Privacy Policy

Last updated: May 5, 2026

1. Who We Are

OrderWise AI (“we”, “our”, “us”) is a Shopify application that provides AI-powered customer support chatbots for e-commerce stores. Operated by Senni Can Turhan. Contact: privacy@orderwise.dev

2. Data We Collect

  • Order data — Order ID, status, tracking info, shipping dates, amounts, line items. Received from the Shopify store via webhooks.
  • Customer data — Name, email, phone, address. Only when provided by the customer in chat or matched via order lookup.
  • Conversation history — Customer messages and AI responses. Stored for 30 days, then automatically deleted.
  • Store configuration — Shop domain, plan, brand color, language. Stored while the app is installed.

3. How We Use Your Data

  • Match support inquiries with the correct order
  • Generate personalized AI responses about order status, tracking, and FAQs
  • Manage plan limits and billing
  • Improve our service quality

We do not sell or share data with third parties for advertising purposes.

4. Legal Basis (GDPR)

  • Contract performance (Art. 6(1)(b) GDPR) — Processing customer support requests
  • Legitimate interest (Art. 6(1)(f) GDPR) — Internal service improvements and fraud prevention

5. Sub-Processors

  • Anthropic (Claude API) — AI response generation. Data processed in the US (DPA + Standard Contractual Clauses).
  • Supabase — Database storage (EU region: Stockholm).
  • Vercel — Application hosting.

6. Data Retention

  • Conversation data: 30 days
  • Store configuration: until app uninstall
  • Order cache: until uninstall or GDPR request; deleted within 48 hours of uninstall via shop/redact webhook

7. Your Rights

Under GDPR, you have the right to:

  • Access your data (Art. 15)
  • Rectification (Art. 16)
  • Erasure / “right to be forgotten” (Art. 17)
  • Restrict processing (Art. 18)
  • Data portability (Art. 20)
  • Object to processing (Art. 21)

Send requests to privacy@orderwise.dev. We respond within 30 days.

8. Shopify Mandatory Webhooks

We comply with Shopify's mandatory privacy webhooks:customers/data_request,customers/redact, andshop/redact. All customer data is deleted within 48 hours of receiving these webhooks.

9. Changes to This Policy

We may update this policy. Material changes will be communicated via email to the store owner at least 30 days before taking effect.

10. Contact

Data Protection Inquiries: privacy@orderwise.dev