes expire after 5 minutes.

4

GDPR Rights

Under GDPR, both you and your customers have specific data rights:

  • Right to access — Request a copy of all personal data we hold.
  • Right to deletion — Request that personal data be erased.
  • Right to rectification — Request corrections to inaccurate data.
  • Right to data portability — Receive data in a machine-readable format.
  • Right to restrict processing — Limit how data is used.
  • Right to object — Object to specific types of processing.
5

Requesting Data Exports

You can request a data export from the Privacy section of the Supportify app (or contact us directly). The export includes:

  • All customer chat sessions and messages
  • Support tickets
  • Customer data stored in our system
  • Billing records

The export is provided as a ZIP file and is available for download for 30 days.

6

What Happens When You Uninstall

If you uninstall Supportify from your Shopify store, here's what happens:

  1. The chat widget disappears from your storefront immediately.
  2. Your data is deleted — all chat sessions, messages, chatbot configurations, tools, and customer data are removed from our servers.
  3. Billing stops — your Shopify subscription is cancelled and no further charges are made.
  4. Knowledge base documents are deleted — any uploaded files are removed.
  5. OAuth connections are revoked — if you connected Gmail or Outlook, those connections are cleaned up.

This is permanent

Data deletion on uninstall is irreversible. If you reinstall later, you'll start fresh. Export any data you need before uninstalling.

7

Security Practices

A quick overview of how we keep your data safe:

  • Encryption at rest and in transit — All data is encrypted. OAuth tokens (Shopify, Gmail, Outlook) are encrypted with AES-256.
  • EU hosting — Data is processed on servers in the EU (Stockholm region).
  • No credit card storage — All billing goes through Shopify. We never see or store payment information.
  • Rate limiting — API endpoints are rate-limited to prevent abuse.
  • Audit logging — Billing operations and data access are logged for compliance.
  • Webhook verification — All Shopify webhooks are verified using HMAC signatures.

Questions about your data?

If you have any questions about privacy, data handling, or want to exercise your GDPR rights, we're happy to help.

Read our full Privacy Policy →Contact us →
Integrations