Privacy Policy

A1. Information We Collect

Information Collected Through Facebook Ads

When you interact with our Facebook advertisements, we may collect:

• Ad interaction data (clicks, impressions, conversions)
• Device information (device type, operating system, browser type)
• Geographic location (country, city, region)
• Facebook user ID (hashed and anonymized)
• Demographic information (age range, gender, interests)

Information You Provide Directly

• Contact information (name, email address, phone number)
• Business information (company name, industry, website)
• Communications you send to us
• Payment and billing information

A2. How We Use Your Information

We use the collected information for:

• Delivering and optimizing our advertising services
• Creating and managing advertising campaigns on Facebook
• Analyzing ad performance and providing reports
• Personalizing and improving user experience
• Communicating with you about our services
• Complying with legal obligations
• Preventing fraud and ensuring security

A3. Facebook Advertising Practices

Facebook Pixel

We use Facebook Pixel to track conversions from Facebook ads, optimize ads based on collected data, build targeted audiences for future ads, and remarket to qualified leads.

Custom Audiences

We may use Facebook Custom Audiences to display advertisements to users who have previously visited our website or provided us with their contact information. All data is hashed and encrypted before being shared with Facebook.

A4. Data Sharing (Ad Platform)

We may share your information with:

• Facebook and other advertising platforms
• Service providers who assist in our operations
• Analytics providers to improve our services
• Legal authorities when required by law
• Business partners with your consent

We do not sell, rent, or trade your personal information to third parties for their own marketing purposes without your explicit consent.

A5. Cookies and Tracking Technologies

We use cookies, web beacons, and similar technologies to remember your preferences, understand how you use our services, deliver relevant advertisements, and measure ad campaign effectiveness. You can control cookies through your browser settings.

A6. Opting Out of Targeted Advertising

You can opt out of targeted advertising by:

• Adjusting your Facebook ad preferences at facebook.com/ads/preferences
• Using the Digital Advertising Alliance's opt-out tool at optout.aboutads.info
• Disabling cookies in your browser settings
• Contacting us directly at info@neuroadsinc.com

B1. Our Role

• Data Processor: When processing end-customer data (chat conversations, order lookups, email addresses) on behalf of merchants. The merchant is the data controller for their customers.
• Data Controller: When collecting merchant account data directly (store URL, billing information, app configuration).

B2. Information We Collect

From Merchants (Store Owners)

From Shopify (Store Content)

We sync the following store data to power the chatbot's knowledge base:

• Products — titles, descriptions, prices, images, variants, tags
• Collections — titles, descriptions, images
• Discounts — codes, values, rules, expiration dates
• Store policies — refund, shipping, privacy, and terms of service
• Pages — FAQ, About Us, Contact, and other published pages

This data is used exclusively to generate accurate chatbot responses for the merchant's customers.

From End Customers (Chat Widget Visitors)

Order Data

When an end customer requests an order lookup, we access order details (status, items, tracking, shipping address) in real time via the Shopify API. Order data is used only to respond to the customer's request and is not stored beyond the chat conversation.

B3. How We Use Information (Chatbot)

• Provide AI-powered chat responses to end customers
• Sync and index store content for the chatbot knowledge base
• Generate text embeddings for semantic search and content retrieval
• Perform order lookups on behalf of end customers
• Facilitate support escalation when customers request human help
• Manage merchant accounts and subscriptions
• Maintain security, prevent abuse, and enforce rate limits
• Improve and maintain the App

We do not use personal data for advertising, profiling, or selling to third parties.

B4. AI Processing and Sub-processors

The Chatbot uses artificial intelligence to generate responses. This involves sending data to the following sub-processors:

Important: OpenAI's API data usage policy states that data submitted via the API is not used to train their models. We use the API with zero-data-retention where available.

Chat messages and store content are sent to OpenAI solely for the purpose of generating responses and embeddings. No end-customer personal data is used for model training by any party.

B5. Cookies and Local Storage (Chatbot)

The chat widget uses local storage (not cookies) to store a session identifier. This is used solely to maintain chat session continuity so customers can continue a conversation if they navigate between pages.

• Type: Local storage
• Data: Session token (JWT)
• Duration: 24 hours
• Purpose: Session continuity only

We do not use third-party advertising cookies, tracking pixels, or analytics trackers in the chat widget.

B6. Data Sharing (Chatbot)

We share Chatbot personal data only in the following circumstances:

• Sub-processors listed in Section B4, solely for providing the App's functionality
• Shopify via API interactions necessary for app functionality
• Merchants who can view chat conversations and support requests from their admin dashboard
• Legal requirements if required by law, regulation, legal process, or governmental request
• Business transfers in connection with a merger, acquisition, or sale of assets

We do not sell, rent, or trade personal data to third parties. We do not share personal data for targeted advertising.

B7. Data Retention (Chatbot)

When a merchant uninstalls the App, we delete all associated store data and customer data in accordance with Shopify's shop/redact webhook requirements.

B8. Merchant Responsibilities

Merchants who install the Chatbot app are data controllers for their end customers. As a merchant, you are responsible for:

• Maintaining your own privacy policy that discloses the use of an AI chatbot on your store
• Ensuring your privacy policy covers the data collected by the chat widget
• Responding to end-customer data requests as the data controller
• Complying with applicable privacy laws in your jurisdiction

B9. Shopify Data Requests

We honor all Shopify mandatory privacy webhooks:

• Customer data request (customers/data_request) — we provide all stored data for the requested customer within 30 days
• Customer data deletion (customers/redact) — we delete all stored data for the requested customer within 30 days
• Shop data deletion (shop/redact) — we delete all store data within 48 hours of app uninstall

Data Security

We implement appropriate technical and organizational security measures to protect your personal information, including:

• Encryption in transit (HTTPS/TLS) and at rest (AWS RDS)
• Role-based access controls and secure API authentication (OAuth 2.0, JWT)
• Infrastructure hosted on AWS with VPC isolation and security groups

Your Rights and Choices

Depending on your location, you may have the following rights:

• Access to your personal information
• Correction of inaccurate data
• Deletion of your personal information
• Restriction of processing
• Data portability
• Objection to processing
• Withdrawal of consent

For California Residents (CCPA/CPRA)

You have the right to know what personal information is collected, the right to delete personal information, the right to opt-out of the sale of personal information (we do not sell personal information), and the right to non-discrimination for exercising your rights.

For EEA/UK Residents (GDPR)

In addition to the above, you have the right to restrict processing and to lodge a complaint with your local data protection authority. Our legal bases for processing include consent, contract performance, legal obligations, and legitimate interests.

How to Exercise Your Rights

• Ad Platform users: Contact us at info@neuroadsinc.com
• Chatbot end customers: Contact the merchant whose store you interacted with. You may also contact us at privacy@neuroadsinc.com.
• Chatbot merchants: Contact us at privacy@neuroadsinc.com or use the admin dashboard.

We will respond to verifiable requests within 30 days.

International Data Transfers

Your information may be transferred to and processed in the United States on AWS infrastructure. For transfers from the EEA, UK, or Switzerland, we rely on Standard Contractual Clauses (SCCs) and sub-processor transfer mechanisms.

Children's Privacy

Our services are not directed to individuals under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If you believe a child has provided personal data, please contact us at privacy@neuroadsinc.com and we will delete it promptly.

Data Retention (General)

We retain personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required by law. For Chatbot-specific retention periods, see Section B7.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page and updating the "Effective Date." For Chatbot merchants, we will also notify via email.

Continued use of our services after changes constitutes acceptance of the updated policy.

Contact Information

If you have questions or concerns about this Privacy Policy or our privacy practices, please contact us at: