Privacy Policy

Last updated: March 2026

1. What Data We Collect

VoxifyAgent collects the following data when you install and use our app:

  • Store information: Your Shopify store domain and access credentials (encrypted at rest using AES-256-GCM)
  • API keys: Your OpenAI or Google Gemini API key, provided voluntarily by you. Keys are encrypted before storage and never stored in plaintext.
  • Voice session transcripts: Text transcriptions of voice conversations between your customers and the AI agent, including messages, tool calls, and session metadata (duration, timestamps).
  • Agent configuration: Your agent name, voice selection, custom instructions, and AI provider preference.

We do not collect or store credit card information, passwords, or customer personal accounts.

2. How We Use Your Data

  • To power the AI voice shopping assistant on your storefront
  • To display conversation analytics in your dashboard
  • To process tool calls (product search, order lookup, cart management) via Shopify APIs
  • To improve the service and fix bugs

We never sell, rent, or share your data with third parties for marketing purposes.

3. Third-Party Services

Voice sessions are processed by the AI provider you select:

  • OpenAI (if selected): Audio is sent to OpenAI's Realtime API using your own API key. See OpenAI Privacy Policy.
  • Google Gemini (if selected): Audio is processed through our server-side proxy using your API key. See Google Privacy Policy.

4. Data Retention

Voice session transcripts are retained for 90 days from the date of the conversation, after which they are automatically deleted. Store configuration data is retained as long as the app is installed.

5. Data Security

  • All API keys and access tokens are encrypted using AES-256-GCM with PBKDF2 key derivation
  • All communication uses HTTPS/TLS encryption
  • Webhook signatures are verified using HMAC-SHA256 with timing-safe comparison
  • OAuth state parameters prevent CSRF attacks
  • Database hosted on PostgreSQL with encrypted connections

6. GDPR Compliance

We comply with the General Data Protection Regulation (GDPR) and Shopify's data protection requirements:

  • Right to deletion: When you uninstall the app or request data deletion, all associated data (sessions, configurations, API keys) is permanently deleted.
  • Customer data requests: We process Shopify's customer data request webhooks and export any session data containing the customer's email.
  • Customer data deletion: We delete all session data containing a customer's personal information upon receiving a redaction request.

7. Your Rights

You have the right to:

  • Access your data at any time through the app dashboard
  • Delete your data by uninstalling the app
  • Request a copy of all stored data
  • Withdraw consent by removing your API keys

8. Contact

For privacy-related questions or data requests, contact us at:

privacy@voxifyagent.com

9. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of material changes through the app dashboard or email.