Privacy Policy

This Privacy Policy explains how Storos, operated by Eren Emre Kanal ("Storos," "we," "us," or "our"), collects, uses, shares, and protects information when you use our Shopify app, iOS app, app.storos.ai, marketing website, newsletters, and related services (collectively, the "Services").

This Privacy Policy applies to all Storos Services unless a separate privacy policy is posted for a specific service.

1. Scope

This Privacy Policy covers information collected through:

• our marketing website and other public pages;
• merchant and business user accounts;
• the Storos Shopify app;
• the Storos iOS app and app.storos.ai;
• newsletter signup forms and email communications; and
• support, sales, and other communications with us.

Our Services are intended for business use only and are not directed to children.

2. Information We Collect

We collect information in a few different ways.

A. Information you provide directly

Depending on how you use the Services, we may collect:

• name;
• email address;
• phone number;
• company or store name;
• account credentials and authentication information;
• communications with us, including support requests and feedback;
• newsletter signup details and communication preferences; and
• messages, prompts, and other content you submit when interacting with our AI features.

B. Information we collect from Shopify and connected commerce systems

If you connect your Shopify store or otherwise authorize access, we may collect and process store and commerce data made available to us, including information covered by Shopify scopes you authorize, such as:

• orders and order history;
• products, variants, collections, and catalog information;
• inventory levels, inventory movements, inventory transfers, and inventory shipment data;
• store locations;
• customers and customer profiles;
• fulfillments and fulfillment orders;
• discounts, returns, and order edits;
• analytics, reports, and business performance data;
• shipping information;
• gift card information;
• channel information;
• B2B/company information; and
• other data made available through authorized Shopify permissions.

This information may include personal information relating to your employees, customers, or other individuals associated with your business.

C. Automatically collected information

When you use the Services, we may automatically collect:

• device information;
• browser type and operating system;
• IP address;
• app usage data;
• pages viewed and actions taken;
• session information;
• referral URLs;
• approximate location derived from IP address; and
• cookie and similar technology data.

D. Information from service providers and other third parties

We may receive information from service providers and partners such as authentication providers, analytics vendors, communications vendors, cloud hosting providers, and future newsletter or payments providers.

3. How We Use Information

We use information to:

• provide, operate, maintain, and improve the Services;
• authenticate users and secure accounts;
• install, configure, and support our Shopify app and other integrations;
• analyze store data and generate insights, summaries, alerts, recommendations, and other outputs;
• provide AI-powered features and responses;
• send transactional, operational, onboarding, product, and support communications;
• send newsletters, marketing messages, and promotional communications, subject to applicable law and your preferences;
• monitor usage, debug issues, detect abuse, and protect the Services;
• conduct analytics, research, benchmarking, testing, and product development;
• comply with legal obligations and enforce our agreements; and
• respond to requests, questions, and support issues.

4. AI Processing

Storos uses third-party AI providers, including OpenAI and potentially other providers in the future, such as Anthropic/Claude, to help generate outputs, analysis, summaries, alerts, recommendations, and other responses.

When you use AI-related features, we may send relevant inputs to those providers, which may include merchant data, store data, customer-related data, operational data, and user messages, to generate responses for the Services.

We do not intend for your data submitted through these providers via our Services to be used to train their general models, based on our current provider settings and contracts. However, AI systems can produce inaccurate, incomplete, or unsuitable outputs, and you are responsible for reviewing outputs before relying on them.

5. Cookies and Similar Technologies

We use cookies and similar technologies for purposes such as:

• authentication and session management;
• analytics and performance measurement;
• security and fraud prevention;
• remembering preferences; and
• marketing, advertising, and retargeting activities, if and when enabled.

We currently use analytics tools including PostHog. We may also use additional advertising or retargeting tools in the future. Depending on your location, you may have rights to control certain cookie uses.

6. Communications

We may send you:

• account and login emails;
• alerts, digests, onboarding, and product-related messages;
• customer support messages;
• newsletters and marketing communications; and
• administrative and legal notices.

We currently use Postmark for certain email communications and may use a separate third-party email marketing provider for newsletters and marketing campaigns.

You can unsubscribe from marketing emails using the unsubscribe link in those messages. You may still receive transactional or service-related messages.

7. How We Share Information

We may share information:

• with vendors and service providers that help us operate the Services;
• with cloud hosting, infrastructure, database, analytics, email, customer support, security, and AI providers;
• with Shopify and other platforms when required to operate integrations;
• with professional advisors, auditors, insurers, and legal counsel;
• in connection with a merger, acquisition, financing, reorganization, asset sale, or similar transaction;
• to comply with law, legal process, or government requests;
• to protect our rights, users, business, systems, and Services; and
• with your direction or consent.

We may also use and disclose aggregated, anonymized, or de-identified information for analytics, benchmarking, product improvement, research, service development, and similar lawful purposes.

8. Merchant Data / Controller-Processor Relationship

If you connect a store or otherwise provide business data to Storos, you represent that you have the rights and permissions needed to provide that data and to authorize Storos to process it.

As between you and Storos, you are generally responsible for your relationship with your customers, employees, and other individuals whose information may be included in merchant data. In many cases, Storos acts as a service provider, processor, or similar role on your behalf with respect to merchant data you provide, while you remain responsible for the underlying business relationship and notices or consents required by law.

9. Data Retention

We retain information for as long as reasonably necessary for the purposes described in this Privacy Policy, including to provide the Services, comply with law, resolve disputes, and enforce our agreements.

In general:

• account information is retained while your account is active and for a reasonable period afterward;
• newsletter information is retained until you unsubscribe or we otherwise no longer need it;
• logs, backups, and security records may be retained for limited periods;
• merchant data may be retained as needed to operate the Services and comply with platform requirements; and
• when an account is canceled, we may disable the account, stop syncing store data, and place the account into a pending deletion state for approximately 30 days. If the deletion request is not reversed during that period, we will delete or de-identify applicable data, subject to legal, security, backup, platform, and recordkeeping requirements.

10. Data Security

We use reasonable administrative, technical, and organizational measures designed to protect personal information. However, no system is completely secure, and we cannot guarantee absolute security.

11. International Data Transfers

Our infrastructure and service providers may process and store information in the United States and other countries. By using the Services, you understand that your information may be transferred to and processed in countries that may have different data protection laws than your jurisdiction.

12. Your Rights and Choices

Depending on where you live, you may have rights regarding your personal information, such as the right to:

• request access to certain personal information;
• request correction of inaccurate information;
• request deletion of certain information;
• request portability of certain information;
• object to or restrict certain processing; and
• opt out of certain marketing communications.

You may also have rights under Shopify platform rules or applicable privacy laws.

To make a privacy request, contact us at privacy@storos.ai.

We may need to verify your identity before responding and may limit or deny requests where permitted by law.

13. Do Not Track / Similar Signals

Our Services may not respond to browser-based "Do Not Track" signals in all contexts.

14. Third-Party Services

The Services may link to or integrate with third-party services, including Shopify and other providers. We are not responsible for the privacy practices of those third parties.

15. Children

The Services are not intended for children, and we do not knowingly collect personal information from children.

16. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. We will post the updated version with a revised effective date. If changes are material, we may provide additional notice.

17. Contact Us

For privacy questions or requests, contact:

• Email: privacy@storos.ai
• General Contact: contact@storos.ai