Privacy Policy
Last updated: July 3, 2026
AgentEdge (“the App”, “we”, “us”) is a Shopify application operated by Code Kaarigari that helps merchants detect, engage, and convert shoppers referred by AI assistants. This policy explains what data the App processes, why, and the choices you have. By installing the App you agree to this policy.
Data we collect from your store
- Store information: your myshopify.com domain, an encrypted API access token, plan/billing status, and app configuration you create (AI sources, offers, fraud rules).
- AI-referral analytics: for visits referred by AI assistants we record the referring assistant, landing page URL, timestamps, whether the session converted, and the order total for attribution. We do not store customer names, emails, or addresses in these analytics.
- Order attribution: from Shopify order webhooks we process the order ID, total amount, and discount codes used — solely to attribute revenue to AI referrals and offer redemptions.
- Security events: for bot and fraud protection we log event metadata such as IP address and coarse geolocation of suspected automated or abusive requests. This is used only to protect your store.
- Optional AI provider keys: if you connect your own AI provider key for the concierge, it is encrypted with AES-256-GCM before storage and used only to answer your shoppers' product questions.
What we deliberately do not collect
- AI conversations. The conversation a shopper had with ChatGPT, Perplexity, or any other assistant is not retrievable by merchants or by us — and we do not attempt to reconstruct it. Detection relies on referrer and UTM signals only.
- Customer payment details (handled entirely by Shopify).
- Customer accounts, browsing history, or cross-site tracking profiles.
How we protect data
- All access tokens and API keys are encrypted with AES-256-GCM at rest.
- All traffic is served over TLS (HTTPS).
- Webhooks and storefront calls are verified with Shopify's HMAC signatures before any processing.
- Data is hosted with Cloudflare (application) and Neon (database), both with encryption at rest.
GDPR & data requests
We subscribe to Shopify's mandatory compliance webhooks and honor them automatically:
- customers/data_request — we compile any data we hold relating to the customer (typically none beyond anonymous session analytics).
- customers/redact — we delete data relating to the customer.
- shop/redact — after uninstall, we delete the store's data, including encrypted tokens, configuration, and analytics.
Data retention
Analytics are retained per your plan's window (7 days on Free, 90 days on Growth). Access tokens are invalidated on uninstall, and remaining store data is deleted when Shopify sends the shop redaction webhook (48 hours after uninstall) or on request.
Third parties
We share data only with the processors needed to run the App: Shopify (platform & billing), Cloudflare (hosting), Neon (database), and — only if you connect one — your chosen AI provider (to answer shopper questions). We never sell data.
Changes & contact
We may update this policy as the App evolves; material changes will be noted in the app. Questions or requests: support@codekaarigari.com.