Purrchase AI — Privacy Policy

Last updated: March 9, 2026

This Privacy Policy describes how Purrchase AI ("we," "our," or "the App"), operated by Luminow ("Company"), collects, uses, and shares information when you install and use our Shopify application. We are committed to protecting your privacy and handling your data responsibly.

1. Information We Collect

1.1 Information from Shopify OAuth

When you install Purrchase AI, we receive the following information through Shopify's OAuth process:

Data Type	Purpose
Staff Member Name (first name, last name)	Display in the app interface
Staff Member Email	Account identification and communication
User ID	Session management
Shop Domain	Service delivery and store identification
Access Token	API access to your Shopify store (stored securely)

1.2 Shopify API Scopes (Permissions)

Purrchase AI requests the following permissions from your Shopify store. Each scope is used solely for the stated purpose:

Scope	Purpose
`read_products`	Read product catalog (titles, images, types, tags) for mascot try-on generation
`write_products`	Write product metafields to publish mascot try-on images and videos to product pages
`read_files`, `write_files`	Upload generated mascot images, GIFs, and videos to Shopify's Files CDN for storefront delivery
`read_metaobjects`, `write_metaobjects`	Create and read custom metaobject definitions for mascot configuration data
`read_orders`	Access order data (totals, line items, customer journey) for conversion attribution analytics
`read_customers`	Read customer order count and journey summary for attribution (email is hashed before storage)

1.3 Product Data

For products you select for mascot generation, we access and process:

Product titles, descriptions, types, and tags
Product images (sent to Google Gemini AI API for mascot content generation)
Product metadata (category, brand name, wear location) for prompt generation
Variant information for display purposes

1.4 Anonymous Storefront Interaction Data (Web Pixel)

We collect anonymous storefront visitor interactions using Shopify's Web Pixel API. This pixel runs in Shopify's strict sandbox environment and is gated behind your store's customer privacy consent settings (analytics category). The pixel collects:

Event Type	Data Collected
Product Viewed	Anonymous client ID, product ID, product title, variant ID, price, currency, page URL
Added to Cart	Anonymous client ID, product ID, product title, quantity, price, currency
Checkout Completed	Anonymous client ID, line item product IDs, total price, currency, order ID
Mascot Interaction	Anonymous client ID, product ID, trigger mode (Peek, Reveal, Celebrate, Rescue), product title
Video Engagement	Anonymous client ID, product ID, video asset ID, watch duration, trigger source

Important: All storefront interaction data is keyed by a Shopify-assigned anonymous client ID — NOT by customer email, name, or any personally identifiable information. We cannot directly link interaction records to a specific customer identity.

1.5 Order Attribution Data

When an order is placed, we receive order data via Shopify webhooks to measure mascot conversion impact:

Order ID, name, total, and currency
Line item product IDs and prices
Customer ID and email — email is hashed using SHA-256 before storage; raw email is never retained in our database
Customer order count (new vs. returning customer detection)
Shopify's customerJourneySummary (first/last source, medium, campaign, landing page, days to conversion)

Attribution works by cross-referencing ordered product IDs with anonymous mascot interaction records within a 28-day attribution window.

1.6 Billing & Subscription Data

Subscription plan selection, billing status, and usage limits are tracked in our database. All billing charges are processed through Shopify's billing system — we never handle payment card information directly.

2. How We Use Your Data

Mascot content generation: Product images and metadata are sent to Google's Gemini AI API to generate mascot try-on images, GIFs, and videos. No customer personal information is transmitted to Google.
Storefront display: Generated content is published to product metafields (namespace: purrchase) and delivered to your storefront via Shopify's theme extension system.
Conversion analytics: Anonymous interaction data is correlated with order data to calculate conversion metrics, ROI, and funnel reports shown in your Purrchase AI dashboard.
Trigger optimization: Interaction patterns inform the behavioral trigger algorithm (Purr Trigger) that determines when to display mascot content to shoppers.
Service improvement: Aggregated, anonymized usage patterns help us improve the trigger algorithm and overall app experience.
Billing enforcement: Usage counts (completed mascot generations per month) are tracked to enforce plan limits.

3. Storefront Modifications

Purrchase AI modifies your storefront in the following ways when enabled:

3.1 Theme App Extension

Product block: Injects a mascot try-on image/video overlay on product pages via Shopify's theme app extension system. This reads data from product metafields (namespace: purrchase).
Cart widget: Optional mascot celebration on add-to-cart actions.
Global embed overlay: A lightweight JavaScript engine (purr-trigger.js) loaded on product pages that detects shopper engagement signals and triggers mascot display at optimal moments.

3.2 Product Metafields

Generated mascot content (image URLs, GIF URLs, video URLs) is stored as product metafields under the purrchase namespace. These metafields are read by the theme extension to display content on your storefront. Metafields persist until you unpublish them or uninstall the app.

3.3 Web Pixel Extension

A Shopify Web Pixel (purrchase-pixel) is installed to track anonymous storefront events. The pixel runs in Shopify's strict sandbox and respects your store's customer privacy consent settings. Events are batched (up to 20 events, flushed every 3 seconds) and sent to your app proxy endpoint via HMAC-verified requests.

