EmilyAI, developed by Softio, adheres to the General Data Protection Regulation (GDPR) for users in the European Economic Area (EEA). This page details our data practices and your rights under GDPR.
1. Data Controller
Softio is the data controller for data processed by EmilyAI. Contact us at support@softio.online.
2. Lawful Basis for Processing
We process data under the following GDPR bases:
- Contractual Necessity (Art. 6(1)(b)): To fulfill our agreement with Shopify merchants by syncing products and purchases for personalization.
- Legitimate Interest (Art. 6(1)(f)): To maintain and improve the App’s functionality, provided this does not override your rights.
- Legal Obligation (Art. 6(1)(c)): To comply with Shopify’s API terms and applicable laws.
3. Data We Process
We process minimal data, including:
- Customer IDs: Shopify-provided identifiers to link purchases to users.
- Product Data: Product IDs, titles, descriptions, prices, inventory, images, tags, vendors, and creation dates.
- Purchase Data: Order details (e.g., product IDs, quantities, prices) tied to customer IDs.
- Technical Logs: Timestamps and error logs for troubleshooting.
We do not collect sensitive personal data (e.g., names, emails, addresses) beyond customer IDs.
4. Purpose of Processing
Data is processed to:
- Sync and store product and purchase data for personalized recommendations.
- Support subscription plans (Free, Standard, Pro).
- Ensure technical stability and compliance with Shopify.
5. Data Retention
Data is retained as long as your store uses EmilyAI. Upon uninstallation or customer request:
- Product and purchase data is deleted within 30 days via Shopify webhooks.
- Trial end dates are retained indefinitely in a separate table for reinstallation purposes.
6. Your GDPR Rights
As an EEA resident, you have the following rights:
- Right to Access (Art. 15): Request a copy of your data.
- Right to Rectification (Art. 16): Correct inaccurate data.
- Right to Erasure (Art. 17): Request deletion (via Shopify’s redact webhooks).
- Right to Restrict Processing (Art. 18): Limit how we use your data.
- Right to Data Portability (Art. 20): Obtain your data in a machine-readable format.
- Right to Object (Art. 21): Object to processing based on legitimate interest.
- Right to Lodge a Complaint (Art. 77): Contact your local data protection authority.
Exercise these rights by emailing support@softio.online. We respond within one month, extendable by two months for complex requests.
7. Shopify Webhooks
We comply with Shopify’s GDPR webhooks:
- Customers/Data Request: Provide purchase data tied to a customer ID.
- Customers/Redact: Delete purchase data for a customer.
- Shop/Redact: Delete all store data, retaining only trial end date.
8. Data Transfers
Data is stored via Supabase, which may involve transfers outside the EEA. We rely on Standard Contractual Clauses (SCCs) to ensure GDPR-compliant data protection.
9. Security Measures
We use AES-256-CBC encryption for access tokens, secure Supabase storage, and logging controls to protect data. However, we cannot guarantee protection against all breaches.
10. Contact Us
For GDPR-related inquiries, email support@softio.online.