Legal

Privacy Policy

Last updated: May 31, 2026

This Privacy Policy explains how SlayCommerce ("SlayCommerce", "we", "us", or "our") collects, uses, shares, and protects information in connection with the SlayCommerce application and related services (the "Service"), including our application distributed through the Shopify App Store. It is designed to meet the requirements of the Shopify Partner Program and applicable data-protection laws, including the EU/UK General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA/CPRA).

In this policy, a "Merchant" is a business that installs and uses the Service. A "Customer" is an individual who shops with a Merchant's store. Depending on the context, SlayCommerce acts as a data controller for Merchant account data and as a data processor for store and Customer data that we process on a Merchant's behalf.

1. Information We Collect

From Merchants

  • Account & contact data: name, business name, email address, and authentication identifiers used to create and secure your account.
  • Billing data: subscription tier and billing status. Payments are processed by the platform's billing system (e.g., Shopify Billing) or our payment processor; we do not store full card numbers.
  • Connection credentials: access tokens and webhook secrets for the platforms you connect, stored in encrypted or restricted form and used only to operate the integration.

From your connected store (processed on your behalf)

  • Store data: products, inventory, pricing, orders, draft orders, and analytics.
  • Customer data: Customer names, email addresses, phone numbers, shipping/billing details, and order history, to the extent required to provide insights, ordering, and communication features.

Automatically

  • Usage & device data: log data, IP address, browser type, and feature interactions, used for security, debugging, and improving the Service.
  • Cookies & similar technologies: see our Cookie Policy.

2. How We Use Information

  • to provide, operate, secure, and support the Service;
  • to generate analytics, insights, forecasts, and AI-assisted drafts (such as order suggestions, pricing recommendations, and customer communications) that you request or enable;
  • to process billing, prevent fraud and abuse, and enforce our Terms of Service;
  • to communicate with you about service updates, security notices, and support;
  • to comply with legal obligations.

We do not sell personal information, and we do not use Customer personal data to train general-purpose AI models for unrelated purposes.

3. AI & Automated Processing

Some features send limited, relevant data to trusted AI model providers to generate text, recommendations, or analysis. These providers act as our sub-processors and are contractually restricted from using the data except to provide their service to us. AI output is advisory and is presented for your review.

No automated decisions with legal or significant effects. The Service produces insights, scores, and drafts (such as customer profitability rankings, recommendations, suggested orders, pricing recommendations, and draft communications) to assist the Merchant. These outputs are decision-support tools directed at the Merchant's own business operations, not automated decisions that determine a Customer's treatment. By default, actions that affect a Customer — such as creating an order, changing a price, or sending a message — are presented to the Merchant for confirmation before they take effect; suggested orders, in particular, are held in a pending state until a person confirms them. A Merchant may choose to enable automation for certain routine actions, in which case those actions run on the Merchant's configured instructions and under the Merchant's responsibility, as described in our Terms of Service. In all cases, we do not use these outputs to make decisions that produce legal or similarly significant effects on a Customer (such as credit, eligibility, or denial of goods or pricing) without the availability of human review. A Customer who wishes to obtain human review of, or to object to, any automated processing should contact the Merchant whose store they interacted with; we will assist the Merchant in responding.

4. How We Share Information

We share information only as needed and as described here:

  • Sub-processors & service providers who help us run the Service (for example, cloud hosting, database, AI model providers, and email delivery), under contracts requiring appropriate safeguards;
  • Platforms you connect (such as Shopify), to read and write the data you authorize;
  • Tools the Merchant connects (for example, HubSpot, monday.com, accounting, and email providers): when a Merchant enables an integration, we transmit the relevant data to that destination on the Merchant's instruction and behalf so it appears in the Merchant's own account on that tool. This is a processor-to-processor transfer directed by the Merchant; it is not a sale of personal information and we receive no consideration for it;
  • Legal & safety disclosures when required by law or to protect rights, property, or safety;
  • Business transfers in connection with a merger, acquisition, or sale of assets, subject to this policy.

We do not sell or "share" personal information as those terms are defined under the CCPA/CPRA and similar laws, and we do not disclose personal information for cross-context behavioral advertising. We have not done so in the preceding twelve months. Because we do not sell or share personal information, there is nothing to opt out of in that respect; however, if you believe we have, or to submit a "Do Not Sell or Share My Personal Information" request, contact us at support@slaycommerce.com.

5. Data Retention & Deletion

We retain data for as long as needed to provide the Service and for legitimate business or legal purposes. When you uninstall the app or close your account, we delete or de-identify Merchant and store data within a commercially reasonable period, except where retention is legally required.

Shopify mandatory data requests. In accordance with Shopify's requirements, we honor the mandatory compliance webhooks:

  • customers/data_request — we provide the stored data we hold about a Customer upon a Merchant's request;
  • customers/redact — we erase the personal data we hold about a specific Customer;
  • shop/redact — we erase the Merchant's shop data after the app is uninstalled.

6. Your Rights

Depending on your location, you may have rights to access, correct, delete, port, or restrict the processing of your personal data, and to object to certain processing. Customers should direct such requests to the Merchant whose store they interacted with; we will assist Merchants in fulfilling those requests. To exercise rights regarding Merchant account data, contact us using the details below.

7. International Transfers

We may process and store information in countries other than your own. Where required, we use appropriate safeguards (such as Standard Contractual Clauses) for international transfers of personal data.

8. Security

We use technical and organizational measures designed to protect information, including encryption in transit, access controls, and signed/verified webhooks. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

9. Children's Privacy

The Service is intended for businesses and is not directed to children. We do not knowingly collect personal data from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated version with a new "Last updated" date and, for material changes, provide additional notice where appropriate.

11. Contact Us

For privacy questions or to exercise your rights, contact our privacy team at support@slaycommerce.com.