Privacy Policy

Last updated: March 1, 2026

1. General Information

1.1 About this Privacy Policy. This Privacy Policy describes how RavenPulse AI Upsell Engine (“RavenPulse”, “we”, “us”, or “our”) handles data when you use our Shopify application or visit our website ravenpulse.ai. We collect minimal merchant business data and anonymous visitor interactions — we do not collect personal data from store visitors. This policy does not cover third-party websites, applications, or services that integrate with or are linked to RavenPulse.

1.2 Who we are. RavenPulse AI Upsell Engine is operated by Ravin Jethoe Business Consultancy, a registered business in the Netherlands (KvK: 81212070). Our full contact details are listed in Section 15.

1.3 Our role regarding data. We do not collect or process personal data from store visitors. All visitor interaction data we handle is anonymous and cannot be linked to any individual. For merchant account data (store domain, email), we act as data controller. Merchants remain responsible for their own privacy obligations towards their customers.

1.4 Minors. RavenPulse is a business tool for Shopify merchants. We do not knowingly collect personal data from individuals under the age of 16. If you believe we have inadvertently collected such data, please contact us and we will delete it without undue delay.

1.5 Changes to this policy. We may update this Privacy Policy to reflect changes in our practices or applicable laws. Material changes will be communicated to active merchants. The effective date is indicated at the top of this page.

1.6 Term and termination. This Privacy Policy enters into force on the effective date indicated at the top of this page and remains valid until updated or replaced by us.

2. Data Collection and Purpose

We respect data minimization principles and collect only the minimum amount of data necessary to provide our services.

2.1 Sources of data. We collect data from the following sources:

• Directly from merchants. For example, when you install our app or contact us. This includes your store domain and contact email.
• From Shopify. We receive store and product catalog data from Shopify when you authorize our app.
• Anonymous visitor interactions. When visitors interact with the storefront widget, anonymous, non-personal interaction data is collected automatically. This data cannot be linked to any individual.

Merchant data

• Store domain and contact information. Used to identify your store, deliver our services, and communicate with you about your account. Legal basis: performing a contract.
• Product catalog data (titles, descriptions, prices, tags, images). Used to generate product recommendations. We do not modify your product data. Legal basis: performing a contract.
• Order data (order ID, total, product information). Used to measure recommendation performance and provide analytics. We do not store customer names, emails, or addresses from orders. Legal basis: legitimate interest (service improvement).
• Store locale and currency settings. Used to deliver recommendations in the correct language and currency. Legal basis: performing a contract.

Visitor data

• Anonymous session identifier. A randomly generated ID used to group browsing activity into a single session. This identifier is not linked to any Shopify customer account or personal identity. Legal basis: legitimate interest (service delivery).
• Widget interaction events (impressions, clicks, add-to-cart actions). Used to provide merchants with aggregated performance analytics. Legal basis: legitimate interest (service delivery).
• Page and product context. The page on which the widget was displayed and the product being viewed. Used to generate contextual recommendations. Legal basis: legitimate interest (service delivery).

2.2 Sensitive data. We do not collect or process any special categories of data (such as data revealing racial or ethnic origin, political opinions, religious beliefs, health data, or sexual orientation). If you include such information in any communication with us, we will treat it with appropriate care.

2.3 Refusal to provide data. If you choose not to provide certain data, we may not be able to deliver the full functionality of our services. For example, without access to your product catalog, we cannot generate recommendations.

3. Communications

3.1 Transactional communications. We send merchants important service-related messages such as billing notifications, usage alerts, and account updates. These are sent on an as-needed basis and do not require separate consent.

3.2 Opting out. You can opt out of non-essential communications at any time by contacting us at [email protected]. This does not apply to essential service-related notices.

4. Data Retention

4.1 Active merchants. Data is retained for as long as the app is installed and the subscription is active.

4.2 After uninstall. Upon uninstallation, all shop-specific data is queued for deletion. Identifiable data is removed within 48 hours. Aggregate, anonymized analytics data may be retained.

4.3 Visitor data. Anonymous widget interaction data is retained for a limited period and automatically purged thereafter.

4.4 On request. Merchants can request immediate data deletion by contacting [email protected]. We process deletion requests within 30 days, as required by applicable law.

4.5 Legal requirements. In certain cases, we may be required by law to retain data for a specific period (for example, for accounting purposes). We will securely delete such data as soon as the required retention period expires.

5. Data Sharing and Disclosure

We use a limited number of third-party service providers for platform integration, AI text generation, email delivery, database hosting, and website hosting. All providers are bound by data processing agreements. We do not collect personal data from store visitors, and therefore have no such data to share. We may use anonymized, aggregated data for research, benchmarking, or commercial purposes. Such data can never be traced back to any individual or merchant.

