Privacy Policy
Shopalytics (by Hercules Labs)
Effective Date: August 9, 2025
This Privacy Policy ("Policy") applies to shopalytics.ai (the "Website"), the Shopalytics Shopify app (the "App"), and Hercules Labs ("Company," "we," "us," "our"). It explains how we collect, use, disclose, and protect information when you visit the Website or install/use the App, an AI analytics copilot for Shopify business owners.
By using the Website or installing the App, you agree to the practices described here.
California Consumer Privacy Act (CCPA/CPRA) Rights
If you are a California resident, you have the following rights (subject to legal exceptions):
Right to Know
Request details on what personal data we collect, use, and disclose.
Right to Delete
Request deletion of personal data.
Right to Correct
Request corrections to inaccurate personal data.
Right to Opt-Out
Opt out of the sale or sharing of personal data for advertising. We do not sell or share personal information for cross-context behavioral advertising.
Right to Restrict
Limit use of sensitive data. We do not use sensitive personal information to infer characteristics.
Right Against Retaliation
We will not discriminate against you for exercising your rights.
How to exercise these rights: email team@shopalytics.ai
Collection of Your Personal Information
To provide our products and services, we may collect personal information, including:
Merchant & Staff Details
Store URL/name, contact email, plan, locale, and authorized staff name/email (from Shopify on install/authorization)
Store Data
Orders, products, discounts, inventory, traffic/events, and—if enabled—customer data such as customer names, emails, addresses, phone numbers, and order history (depending on scopes you grant)
Account & Support Data
Messages you send us (tickets, emails), preferences, and settings
Billing Data
Payment identifiers handled via Shopify or our payment processor
Usage/Telemetry
Device/browser metadata, IP address, timestamps, feature usage, and diagnostics for reliability and security
Note: We do not intentionally collect information about children. Our services are for business users.
Use of Your Personal Information
We use information to:
Operate and deliver the App and features you request
Provide reports, insights, forecasts, and AI-powered analytics
Communicate about your account, including notices and updates
Enforce terms, prevent fraud/abuse, and ensure platform security
Improve and develop the App (including de-identified, aggregated analytics)
Notify you about changes to shopalytics.ai and the App
Comply with legal obligations and Shopify platform requirements
Any other purpose with your consent
AI & Model Training
We do not use your store's identifiable customer personal data to train generalized models used across merchants without your explicit opt-in. We may use de-identified, aggregated usage metrics to improve features.
Sharing Information with Third Parties
We do not sell or rent personal information.
We disclose information only to:
Service Providers/Sub-processors
Cloud hosting, logging, analytics, support, email. They are contractually bound to use data only to provide services to us and to safeguard it.
Shopify
As required to run on the platform and to comply with Shopify policies.
Legal/Security Recipients
When required by law or to protect rights, safety, and security.
International Transfers
If we transfer data internationally, we use appropriate safeguards (e.g., standard contractual clauses) as required by law.
Tracking User Behavior
We may track pages and features used within the Website/App to understand what is most helpful and to tailor product experience and in-product content. We generally use aggregated, de-identified data for these purposes.
Automatically Collected Information
We automatically collect limited technical information about your device and browser (e.g., IP address, browser type, domain names, access times, referrers). We use this to operate the service, maintain quality, secure the platform, and generate usage statistics.
Use of Cookies
We use cookies and similar technologies to:
Keep you signed in and remember settings
Measure product usage and performance
Support customer support and security features
You can usually set your browser to refuse cookies or alert you when cookies are being used. If you disable cookies, some App or Website features may not work properly.
Links to Third Parties
Our Website/App may link to other sites. We are not responsible for the privacy or content practices of those third-party sites. Review their policies before providing personal information.
Security of Your Personal Information
We use administrative, organizational, and technical measures designed to protect personal information, including:
Encryption in transit (TLS)
Access controls
Audit logging
Least-privilege practices
Important: No method of transmission or storage is 100% secure; we cannot guarantee absolute security.
Right to Deletion (Details for CA Residents)
Upon receiving a verifiable request, we will:
Delete your personal information from our records
Direct our service providers to delete your personal information
We may deny deletion requests when necessary to:
Complete a transaction or provide a service you requested
Detect and protect against security incidents, fraud, or illegal activity
Debug to identify and repair errors
Exercise free speech or comply with law
Comply with the California Electronic Communications Privacy Act
Engage in public or peer-reviewed research (with appropriate safeguards)
Enable solely internal, lawful uses aligned with your expectations
Comply with legal obligations
Use information internally in a lawful manner compatible with the context
Children Under Thirteen
We do not knowingly collect personal information from children under 13. If you believe a child has provided us personal information, contact us and we will take appropriate action.
Roles (Controller/Processor) & Shopify
Controller/Business Role
For merchant/staff account and billing/marketing data, the Company is a controller/business.
Processor/Service Provider Role
For store customer data processed through the App, we act as your processor/service provider and handle that data only on your instructions and as needed to provide the App. We assist with data-subject requests you forward to us.
Data Retention & Uninstall
We retain personal data only as long as necessary to provide the App and meet legal obligations. Uninstalling the App starts a data-cleanup process; we will delete or de-identify merchant and customer personal data within a reasonable period unless the law requires retention.
You may also request deletion at any time by contacting us.
Disconnecting Your Company's Account from Third-Party Websites
The App may allow connections to third-party accounts (e.g., ad platforms, analytics). By connecting those accounts, you instruct us to receive data from those services according to your settings.
You can disconnect at any time in those services or within our App (where available). After disconnecting, we stop pulling new data; previously ingested data is handled under this Policy and your retention settings.
Email Communications
We may email you about product updates, announcements, alerts, confirmations, surveys, and other communications.
Operational Emails
Required to use the service
Marketing Emails
Optional—you can opt out at any time by using the unsubscribe link or emailing team@shopalytics.ai
Changes to This Statement
We may update this Policy from time to time. We will post the updated version here and revise the effective date above. If changes are material, we will provide additional notice where appropriate.
Contact Information
Hercules Labs
Effective as of: August 9, 2025