Privacy Policy
Last updated: May 6, 2026
iBuzz AI Chatbot ("we", "our", or "the App"), operated by Group 4 United Pty Ltd, respects the privacy of its users. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you install and use our Shopify application.
1. Information We Collect
When you install and use the App, we may collect the following information:
From Merchants (App Users)
- Shopify Store Information: Store domain name, access tokens (encrypted), and OAuth scopes required for app functionality.
- Product Data: Product titles, descriptions, prices, images, inventory, and variant information used to power the AI chatbot's product recommendations.
- Configuration Data: Chatbot settings, display preferences, knowledge base content, and API keys you choose to provide.
- Billing Information: Subscription plan, charge IDs managed through Shopify's billing system.
From Store Customers (End Users)
- Chat Interactions: Messages sent to and received from the chatbot, including session identifiers.
- Guest Information: Name and email address, only when voluntarily provided through the chat widget's guest registration form.
- Customer Identifiers: Shopify customer IDs for logged-in customers interacting with the chatbot.
2. How We Use Your Information
- Provide App Functionality: Power AI chatbot responses, product search and recommendations, and knowledge base answers.
- Product Sync: Synchronize and index product data using vector embeddings for semantic search capabilities.
- Improve Service: Monitor usage patterns and chat analytics to improve chatbot performance.
- Communication: Send transactional emails related to app installation, plan changes, and support.
- Billing: Process subscription charges through Shopify's billing system.
3. Third-Party Services
We use the following third-party services to provide app functionality:
- Google Gemini API: For AI-powered chat responses and vision analysis.
- OpenAI API: For text embeddings (vector search) and supplementary AI responses.
- Qdrant: Vector database for storing product embeddings (self-hosted or managed).
- Resend: For transactional email delivery.
These services process data according to their own privacy policies. We only share the minimum data necessary for functionality.
4. Data Storage and Security
- Shopify access tokens are encrypted using AES-256 before storage.
- All data is stored in a secured PostgreSQL database with SSL encryption in transit.
- API keys provided by merchants are encrypted at rest.
- We use HTTPS for all communications between the app and external services.
- Shop data is isolated per merchant -- no cross-shop data access is possible.
5. Data Retention and Deletion
- When you uninstall the App, your store's access token is immediately revoked and the App can no longer access your store data.
- Within 48 hours of uninstallation, Shopify sends a mandatory
shop/redact webhook, upon which we permanently delete all data we hold for your shop (products, chat history, settings, knowledge base, API keys, subscriber data, and the shop record itself).
- Customer data deletion requests (GDPR) received via Shopify's
customers/redact webhook are processed promptly -- all chat sessions and subscriber records for the requested customer are permanently deleted.
6. Customer Data Requests (GDPR Compliance)
We comply with GDPR and Shopify's mandatory data privacy requirements:
- Data Access Requests: We identify and report all data held for a specific customer upon request.
- Data Deletion Requests: We permanently delete all personal data associated with a specific customer upon request.
- Shop Data Deletion: We permanently delete all shop data 48 hours after app uninstallation.
7. Cookies and Tracking
The chat widget uses browser localStorage and sessionStorage to maintain conversation state across page navigations. This data is stored locally in the customer's browser and is not transmitted to third parties. No tracking cookies are used.
8. Children's Privacy
Our App is not directed at children under 13. We do not knowingly collect personal information from children.
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify merchants of any material changes via email or in-app notification.
10. Contact Us
If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at: