Privacy Policy for Aivi

Last updated: June 10, 2026

1. Information We Collect

Aivi collects the following information when you install and use our app:

• Shop Information: Your Shopify shop domain and access token (required for API access).
• Product Data: Product titles, descriptions, and metadata from your Shopify catalog (used for AI readiness scoring). This data is accessed in real-time via the Shopify API and is not permanently stored, except for caching purposes with a maximum retention of 5 minutes.
• AI Crawler Data: We detect and log visits from AI crawlers (user agent, IP address, timestamp) to help you understand AI agent interactions with your store.
• Search Queries: Search queries made by AI crawlers accessing your product catalog, including query text and result counts.
• Order Attribution: Order IDs and GMV attributed to AI-discovered customers.
• Usage Data: Plan selection, feature usage, and app configuration settings.

2. What We Do NOT Collect

• We do not collect, store, or process customer personally identifiable information (PII) such as names, email addresses, phone numbers, or shipping addresses.
• We do not collect payment information. All payment processing is handled by Shopify.
• We do not track individual user behavior on your storefront.

3. How We Use Your Information

• To provide and improve the Aivi service
• To audit AI-readable content (llms.txt) and monitor AI visibility for your store
• To provide analytics about AI agent interactions with your store
• To process subscription payments via Shopify Billing API

4. Data Storage and Security

Your data is stored on secure servers with HTTPS encryption in transit. Database access is restricted to authorized personnel only. Access tokens are stored securely and are never shared with third parties.

5. Data Sharing

We do not sell, rent, or share your data with third parties, except:

• With Shopify as required to operate the app (billing, authentication)
• With AI crawlers that access your public API endpoints (llms.txt audit) — only data you have explicitly enabled in Settings
• As required by law or legal process

6. Data Retention

• Search logs: Retained for 90 days, then automatically deleted
• Crawler visit logs: Retained for 90 days, then automatically deleted
• Order attribution: Retained during active subscription
• Access token: Deleted upon app uninstallation or shop redaction request
• Catalog scans: Retained during active subscription

7. Your Rights (GDPR/CCPA)

You have the right to:

• Access: Request a copy of all data we hold about you
• Deletion: Request deletion of your personal data
• Data Portability: Export your data in a machine-readable format (JSON)
• Object: Object to processing of your data
• Opt Out of Sale: We do not sell your data (CCPA)

You can exercise these rights by uninstalling the app (which triggers automatic data deletion), contacting us at privacy@aivi.com, or using the GDPR webhook endpoints built into the app.

8. Shopify Webhook Compliance

Aivi complies with Shopify's mandatory webhook requirements:

• app/uninstalled: We immediately reset your plan to free, delete all sessions and settings
• shop/redact: We delete all stored data within 48 hours
• customers/data_request: We respond within 24 hours confirming we store no customer PII
• customers/redact: We delete any referenced customer data within 10 days (we store no customer PII)

9. Cookies

Aivi does not use third-party cookies. As an embedded Shopify app, we rely on Shopify session tokens for authentication.

10. Contact

For privacy-related inquiries, contact us at privacy@aivi.com.