Growthly AI (“Growthly AI,” “we,” “us,” or “our”) provides a Shopify application that creates AI-personalized product bundles, enables subscriptions on any product, and delivers behavioral analytics to merchants (“Merchant,” “you”) who install the app on their Shopify store. This Privacy Policy explains what data we collect, why we collect it, how we use it, and the choices available to merchants and their customers.
This policy applies to the Growthly AI app available at apps.shopify.com/growthly-ai-subscription and to trygrowthly.ai.
1. Who This Policy Covers
This policy applies to two groups of people:
- Merchants — the store owners and staff who install and use Growthly AI to manage their Shopify store.
- End Customers — the shoppers who purchase from a Merchant’s store where Growthly AI is installed.
We act as a data processor on behalf of the Merchant with respect to End Customer data, and as a data controller with respect to Merchant account and billing information. Merchants remain responsible for ensuring they have a lawful basis to share their customers’ data with third-party apps like Growthly AI, and for maintaining their own privacy policy that discloses this to their End Customers.
2. Information We Collect
To operate the app, Growthly AI requests access to the following categories of data from Shopify, as disclosed on our Shopify App Store listing:
2.1 Customer Data (End Customers of the Merchant's store)
- Sensitive/identity data: name, email address, phone number, physical address
- Device and activity data: geolocation, IP address, browser and operating system
- Order and purchase data: order history, items purchased, purchase frequency, subscription contracts
- Behavioral data: browsing and purchasing patterns used to generate personalized bundle recommendations
2.2 Store Owner and Staff Data
- Name, email address, phone number, physical address of the store owner/authorized account contacts
2.3 Store Data
- Customers: customer records needed to build personalized offers
- Products and collections: product catalog data used to generate bundles
- Orders: full order history and subscription contracts
- Online Store: theme data, needed to render bundle and subscription widgets on the storefront
- Custom data: metaobject definitions and metaobjects used to configure bundle/subscription logic
- Other store data: customer payment methods (tokenized, not raw card numbers), locales, locations, purchase options, and translations, as required to correctly price, localize, and fulfill subscription orders
2.4 Information Collected Automatically
- Log data such as access times, pages viewed within the app, and error reports, used for debugging and security monitoring.
We do not collect government ID numbers, financial account numbers, health information, or other special-category data beyond what is listed above, and we never sell personal data.
3. How We Use Information
We use the data described above to:
- Generate AI-personalized product bundles based on an individual customer's purchase and behavioral history
- Enable and manage recurring subscriptions on any product in the Merchant's catalog
- Power the Merchant-facing analytics dashboard (revenue, orders, subscription health, bundle performance)
- Process subscription billing and payment collection through Shopify's payment infrastructure
- Provide customer support to Merchants
- Maintain, secure, and improve the app
- Comply with legal obligations
We do not use End Customer data to train third-party AI models beyond what is necessary to generate that customer’s own personalized recommendations, and we do not use one Merchant’s customer data to benefit another Merchant.
4. Legal Basis for Processing
Where required by applicable law (including the EU/UK GDPR), we process personal data on the following bases:
- Performance of a contract — to provide the bundle, subscription, and analytics services the Merchant has installed the app to receive
- Legitimate interests — to secure, debug, and improve the app
- Consent — where the Merchant’s own store obtains consent from End Customers, and where required for specific processing activities
- Legal obligation — to comply with applicable law, tax, and accounting requirements
5. How We Share Information
We share data only as necessary to operate the app:
- Shopify, Inc. — as the platform through which the app operates and through which payments are processed
- Cloud infrastructure and hosting providers — to store and process app data securely
- AI processing infrastructure — to generate personalized bundle recommendations from behavioral and purchase data
- Analytics and error-monitoring tools — to maintain app reliability
- Legal and regulatory authorities — where required by law, court order, or to protect the rights, property, or safety of Growthly AI, Merchants, or others
We do not sell personal data to third parties, and we do not share End Customer data across unrelated Merchant stores.
6. Data Retention
- Merchant account data is retained for as long as the app is installed, plus a limited period afterward for legal, accounting, and dispute-resolution purposes.
- End Customer data is retained for as long as needed to provide the bundle and subscription features, generally for the duration of the Merchant’s use of the app, and is deleted or anonymized upon uninstallation in accordance with Shopify’s API data protection requirements, unless a longer retention period is required by law.
7. Data Security
We apply industry-standard technical and organizational safeguards, including encryption in transit, access controls, and regular review of our data-handling practices, to protect data against unauthorized access, alteration, disclosure, or destruction. No system is completely secure, and we cannot guarantee absolute security.
8. Your Rights
Depending on your location, you may have rights to:
- Access the personal data we hold about you
- Request correction of inaccurate data
- Request deletion of your data
- Object to or restrict certain processing
- Request a portable copy of your data
- Withdraw consent where processing is based on consent
End Customers should direct these requests to the Merchant whose store they purchased from, since the Merchant controls the underlying customer relationship. Merchants can contact us directly using the details below, and we will assist in fulfilling verified requests, including those relating to their own account or their store’s customer data where Shopify’s data deletion webhooks apply.
Residents of the EEA, UK, California, and other jurisdictions with data protection laws (e.g., GDPR, CCPA/CPRA) may have additional statutory rights, which we honor upon verified request.
9. GDPR Mandatory Compliance Webhooks
In compliance with Shopify’s API requirements, Growthly AI supports the following mandatory webhooks:
customers/data_request— provides a Merchant’s customer data upon requestcustomers/redact— deletes a specific customer’s data upon requestshop/redact— deletes all Merchant store data 48 hours after uninstallation, unless legally required to retain it longer
10. International Data Transfers
Growthly AI may process and store data in countries other than your own, including in jurisdictions that may have different data protection laws. Where required, we rely on appropriate safeguards (such as standard contractual clauses) to protect data transferred internationally.
11. Children's Privacy
Growthly AI is intended for use by Shopify Merchants operating commercial stores. It is not directed at children, and we do not knowingly collect personal data from individuals under the age of 16 for the purpose of creating standalone accounts with us.
12. Cookies and Similar Technologies
Our website (trygrowthly.ai) may use cookies and similar technologies to keep you signed in, remember preferences, and understand aggregate usage of the site. You can control cookies through your browser settings.
13. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will post the updated policy on this page with a revised “Last updated” date, and for material changes we will provide additional notice to Merchants where appropriate.
14. Contact Us
If you have questions about this Privacy Policy or wish to exercise your data rights, contact:
Merchants located in the EEA/UK may also contact us to request information about our EU representative, where applicable.
