Skip to content
Contact us

Privacy Policy

Effective Date: 2025/06/11

Backoffice AI, LLC (“Company,” “we,” “us”) respects your privacy and is committed to protecting the personal information that you share with us. This Privacy Policy (the “Policy”) explains how we collect, use, and disclose personal data, whether you are visiting our website, using our services, or interacting with any other aspect of our business, including our Shopify application. This policy applies to all subsidiaries, business units, and personal data processing activities under the responsibility of Backoffice AI, LLC. 

  1. Welcome 

1.1 Your privacy is important to Backoffice AI, LLC. This Policy is intended to help you understand how we, as the data controller, collect, use, and disclose the personal data you provide to us when visiting our website, using our services, or installing our Shopify application. 

1.2 Where we provide the Services under contract with a legal entity (for example, your employer), that organization controls the personal data processed by the Services. 

1.3 Global Shopify Merchant Support: While our primary operations are US-based, we provide services to Shopify merchants worldwide. When processing data for merchants in the European Economic Area (EEA), United Kingdom, or other regions with specific data protection requirements, we implement additional safeguards: 

  • Standard Contractual Clauses for international data transfers 
  • Enhanced consent mechanisms where required by local law 
  • Compliance with regional data retention requirements 
  • Local data subject rights fulfillment procedures 

We work closely with merchants to ensure compliance with their local data protection obligations. 

1.4 If you do not agree with this Policy, do not access or use our Services or interact with any other aspect of our business. 

  1. Shopify App Store Compliance 

2.1 Our Role in the Shopify Ecosystem 

When you use our application through the Shopify App Store, we operate in different capacities depending on the type of data:

As Data Controller: For your merchant account information, app settings, and business data you provide directly to us. 

As Data Processor: For your customers’ personal data that we access through Shopify’s APIs to provide our services. 

2.2 Mandatory Compliance Webhooks 

In accordance with Shopify’s requirements, we implement mandatory compliance webhooks to handle data subject requests: 

  • customers/data_request: We respond to customer data access requests within 48 hours
  • customers/redact: We delete customer data within 30 days of receiving deletion
  • requests shop/redact: We delete all shop data within 48 hours after app uninstallation 

2.3 Shopify API Data Processing 

Through Shopify’s APIs, we may process: 

  • Order information necessary for app functionality 
  • Customer contact details for service delivery 
  • Store configuration data for app setup 
  • Product information for service features 
  • Transaction data for analytics and reporting 

We only request the minimum API permissions necessary for our app’s functionality and comply with Shopify’s data access limitations. 

  1. Notice to End Users 

3.1 Some of our Services are intended for use by legal entities. Where the Services are made available to you through a legal entity (e.g., your employer), that legal entity is the administrator of the Services and is responsible for the accounts in the Services. 

3.1.1 In this case, please direct your data privacy questions to your administrator, as your use of the Services is subject to your legal entity’s policies. We are not responsible for the privacy or security practices of an administrator’s legal entity, which may be different from this Policy. The administrator will also be able to terminate your access to the Services. 

3.2 Rights for Shopify Store Customers 

If you are a customer of a store using our app: 

Contact the store owner directly for data requests regarding your purchase information The store owner controls your customer data; we process it on their behalf

We will assist store owners in fulfilling your data requests as required by law 3.3 Rights for Shopify Merchants 

As a merchant using our app, you can: 

  • Request access to your merchant account data 
  • Update your app settings and configurations 
  • Request deletion of your data by uninstalling our app 
  • Opt out of non-essential data processing 
  1. Personal Data You Provide to Us 

4.1 We collect personal data about you when you provide it to us, when you use our Services, or otherwise provide it directly to us. 

4.2 When you register for an account, create or modify your profile through our Services, we collect your name, last name, work e-mail, and activity in Services. If you provide content through our Service, we collect such personal data included in the content. 

4.3 We collect such personal data to provide you with the Services, including to operate the Services, provide customer support and personalized features, and protect the safety and security of the Services. 

4.4 When you browse the portions of our Website that do not require you to register or provide personal information, you do so anonymously. We don’t automatically collect personal information, including your email address. We do log your IP address to give us an idea of which part of our Website you visit and how long you spend there, but we do not link your IP address to any personal information unless you have logged in to our Website. 

