Privacy Policy

1. Introduction

Welcome to OpenClaw Commerce ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Shopify application and related services.

By installing and using OpenClaw Commerce, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our services.

2. Information We Collect

2.1 Store Information

When you install OpenClaw Commerce, we request access permissions to your Shopify store data. We do not store any merchant store data in our database. We only access and pass the data to your OpenClaw bot or perform operations on your store based on your API requests. The data we access includes:

• Store name, domain, and contact information
• Product data (names, descriptions, prices, inventory levels, variants)
• Order information (order details, customer information, payment status)
• Customer data (names, email addresses, shipping addresses)
• Draft orders and order tags
• Store configuration and settings

This data is accessed in real-time only when you make API requests and is not stored on our servers.

2.2 API Usage Data

We collect information about how you use our API services, including:

• API key creation and management activities
• API request logs (timestamps, operations performed, request parameters)
• API access patterns and usage statistics
• Error logs and debugging information

2.3 Authentication Information

We collect authentication credentials necessary to connect your store:

• Shopify OAuth tokens
• API keys generated within our application
• Session data and authentication tokens

3. How We Use Your Information

We use the collected information for the following purposes:

• Service Delivery: To provide core functionality including product management, order processing, and inventory updates through chat platforms
• API Operations: To execute API requests on your behalf based on your configured permissions and approval workflows
• Security & Monitoring: To maintain activity logs, detect unauthorized access, and ensure the security of your store data
• Permission Management: To enforce granular access controls and approval gates for sensitive operations
• Service Improvement: To analyze usage patterns and improve our application's performance and features
• Support: To provide customer support and respond to your inquiries
• Compliance: To comply with legal obligations and enforce our terms of service

4. Data Storage and Security

4.1 Security Measures

We implement industry-standard security measures to protect your data:

• All data transmissions are encrypted using TLS/SSL protocols
• API keys are encrypted at rest using industry-standard encryption algorithms
• Access to your data is restricted to authorized personnel only
• Regular security audits and vulnerability assessments
• Secure server infrastructure with firewalls and intrusion detection

4.2 Data Retention

We retain your information for as long as necessary to provide our services and comply with legal obligations:

• Store data is not retained as we do not store merchant data in our database
• Activity logs are retained for 30 days for security and debugging purposes
• API keys remain active until you manually revoke them
• Upon uninstallation, all your data is deleted within 48 hours from our database

5. Data Sharing and Disclosure

5.1 Third-Party Services

We do not sell your personal information. We may share your data with:

• Shopify: As required for app functionality and authentication
• Cloud Service Providers: For hosting and infrastructure (all providers are GDPR and SOC 2 compliant)
• Chat Platforms: Only the data you explicitly send through API requests to your configured chat bots

5.2 Legal Requirements

We may disclose your information if required to do so by law or in response to:

• Valid legal processes (subpoenas, court orders)
• Requests from law enforcement or government agencies
• Protection of our rights, property, or safety
• Prevention of fraud or security threats

6. Cookies and Tracking

We use cookies and similar tracking technologies to:

• Maintain your session and authentication state
• Remember your preferences and settings
• Analyze application usage and performance
• Improve user experience and functionality

You can control cookies through your browser settings, but disabling cookies may affect application functionality.

7. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure that such transfers comply with applicable data protection laws through:

• Standard contractual clauses approved by regulatory authorities
• Adequacy decisions by relevant data protection authorities
• Other legally approved transfer mechanisms

8. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by:

• Posting the updated policy on our website
• Updating the "Last Updated" date at the top of this policy
• Sending email notifications for significant changes

Your continued use of OpenClaw Commerce after changes are posted constitutes acceptance of the updated policy.

9. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

10. Compliance

OpenClaw Commerce is committed to compliance with applicable data protection regulations, including:

• General Data Protection Regulation (GDPR) - European Union
• California Consumer Privacy Act (CCPA) - California, USA
• Personal Information Protection and Electronic Documents Act (PIPEDA) - Canada
• Shopify's App Store Requirements and Data Protection Standards