Privacy Policy

Last updated: March 12, 2026

1. Overview

TalkShop (“we”, “our”, “the app”) is a Shopify app that adds an AI-powered product assistant to your store. This policy explains what data we collect, how we use it, and how we protect it.

2. Data we collect

From merchants

  • Shopify store domain and OAuth access token (to access your product catalog)
  • Product information you choose to index (descriptions, FAQs, voice recordings)
  • Gemini API key, if you provide one (encrypted at rest, never logged)
  • Lead capture email address, if configured
  • Billing plan information via Shopify's billing API

From your customers

  • Questions asked through the TalkShop widget
  • Email address, only if a customer voluntarily submits it via lead capture
  • Anonymous session ID (a random string, no personal data)

3. How we use data

  • To generate AI answers to customer questions using Google Gemini
  • To show relevant question suggestions on product pages
  • To forward customer leads to the merchant's configured email
  • To display analytics in the merchant dashboard
  • We do not sell data to third parties
  • We do not use customer questions for model training

4. Data storage

All data is stored in Google Cloud Firestore (EU region). Gemini API keys are encrypted using AES-256 before storage. Shopify access tokens are stored securely and only used to sync product data.

5. Third-party services

  • Google Gemini — used to generate AI answers (questions are sent to Google's API)
  • Shopify — OAuth authentication and billing
  • Resend — transactional email delivery for lead notifications
  • Vercel — API hosting and serverless functions

6. Data retention

Customer questions and conversations are retained for up to 12 months. You can request deletion of all data associated with your store at any time by contacting us.

7. Your rights

Merchants can delete their store data at any time from the dashboard or by uninstalling the app. Customer data deletion requests can be submitted by contacting us — we will process them within 30 days.

8. GDPR

TalkShop acts as a data processor on behalf of merchants (the data controllers) for customer data. We comply with GDPR requirements including data minimization, purpose limitation, and the right to erasure.

9. Contact

Questions about this policy: contact@usetalkshop.com