4.5 Shopify-Specific Data Categories 

When you install our app through Shopify, we may also collect: 

  • Shopify Store Data: Store domain, configuration settings, installed themes and apps 
  • API Access Logs: Timestamps and scope of API requests for security monitoring 
  • App Usage Analytics: Feature usage, performance metrics, and error logs 
  • Integration Settings: Custom configurations and preferences you set within our app 
  • Support Interactions: Communications related to app setup, troubleshooting, and feature requests 
  • Webhook Data: Real-time notifications from Shopify about store events relevant to our service 

 

  1. Personal Data We Collect Automatically

5.1 We automatically collect personal data about you when you use our Services, including browsing our website and taking certain actions within the Services. 

5.2 We automatically collect such personal data about the device you use to access the Services, including your connection type and settings. We also collect information through your device about your operating system, browser type, IP address, URLs of referring/exit pages, device identifiers, and crash data. We use your IP address and/or country preference to approximate your location to provide you with a better Service experience. How much of this information we collect depends on the type and settings of the device you use to access the Services. 

5.3 When you visit our website, we collect and process information about your usage with the purpose of compiling statistics and targeted advertising (cookies). The legal basis for the personal data processing that occurs through cookies is based on your consent. This means that you have a choice to allow or deny the cookies, except for strictly necessary cookies. We use the following cookies: 

5.3.1 Strictly necessary – These cookies are strictly necessary to enable you to move around the website and use its features. The website cannot function without these cookies. 

5.3.2 Functional – These cookies enable the website to save details that you have provided to offer a better experience, such as remembering choices you make like your language or the region you are in. Some parts of the website may not function properly without these cookies. These cookies may be automatically enabled and can be managed to your preferences through your browser settings. 

5.3.3 Statistical – These cookies are used to analyze the performance and design of the website and to detect errors. These cookies also enable us to recognize that you have visited the website before. The purpose of these cookies is solely to improve the performance of the website and your experience. 

5.4 Cookies and Tracking Technology – A cookie is a small data file that certain websites write to your hard drive when you visit them. A cookie file can contain information such as a user ID that the site uses to track the pages you’ve visited, but the only personal information a cookie can contain is information you supply yourself. A cookie can’t read data off your hard disk or read cookie files created by other sites. Some parts of our Website use cookies to track user traffic patterns. We do this to determine the usefulness of our Website information to our users and to see how effective our navigational structure is in helping users reach that information. If you prefer not to receive cookies while browsing our Website, you can set your browser to warn you before accepting cookies and refuse the cookie when your browser alerts you to its presence. You can also refuse all cookies by turning them off in your browser, although you may not be able to take full advantage of our Website if you do so. In particular, you may be required to accept cookies to complete certain actions on our Website. You do not need to have cookies turned on to use/navigate through many parts of our Website. 

  1. How We Use Information Collected

6.1 We use information for several general purposes, including, without limitation, to fulfill your requests for certain products and services, to personalize your experience on our Website, to keep you up to date on the latest product announcements, software updates, special offers or other information we think you’d like to hear about either from us or from our business partners, and to better understand your needs and provide you with better services. We may also use your information to send you, or to have our business partners send you, direct marketing information or contact you for market research. 

6.2 Shopify App Functionality 

We use information collected through Shopify to: 

  • Provide Core App Features: Process data necessary for our app’s primary functions
  • Maintain Service Reliability: Monitor app performance and prevent service disruptions
  • Ensure Security: Detect and prevent unauthorized access or fraudulent activity 
  • Comply with Shopify Requirements: Meet mandatory compliance webhook obligations
  • Provide Technical Support: Troubleshoot issues and assist with app configuration 
  • Improve Our Services: Analyze usage patterns to enhance app functionality (aggregated data only) 

6.3 Scope – This policy applies to all personal data processed by all employees, contractors, and partners doing business on behalf of Backoffice AI, LLC, as well as all legal entities and subsidiaries of Backoffice AI, LLC. This policy excludes joint ventures where there is less than a 50% share by Backoffice AI, LLC. 

  1. Sharing of Your Personal Data 

7.1 We do not sell, trade, or otherwise share your personal data with outside parties. This does not include trusted third parties (data processors) who assist us in operating our Services, including our website, as long as those parties agree to keep your personal data confidential. We only use data processors that can provide your personal data with an adequate level of data protection. 

7.2 Information Sharing and Disclosure – Your personal information is never shared outside Backoffice AI, LLC without your permission, except under conditions explained below. Inside Backoffice AI, data is stored in controlled servers with limited access. Backoffice AI may send your personal information to other companies or people under any of the following circumstances: when we have your consent to share the information; we need to share your information to provide the product or service you have requested; or we want to keep you up to date on the latest product announcements, software updates, special offers or other information we think you’d like to hear about either from us or from our business partners (unless you have opted out of these types of communications). We will also disclose your personal information if required to do so by law or in urgent circumstances to protect personal safety, the public, or our Website. 

  1. Security

8.1 We have established and will maintain adequate organizational and technical measures to ensure your personal data is not accidentally or illegally deleted, deteriorated or lost, disclosed to unauthorized third parties, or in any other way misused or used contrary to the data protection legislation. 

8.2 Shopify-Specific Security Measures 

  • OAuth Authentication: Secure token-based authentication with Shopify 
  • HTTPS/TLS Encryption: All API communications use TLS 1.2 or higher 
  • Webhook Verification: HMAC signature verification for all incoming webhooks 
  • Access Token Security: Automatic rotation and secure storage of API credentials 
  • Scope Limitation: Request only necessary API permissions for app functionality 

8.3 In certain areas of our Website, Backoffice AI uses industry-standard SSL encryption to enhance the security of data transmissions. While we strive to protect your personal information, we cannot ensure the security of the information you transmit to us, and so we urge you to take every precaution to protect your personal data when you are on the Internet. Change your passwords often, use a combination of letters and numbers, and make sure you use a secure browser. 

8.4 In the event of a security breach where we estimate that there is a high risk that your personal data may be compromised, we will notify you and the relevant data protection authorities within 72 hours of becoming aware of the breach, as required by applicable law. 

  1. Data Retention 

9.1 We will retain your personal data only for as long as necessary to fulfill the purposes for which we have collected it. To determine the appropriate retention period, we consider the amount, nature and sensitivity of your personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means and the applicable legal requirements. 

9.2 Shopify App Data Retention 

Merchant Data: Retained while you maintain an active subscription and for 90 days after cancellation for account recovery purposes. 

Customer Data (via Shopify APIs)

  • Processed in real-time for service delivery 
  • Not stored longer than necessary for specific functions 
  • Automatically deleted within 30 days of receiving deletion requests via Shopify webhooks API Logs: Retained for 90 days for security and troubleshooting purposes. 

App Uninstallation: All data is deleted within 48 hours of receiving Shopify’s shop/redact webhook.

9.3 We will also retain and use your personal information to the extent necessary to comply with our legal obligations, resolve disputes and enforce our policies. If you stop using our services or if you delete your account with us, we will delete your information or store your information in an aggregated and anonymized format. 

  1. Personal Data About Minors and Children 

10.1 We do not knowingly collect data from or about children under 13. If we learn that we have collected personal information from a child under 13, we will delete that information as quickly as possible. If you believe that we might have any information from or about a child under 13, please contact us at support@backoffice-ai.com. 

  1. Applicable Law 

11.1 This privacy policy is governed and will be interpreted in accordance with the laws of the United States of America. 

11.2 If you use our services and reside outside the United States of America, your information will be transferred to the United States of America and will be processed and stored there under United States of America privacy standards. By using our services and providing information to us, you consent to such transfer to the United States of America and processing there. 

  1. What Personal Data We Use 

12.1 Backoffice AI may use any of the following pieces of personal data in line with the use purposes explained below: 

  • Your name and contact details 
  • Communication details 
  • Authentication data 
  • Online profile data 
  • Online activity/profile usage 
  • Purchasing information 
  • Payment methods and history 
  • Information about the device(s) you use 
  • Information about the service usage 
  • Support information 
  • Cookies 
  • Social media profile plug-in information 
  • Date of birth 
  • Your credit card information
  • Subscription preferences 
  • Location information and GPS data 
  • Any other information you upload or provide us with 
  1. How We Use Personal Data 

13.1 Backoffice AI uses the information collected to provide a safe, efficient, and customized experience. Here are some of the details on how we do that: 

To manage the service: We use the information we collect to provide our services and features to you, to measure and improve those services and features, and to provide you with customer support. We use the information to prevent potentially illegal activities and to enforce our terms and conditions. We also use a variety of technological systems to detect and address anomalous activity and to screen content to prevent abuse, such as spam. These efforts may, on occasion, result in a temporary or permanent suspension or termination of some functions for some users. 

