Privacy Policy

Account data: When you install Bisso from the Shopify App Store, we collect your store name, store URL, email address, and Shopify access tokens required to operate the service.

Shopify store data: To power the AI agent, we access order data, product information, customer records, inventory levels, and fulfillment details through the Shopify API. We only access what is necessary for the features you enable.

Customer interaction data: Messages sent through the chat widget or email channel, including customer names, email addresses, and the content of their inquiries.

Usage data: We collect anonymized analytics on how you interact with the Bisso dashboard, including page views, feature usage, and performance metrics.

Cookies: We use essential cookies for session management and optional analytics cookies. See our cookie consent banner for details.

We use the data we collect to:

• Provide and operate the Bisso AI customer support agent for your store
• Process customer inquiries, including looking up orders, processing refunds, and checking tracking information
• Generate AI-powered responses and draft messages for your review
• Improve the quality and accuracy of AI responses over time
• Send you service-related notifications and billing information
• Monitor and improve the security and performance of our platform

We do not sell, rent, or share your data with advertisers or unrelated third parties.

Your data is stored securely using industry-standard practices:

• Infrastructure: All data is hosted on Supabase, which runs on Amazon Web Services (AWS) infrastructure in the EU region.
• Encryption at rest: All sensitive data, including Shopify access tokens and API keys, is encrypted using AES-256 encryption before being stored in our database.
• Encryption in transit: All data transmitted between your browser, our servers, and third-party services is encrypted using TLS 1.2 or higher.
• Access control: We employ row-level security (RLS) policies in our database to ensure strict data isolation between stores. Each merchant can only access their own data.
• Backups: Automated daily backups are maintained with point-in-time recovery capabilities.

We share data with the following third-party services, strictly as required to provide our service:

• Anthropic (Claude API): Customer messages and relevant order context are sent to Anthropic's Claude API to generate AI responses. Anthropic processes this data according to their privacy policy. Anthropic does not use your data to train their models when accessed via the API.
• Shopify API: We interact with the Shopify API to read and write store data (orders, products, refunds, etc.) as authorized by you during the OAuth installation process.
• Supabase / AWS: Our database provider, hosting all application data within EU-based data centers.

We do not share data with any other third parties without your explicit consent.

We retain your data for as long as your account is active and you use our services. Specifically:

• Active accounts: All data is retained while your Bisso subscription is active.
• After uninstall: When you uninstall the Bisso app from your Shopify store, we retain your data for 30 days in case you choose to reinstall. After 30 days, all store data, tickets, and conversation history are permanently deleted.
• Billing records: We retain billing records for up to 5 years as required by applicable tax and accounting laws.
• Anonymized analytics: Aggregated, anonymized data may be retained indefinitely for service improvement purposes.

If you are located in the European Economic Area (EEA), you have the following rights under the General Data Protection Regulation (GDPR):

• Right of access: You can request a copy of all personal data we hold about you.
• Right to rectification: You can request correction of inaccurate or incomplete data.
• Right to erasure: You can request deletion of your personal data, subject to legal retention requirements.
• Right to restrict processing: You can request that we limit how we use your data.
• Right to data portability: You can request your data in a structured, machine-readable format.
• Right to object: You can object to the processing of your data for certain purposes.
• Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, please contact us at privacy@bisso.ai. We will respond within 30 days.

You also have the right to lodge a complaint with your local data protection authority. In Denmark, this is the Danish Data Protection Agency (Datatilsynet).

For any questions or concerns about this Privacy Policy or your data, please contact us:

We may update this Privacy Policy from time to time. When we make significant changes, we will notify you via email or through a notice in the Bisso dashboard. Your continued use of the service after any changes constitutes acceptance of the updated policy.