Privacy Policy

Helmsly is an AI-powered customer-support app for Shopify stores, operated by DigitalQuotient solutions LLC (“Helmsly”, “we”, “us”). When a Shopify merchant installs our app, we help them automate replies to their customers across chat and email channels using a knowledge base built from their store's catalog and policies.

For end-shoppers (the people contacting a merchant's support channels), the merchant is the data controller of your personal data and Helmsly is a data processor acting on the merchant's instructions. If you're an end-shopper with a privacy request, please contact the merchant first; they can forward the request to us via the mechanisms described below.

For merchants, this policy describes our role as both a controller (for your account, billing, and product-usage data) and a processor (for your customers' data passing through our app).

• Operate the service: generate AI responses, execute support actions you authorize (refunds, returns, cancellations, discount codes within the limits you configure), send transactional email, surface analytics in your admin.
• Train your knowledge base: ingest catalog and policy text into vector embeddings so the AI can retrieve relevant context per query. Embeddings are scoped to your shop and never shared with other merchants.
• Bill you accurately: count conversations and token usage to enforce plan caps and reconcile billing through Shopify's Billing API.
• Improve the product: aggregate, anonymized metrics about model performance, tool-call success rates, and conversation outcomes. We do not use your shop's data or your customers' data to train any third-party AI model.
• Detect abuse: rate-limit unusual usage patterns, flag potentially fraudulent refund attempts, comply with legal obligations.
• Communicate with you: send account-related email (billing receipts, plan changes, security alerts) and respond to your support requests.

We rely on the following sub-processors. Each has a Data Processing Agreement with us and provides Standard Contractual Clauses for cross-border data transfers from the EU/UK to the United States.

We do not sell or rent your data to anyone. We do not use your data or your customers' data to train, fine-tune, or improve any machine-learning or artificial-intelligence model — neither our own models nor any third-party model. Anthropic and OpenAI both contractually agree not to train on API inputs by default, and we do not opt into any opposite arrangements. This commitment also reflects Section 9.15 of the Shopify Partner Program Agreement, which independently prohibits app developers from using Merchant Data or Customer Data to train AI/ML systems without Shopify's prior written consent.

• Encryption at rest: Shopify access tokens (offline access + refresh tokens) are encrypted with AES-256-GCM before being written to the database. The encryption key is derived from a server-side secret and is not shared with any third party.
• Encryption in transit: all traffic to Helmsly uses TLS 1.3. All traffic between Helmsly and our sub-processors uses TLS.
• Webhook integrity: every incoming Shopify webhook is verified via HMAC-SHA256 before any side-effect runs. Replays are deduplicated through an idempotency table.
• Token rotation: we use Shopify's expiring offline access tokens (~1-hour life with 90-day refresh) instead of legacy non-expiring tokens, limiting blast radius of any single compromised credential.
• No payment data: Helmsly never sees your merchants' payment cards, bank account details, or any direct payment-instrument data. Shopify processes billing directly; we only see the resulting subscription state. Helmsly is therefore not in scope for PCI-DSS compliance because we do not transmit, store, or process payment-card data.
• Tenant isolation: every database query is scoped by Shop ID at the application layer, and each sub-processor call passes only the requesting shop's data.
• Incident response: in the event of a confirmed breach involving personal data, we will notify Shopify within twenty-four (24) hours of discovery (per our Shopify Partner Program Agreement) and affected merchants without undue delay, with commercially reasonable efforts to do so within seventy-two (72) hours of discovery, in each case along with the scope, suspected cause, and remediation timeline.

• Active data: conversations, messages, customer records, and knowledge base content are retained for as long as the Helmsly app is installed on your store.
• Customer data deletion request (Shopify customers/data_request webhook): we provide a copy of the requested customer's data to the merchant within 30 days. The merchant is responsible for delivering it to the data subject.
• Customer redaction (Shopify customers/redact webhook, sent 48 hours after the merchant requests deletion or after an order is more than 6 months old): we delete all personal data we hold for that customer ID within 30 days.
• Shop redaction (Shopify shop/redact webhook, sent 48 hours after a merchant uninstalls the app): we delete all data associated with that shop within 30 days.
• Audit logs: retained for as long as needed for security investigation and dispute resolution, and deleted along with all other shop data within 30 days of receiving a shop/redact webhook for the affected shop.
• Backups: our database provider (Neon) maintains up to 24 hours of point-in-time history on our current plan. Deleted records age out of that history window within 24 hours of the original deletion. As Helmsly upgrades to higher database tiers with longer history retention, this window may extend; this policy will be updated accordingly.
• Operational logs: Vercel server logs (IP, path, status code) are retained for 30 days.

Depending on your jurisdiction, you have the following rights in relation to your personal data:

• Access: request a copy of the personal data we hold about you.
• Rectification: request that we correct inaccurate or incomplete data.
• Erasure: request that we delete your personal data, subject to legal retention requirements.
• Portability: receive your data in a structured, machine-readable format.
• Objection: object to processing based on our legitimate interests.
• Restriction: request that we limit how we process your data.
• Withdrawal of consent: where processing is based on consent, withdraw it at any time.
• Complaint: lodge a complaint with your local data-protection supervisory authority.

End-shoppers: please contact the merchant you're shopping with first. They control the data and can forward your request to us. If they don't respond, you may contact us directly at privacy@helmsly.io.

Merchants: contact us at privacy@helmsly.io. We will respond within 30 days.

California residents (CCPA / CPRA): Under the California Consumer Privacy Act (CCPA, 2018) as amended by the California Privacy Rights Act (CPRA, effective 2023), you have the right to know what personal information we collect, to delete it, to correct inaccurate information, to limit the use and disclosure of sensitive personal information, to opt out of automated decision-making that produces legal or similarly significant effects, and to opt out of any “sale” or “sharing” of personal information as those terms are defined under CCPA/CPRA. Helmsly does not sell or share personal information.

Helmsly is operated from the United States and our infrastructure is hosted in the United States. If you are in the European Economic Area, the United Kingdom, or another jurisdiction with data-transfer restrictions, your data is transferred to the U.S. on the basis of Standard Contractual Clauses or other approved transfer mechanisms.

Helmsly is not directed to children under 13 (under 16 in the EEA), and we do not knowingly collect personal data from children. If a merchant's store collects data from children, that collection is the merchant's responsibility under their own privacy policy.

We may update this Privacy Policy from time to time. Material changes will be communicated to merchants by email and via an in-app notice at least 30 days before they take effect, unless a shorter period is required by law. The “Last updated” date at the top of this page reflects the most recent revision.

DigitalQuotient solutions LLC
5511 Parkcrest Dr. Suite 103, Austin, TX 78731
Privacy inquiries: privacy@helmsly.io
Support inquiries: support@helmsly.io
Legal inquiries: legal@helmsly.io

This Privacy Policy is governed by the laws of State of Texas, United States.