To contact you: We may contact you with service-related announcements from time to time. You may opt out of all communications except for essential updates. 

  1. Who Else May Process Personal Data 

14.1 Backoffice AI may share the information collected with third parties to provide a safe, efficient, and customized experience. Here are some of the details on how we do that: 

To provide services: Backoffice AI may share your personal data with agents, contractors, or partners of Backoffice AI in connection with services that these individuals or entities perform for or with Backoffice AI. These agents, contractors, or partners are restricted from using this data in any way other than to provide services for Backoffice AI, or for the collaboration in which they and Backoffice AI are engaged. For example, some of our products are developed and marketed through joint agreements with other companies. We may, for example, provide your information to agents, contractors, or partners for hosting our databases, data processing, or mailing you information that you requested. 

  1. Changes to this Policy 

15.1 We may occasionally update or modify this privacy policy. To ensure that the importance of this privacy policy is communicated uniformly throughout the enterprise, all members of Backoffice AI’s leadership team will review, update, and ratify this privacy policy at least annually. 

15.2 For material changes to this privacy policy, we will notify you by placing a prominent notice on the homepage of our website or, if legally required, by directly sending you a notification. We encourage you to periodically review this privacy policy to stay informed about how we are helping to protect the personal data we collect. Your continued use of the service constitutes your agreement to this privacy policy and any updates. 

  1. Miscellaneous

16.1 Definitions 

Personal data (or “personal information”) means any information relating to an identified or identifiable natural person. An identifiable person is one who can be identified, directly or indirectly — in particular, by reference to an identification number or to one or more factors specific to his or her physical, physiological, mental, economic, cultural, or social identity. 

Special Categories of Personal Data pertains to personal data that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, and the processing of data concerning health or sex life. 

Sensitive personal data either indicates “special categories” (see above), or is personal data of which the sensitivity level has been assessed and classified, indicating potential severe impact on an individual when confidentiality of such data is breached. 

Anonymization is the deletion or changing of personal data in such a way that it can no longer be assigned to a certain or ascertainable individual or only with a disproportionately high effort in terms of time, cost, and work. 

Pseudonymization is the replacement of an individual’s name and other identifiable characteristics with a label to prevent identification of the individual by unauthorized parties or to render such identification substantially difficult. Pseudonymization techniques include certain levels of masking, redaction, tokenization, and/or encryption of personal data. 

Consent is any freely given, specific, and transparently well-informed indication of the will of the individual, whereby the individual agrees that his or her personal data may be processed. Particular requirements about consent can arise from the respective national laws. Where possible, consent is obtained in an explicit manner (unambiguously). 

Shopify Merchant means a business that uses Shopify’s platform and has installed our application. 

Store Customer means an individual who makes a purchase or interacts with a Shopify store that uses our application. 

Mandatory Compliance Webhooks means the required webhook endpoints (customers/data_request, customers/redact, shop/redact) that we must implement per Shopify’s requirements. 

Data Controller means the entity that determines the purposes and means of processing personal data. 

Data Processor means the entity that processes personal data on behalf of the data controller. 16.2 Shopify App Support 

For questions related to our Shopify app specifically: 

  • App Privacy Inquiries: support@backoffice-ai.com 
  • Technical Support: support@backoffice-ai.com 
  • Merchant Data Requests: support@backoffice-ai.com 

Response Times:

  • Privacy requests: Within 48 hours 
  • Technical support: Within 24 hours during business days 
  • Data deletion requests: Completed within 30 days 

For customers of stores using our app: Please contact the store owner directly for any data-related requests. 

16.3 Complaints and Communication (“Contact Us”) – Backoffice AI’s website and all its gateways are governed by the policies and principles outlined above. If you have questions about our collection, use, or disclosure of your personal information, please email us at support@backoffice-ai.com. If you are an employee, customer, or vendor of Backoffice AI and have any questions or concerns that have not been addressed here, please email us at support@backoffice-ai.com.