Privacy Policy

Last updated: April 16, 2026

Respondro ("we", "our", "us") operates the Respondro application for Shopify merchants. This Privacy Policy explains how we collect, use, and protect information when you use our service.

1. Information We Collect

When you install and use Respondro, we collect the following information:

• Shopify store data: Store name, domain, currency, timezone, and store policies. We access order data, customer data, product data, and fulfillment data through the Shopify API to provide customer service automation.
• Customer email content: Emails forwarded to Respondro from your customer service inbox are stored in our database to enable AI-powered classification, drafting, and response management.
• Email connection credentials: IMAP/SMTP credentials you provide to connect your email account. Passwords are encrypted at rest using AES-256-GCM encryption.
• Account information: Your email address and store name used for authentication.

2. How We Use Your Information

We use your information exclusively to provide the Respondro service:

• Classifying incoming customer emails by category and priority
• Generating AI-drafted responses using Anthropic's Claude API
• Looking up Shopify order data to provide accurate, specific replies
• Executing approved actions (refunds, cancellations, address changes) via the Shopify API
• Displaying customer service metrics and analytics in your dashboard

3. AI Processing

Customer emails are processed by Anthropic's Claude AI to classify intent and generate draft responses. Important details:

• Your email data is never used to train AI models. Anthropic's API does not use customer data for model training.
• AI processing happens in real-time and results are stored in our database for your review.
• You maintain full control over whether AI-generated responses are sent automatically or require manual approval.

4. Data Storage and Security

• Database: All data is stored in Supabase (hosted on AWS infrastructure in the EU region).
• Encryption: Email passwords are encrypted at rest using AES-256-GCM. All data in transit is encrypted via TLS.
• Access control: Row Level Security (RLS) ensures each merchant can only access their own data. Server-side operations use a separate admin client with elevated permissions.
• Isolation: Each store's data is completely isolated from other stores through database-level security policies.

5. Data Sharing

We do not sell, rent, or share your data with third parties except:

• Anthropic (Claude AI): Email content is sent to Anthropic's API for classification and response generation. Anthropic does not retain or train on this data.
• Shopify: We interact with Shopify's API using the access token you grant during installation. We only access the data scopes you explicitly approve.
• Law enforcement: We may disclose data if required by law or to protect the rights and safety of our users.

6. Data Retention

• Your data is retained for as long as the Respondro app is installed on your Shopify store.
• When you uninstall the app, we retain your data for 48 hours (in case of accidental uninstall), then permanently delete it.
• Upon receiving a Shopify shop/redact webhook, all store data is permanently deleted.
• Customer-specific data is deleted upon receiving a Shopify customers/redact webhook.

7. GDPR Compliance

Respondro complies with the General Data Protection Regulation (GDPR):

• Data access: You can request an export of all data we hold about your store or your customers at any time by contacting support@respondro.ai.
• Data deletion: You can request deletion of your data at any time. Uninstalling the app triggers automatic deletion within 48 hours.
• Data portability: We can provide your data in a machine-readable format upon request.
• Data Processing Agreement (DPA): Available upon request for enterprise customers.

8. Shopify Customer Data

We access customer data from your Shopify store solely to provide customer service functionality. Specifically:

• Customer names and emails are used to match incoming support emails with Shopify orders.
• Order data (order numbers, tracking info, fulfillment status, financial status) is used to generate accurate AI responses.
• We do not access or store customer payment information — all payment processing is handled by Shopify.

9. Cookies

We use minimal cookies for authentication and security:

• Authentication cookies: To maintain your logged-in session.
• CSRF protection cookies: To prevent cross-site request forgery during the Shopify OAuth flow.

We do not use advertising cookies, tracking pixels, or analytics cookies.

10. Children's Privacy

Respondro is a business-to-business service and is not intended for use by individuals under 18 years of age.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through the app dashboard. Continued use of the service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

Email: support@respondro.ai
Company: Respondro
Location: Copenhagen, Denmark