Privacy Policy
Last updated: 10 March 2026
Introduction
Nudge is a Shopify app that provides an AI-powered shopping assistant on merchant storefronts. The assistant helps customers browse products, get recommendations, and add items to their cart through natural conversation.
This privacy policy explains what data we collect, how we process it, and how long we retain it. It applies globally — we maintain a single policy for all users regardless of jurisdiction.
Data we collect
Nudge collects the minimum data necessary to provide the shopping assistant experience. We do not create customer accounts or maintain persistent profiles.
- Session metadata — A temporary session identifier, the store domain, and timestamps. Used to maintain conversation continuity during a single visit.
- Conversation content — Messages exchanged between the customer and the AI assistant during a session. Processed to generate relevant responses.
- Usage metrics — Session counts, token usage, and conversion events (add-to-cart, checkout). Used for billing and analytics provided to the merchant.
- Session browsing activity (optional) — When a customer explicitly opts in, pages viewed during the current session (for example product and collection pages) are used to personalise recommendations in-chat.
How we process data
Data is processed for three purposes:
- AI response generation — Conversation messages may be routed through Vercel AI Gateway and sent to Anthropic, Google, and OpenAI depending on configured model selection. Product data is queried live from Shopify's Storefront API and is not stored by Nudge.
- Session management — Session state is maintained in our database (Convex) to support multi-turn conversations and cart operations.
- Billing — Usage metrics are recorded to calculate merchant billing through Shopify's billing system.
- Personalised recommendations (opt-in) — Browsing activity is only used when the customer explicitly opts in within the widget. Consent is recorded per session and can be withdrawn at any time by disabling the option.
Data retention
- Conversations — All conversation data is automatically deleted after 24 hours. We do not retain chat history beyond the active session.
- Browsing activity (if opted in) — Browsing activity used for personalisation is session-scoped and deleted with the same 24-hour retention window.
- Usage records — Aggregated usage metrics (session counts, token totals) are retained for billing reconciliation in line with Shopify's billing cycle requirements.
Sub-processors
We use the following third-party services to operate Nudge:
| Provider | Data shared | Purpose | Location |
|---|---|---|---|
| Anthropic | Conversation messages and prompts when Anthropic models are configured | AI response generation | See provider policy |
| Conversation messages and prompts when Gemini models are configured | AI response generation | See provider policy | |
| OpenAI | Conversation messages and prompts when OpenAI models are configured | AI response generation | See provider policy |
| Convex | Sessions, metadata, store configuration | Database and real-time backend | United States |
| Vercel | Request metadata and AI request payloads routed through Vercel AI Gateway | Application hosting, edge network, and AI Gateway routing | Global |
| Vercel KV (Upstash) | Hashed IP addresses | Rate limiting | United States |
- Anthropic states API inputs and outputs are not used to train models by default and may be retained for up to 30 days for trust and safety monitoring.
- Google states Gemini API abuse-monitoring logs are not used to train models and may be retained for up to 55 days.
- OpenAI states API data is not used to train models by default and abuse-monitoring logs may be retained for up to 30 days.
Data subject requests
Nudge processes data subject requests (access, deletion, portability) through Shopify's mandatory compliance webhooks. When a customer exercises their rights through the merchant's store, Shopify notifies Nudge and we fulfil the request automatically.
Given our 24-hour data retention policy, most conversation data will have already been deleted by the time a request is processed. Customers should contact the merchant's store directly to exercise their data rights.
Cookies
Nudge uses a single session cookie to maintain conversation continuity during a store visit. This cookie is strictly necessary for the assistant to function and has a 24-hour lifetime. We do not use tracking cookies, analytics cookies, or any third-party cookies. Personalisation preference is stored in session storage in the customer's browser for the current browsing session only.
Security
We implement industry-standard security measures to protect data in transit and at rest:
- All API tokens and credentials are encrypted at rest using AES-256-GCM
- All incoming Shopify webhooks are verified using HMAC-SHA256 signatures
- All communication uses TLS encryption in transit
- Rate limiting protects against abuse
Changes to this policy
We may update this privacy policy from time to time. Material changes will be communicated to merchants via email and through the Shopify admin dashboard. The "last updated" date at the top of this page reflects the most recent revision.
Contact
For privacy-related questions or concerns, contact us at privacy@nudge.dev.