4. Cookies, Local Storage & Browser Data

4.1 Admin (Embedded App)

Uses Shopify session tokens for authentication. No third-party cookies are set by the admin interface.

4.2 Storefront (Purr Trigger Engine)

Storage Type	Key	Data Stored	Retention	Consent Required
sessionStorage	`purr_session_v4`	Frequency capping (dismissed/celebrated product IDs within current session)	Browser tab close	No (essential)
localStorage	`purr_product_views_v1`	Product view history (up to 50 product IDs with timestamps) for return visitor detection	Persistent (up to 50 entries)	Yes (analytics consent via Shopify Customer Privacy API)

When analytics consent is not granted (e.g., EU/EEA visitors under GDPR), localStorage is not used and the app falls back to sessionStorage only. No third-party cookies are set on the storefront.

5. Third-Party Services

Provider	Data Shared	Purpose
Google Gemini AI API	Product images and metadata only (category, brand name, wear location). No customer PII.	AI-powered mascot try-on image, GIF, and video generation
Shopify APIs	Product data, order data, metafields, files, webhooks, analytics pixel events	Core service delivery, billing, storefront integration

We do NOT sell, rent, or share your data with any parties other than those listed above. No customer personal information is sent to AI providers.

6. Data Retention & Deletion

Data Type	Retention Period
Session data	Until logout or app uninstall
Store configuration & mascot jobs	While app is installed
Anonymous interaction data (MascotInteraction)	90 days — automatically deleted daily via scheduled cleanup
Conversion attribution data (ConversionEvent)	While app is installed (historical analytics)
Product metafields	Until unpublished by merchant or product deleted

On uninstall: All associated data — store configuration, mascot jobs, interaction records, conversion events, and session data — is automatically deleted within 48 hours via our APP_UNINSTALLED webhook handler.

7. GDPR & Privacy Law Compliance

We comply with applicable privacy regulations including the GDPR, CCPA/CPRA, and other data protection laws. We implement all of Shopify's mandatory compliance webhooks:

Webhook	Action Taken
`customers/data_request`	We compile all ConversionEvent records associated with the customer's Shopify ID and make them available to the merchant. Anonymous MascotInteraction records (keyed by anonymous client ID) cannot be directly linked to a specific customer.
`customers/redact`	We anonymize all customer identifiers — customer ID and hashed email are set to null in ConversionEvent records.
`shop/redact`	We delete all data associated with the shop — interactions, conversion events, mascot jobs, shop config, and sessions.

8. Your Rights

Depending on your jurisdiction, you and your customers may have the following rights:

8.1 General Rights (GDPR, CCPA, and equivalent laws)

Right to access: Request a copy of all personal data we hold
Right to correction: Request correction of inaccurate data
Right to deletion: Request erasure of your data
Right to restrict processing: Object to certain data processing activities
Right to portability: Receive your data in a portable format

8.2 California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights:

Right to know what personal information is collected, used, shared, or sold
Right to delete personal information held by businesses
Right to opt-out of sale of personal information (we do not sell your data)
Right to non-discrimination for exercising your privacy rights

8.3 How to Exercise Your Rights

Merchants can access their data via the App's Settings, Jobs, and Analytics pages. Customer rights are handled through Shopify's mandatory compliance webhooks described above. You may also contact us directly at the address below.

9. Data We Do NOT Collect

For clarity, we do NOT collect or process:

Customer payment information, credit card details, or billing addresses
Customer passwords or authentication credentials
Raw customer email addresses (only SHA-256 hashes for attribution)
Customer physical addresses or phone numbers
Location data or IP addresses of storefront visitors
Third-party tracking cookies or advertising pixels

10. Data Security

We protect your data using industry-standard practices:

Encryption in transit: All data transmitted via HTTPS/TLS
HMAC verification: All Shopify webhook and app proxy requests are cryptographically verified
Secure authentication: Shopify App Bridge v4 session tokens
Email hashing: Customer emails hashed with SHA-256 before storage (one-way, irreversible)
Database access: Restricted to authenticated application processes only
Input validation: Event structure, field lengths, and allowed event types enforced
Rate limiting: App proxy endpoint rate-limited to prevent abuse
Web Pixel sandbox: Pixel runs in Shopify's strict sandbox environment with no DOM access

11. Children's Privacy

The Service is not directed to children under 16. We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child under 16, we will delete that information promptly.

12. International Data Transfers

Your data may be processed in the United States where our servers are hosted. For transfers from the EU/EEA, we rely on standard contractual clauses and other legally recognized transfer mechanisms to ensure adequate data protection.

13. Shopify Data Protection

As a Shopify app, we comply with Shopify's Partner Program requirements and data protection addendum. We process data only as necessary to provide the Service and in accordance with Shopify's guidelines.

14. Changes to This Policy

We may update this Privacy Policy from time to time. Continued use of the App after changes constitutes acceptance. We will notify merchants of material changes through the App dashboard or email.

15. Contact

If you have questions about this Privacy Policy, wish to exercise your privacy rights, or have concerns about our data practices:

Luminow
Email: support@luminow.ai
Privacy inquiries: privacy@luminow.ai

If you are unsatisfied with our response, you have the right to lodge a complaint with your local data protection authority.