SupportifySupportify
Install for FreeInstall for Free

Privacy Policy

Last updated: March 2026

1. Introduction

Supportify AS ("Supportify", "we", "us", or "our") operates the Supportify AI platform and the Supportify Shopify application. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our services, including our email channel integrations with Google Gmail, Microsoft Outlook, and other third-party services.

2. Information We Collect

For Merchants (Our Customers)

  • Account information: email address, store name, Shopify store URL
  • Billing information processed through Shopify's billing system
  • Chatbot configuration and knowledge base content you provide
  • Usage analytics (session counts, feature usage)

For End Customers (Shoppers)

  • Chat messages sent through the Supportify widget
  • Email addresses (only when voluntarily provided for email verification)
  • Session metadata (browser type, approximate location from IP)

For Connected Email Channels (Gmail, Outlook)

When a merchant connects an email inbox (such as Gmail or Outlook) to Supportify, we access the following data from that inbox:

  • Inbound email messages received in the connected inbox (sender address, subject line, message body, and attachments up to 10 MB)
  • Email metadata such as message headers, thread IDs, and labels, used to maintain conversation threading and avoid processing duplicate messages
  • Account profile information (email address and display name) to identify the connected account

We do not access emails outside the connected inbox (e.g., Drafts, Spam, or Sent folders are not read). We only read new incoming messages that arrive after the integration is connected.

3. How We Use Your Data

Chat Widget Data

Chat messages are processed by Anthropic's Claude AI models to generate customer support responses. Messages are sent to Anthropic's API for processing but are not stored by Anthropic or used for model training.

Email Channel Data (Gmail, Outlook)

We use data from connected email inboxes solely for the following purposes:

  • Reading inbound customer emails to generate AI-powered support responses on behalf of the merchant
  • Sending reply emails back to customers, threaded under the original conversation
  • Marking emails as read after processing to prevent duplicate responses
  • Filtering automated emails (e.g., newsletters, bounce notifications) to avoid responding to non-customer messages

Email data is processed in real time. We store the message content in our database to maintain conversation history for the merchant and to provide context for follow-up messages within the same thread.

4. Data Storage and Security

All data is processed on servers located in the EU (Stockholm region), hosted on Fly.io. OAuth access tokens and refresh tokens for connected email accounts are encrypted using AES-256-GCM encryption at rest. We use TLS encryption for all data in transit.

5. Data Retention

Chat sessions, chat messages, and associated data (including email conversation content) are automatically deleted after 90 days in compliance with GDPR and Shopify data protection requirements.

When a merchant disconnects an email channel, the OAuth credentials (access and refresh tokens) are immediately deleted from our systems. Conversation history from that channel is retained for the remainder of the 90-day period unless the merchant requests earlier deletion.

Billing records are retained for the legally required period for accounting purposes.

6. Data Sharing

We share data with the following third-party services strictly to provide the Service:

  • Anthropic (Claude AI) — chat and email messages are sent to Anthropic's API to generate AI responses. Anthropic does not use this data for model training.
  • Shopify — billing data and store information are exchanged through Shopify's app platform.
  • Google (Gmail API) — when a merchant connects Gmail, we interact with Google's API to read and send emails on the merchant's behalf.
  • Microsoft (Graph API) — when a merchant connects Outlook, we interact with Microsoft's API to read and send emails on the merchant's behalf.

We do not sell, rent, or share your data with advertisers, data brokers, or any third parties for marketing, advertising, or profiling purposes.

7. Google API Services — Limited Use Disclosure

Supportify's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, we:

  • Only use Gmail data to provide and improve the AI customer support features visible in the application's user interface
  • Do not transfer Gmail data to third parties except as necessary to provide the Service (i.e., sending message content to Anthropic's API for AI response generation), for security purposes, or to comply with applicable laws
  • Do not use Gmail data for serving advertisements or for retargeting, personalized, or interest-based advertising
  • Do not allow humans to read Gmail data unless: (a) the merchant has given affirmative consent to view specific messages (e.g., reviewing a conversation in the admin dashboard), (b) it is necessary for security purposes (e.g., investigating abuse), or (c) it is required to comply with applicable law

8. Revoking Access to Connected Email Accounts

Merchants can disconnect a connected email account at any time through the following methods:

  • From the Supportify app: Navigate to the Channels section in the Shopify admin and click "Disconnect" on the email integration. This immediately deletes the stored OAuth credentials and stops all email processing.
  • From Google Account settings: Visit myaccount.google.com/permissions and remove Supportify's access. We will detect the revocation on our next sync attempt and automatically deactivate the integration.
  • From Microsoft Account settings: Visit your Microsoft account app permissions page and remove Supportify's access.

Upon disconnection or revocation, all stored OAuth tokens are immediately and permanently deleted from our database. Conversation history from the channel is retained for the remainder of the standard 90-day retention period.

9. Your Rights (GDPR)

Under GDPR, you have the right to:

  • Access your personal data
  • Rectify inaccurate personal data
  • Request erasure of your personal data
  • Restrict processing of your personal data
  • Data portability
  • Object to processing

Shopify merchants can also submit data requests through Shopify's GDPR webhook system, which we process automatically.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify affected users of any material changes before they take effect. Continued use of the Service after changes are published constitutes acceptance of the updated policy.

11. Contact Us

For any privacy-related questions, to exercise your rights, or to request deletion of your data, contact us at: support@supportify.no

Supportify AS
Tordenskiolds gate 2
0160 Oslo, Norway