5.2 Legal requests. We may disclose data if required by law or in response to valid legal process from public authorities, including to meet national security or law enforcement requirements.

5.3 Business transfers. In the event of a merger, acquisition, or sale of assets, your data may be transferred to the successor entity. We will notify affected merchants of any change in data controller and require the successor to honor this Privacy Policy.

5.4 No sale of data. We do not sell personal data to third parties. We may use anonymized, aggregated data — from which all identifying information has been permanently removed — for research, benchmarking, or commercial purposes. Such data cannot be used to identify any individual or merchant.

6. International Data Transfers

Some of our service providers are located outside the European Economic Area (EEA). When personal data is transferred outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, or we rely on adequacy decisions where available.

7. Data Security

7.1 Security measures. We implement appropriate technical and organizational measures to protect your data, including encryption of data in transit and at rest, restricted access to production systems, secure credential management, and regular security assessments.

7.2 Breach notification. In the event of a data breach that is likely to result in a risk to your rights, we will notify the relevant supervisory authority within 72 hours and inform affected individuals as required by applicable law.

7.3 Incident response. We maintain an incident response process to identify, contain, and resolve security incidents. In the event of a confirmed incident, we will take reasonable steps to mitigate the impact, investigate the root cause, and implement measures to prevent recurrence.

7.4 Service availability. Our services depend on third-party infrastructure and service providers. We are not liable for interruptions, delays, or failures caused by circumstances beyond our reasonable control, including but not limited to outages of third-party services, network failures, or force majeure events. We will make reasonable efforts to restore service availability as quickly as possible.

7.5 Limitations. While we take reasonable measures to protect your data, no method of transmission or storage is completely secure. We cannot guarantee absolute security but will take prompt action to address any breach.

8. Your Rights

8.1 Your rights under GDPR. If you are located in the European Economic Area, you have the following rights:

• Right of access — obtain a copy of the personal data we hold about you.
• Right to rectification — request correction of inaccurate data.
• Right to erasure — request deletion of your personal data. For merchants, uninstalling the app initiates automatic data cleanup.
• Right to restriction — request that we limit processing of your data.
• Right to data portability — receive your data in a structured, machine-readable format.
• Right to object — object to our processing of your data.
• Right to withdraw consent — withdraw any consent you have previously given.
• Right to complaint — lodge a complaint with your local data protection authority.

8.2 How to exercise your rights. Contact us at [email protected] with your request. We may ask for verification of your identity. We will respond within 30 days.

8.3 Requests regarding visitor data. We do not collect personal data from store visitors. All visitor interaction data is anonymous and cannot be linked to any individual. Data subject requests are therefore not applicable to visitor data.

8.4 Non-discrimination. We do not discriminate against individuals who exercise their privacy rights.

8.5 Dispute resolution. If you have a complaint about how we process your personal data, please contact us first at [email protected]. We will investigate and respond to your complaint as soon as possible. If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority. For residents of the Netherlands, this is the Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl).

9. Cookies and Tracking

9.1 Functional cookies. Our website uses two functional cookies. These cookies are necessary for basic site functionality and do not track you, contain no personal data, and are not shared with third parties.

9.2 Your choice. When you visit our website, you can accept or decline functional cookies. If you decline, the website will still work normally, but your language preference will not be remembered between visits. You can change your preference at any time by clearing your browser cookies.

9.3 No tracking cookies. We do not use cookies for tracking, analytics, advertising, or any purpose other than the two functional cookies listed above.

9.4 Storefront widget. Our storefront widget uses a session identifier stored in the browser's session storage for the duration of a browsing session. This identifier is randomly generated, anonymous, and is automatically cleared when the browser is closed. It is not a cookie.

9.5 Third-party cookies. We do not participate in cross-site tracking, advertising networks, or interest-based advertising. No third-party cookies are set by our website.

9.6 Do Not Track. Some browsers offer a “Do Not Track” (DNT) signal. Since we do not track visitors across websites, our services operate the same way regardless of whether a DNT signal is received.

10. Shopify App Data

10.1 Data processed. Through the Shopify platform, we process merchant account and store data as well as anonymous storefront visitor interactions. The full details of what data we collect and why are described in Section 2.

10.2 Merchant responsibilities. Merchants using RavenPulse are data controllers for their customers' data. Merchants are responsible for:

• Including RavenPulse in their store's privacy policy where required by applicable law.
• Obtaining any necessary consent from customers for personalized product recommendations.
• Responding to customer data subject requests. We will assist upon request.

11. Non-Personal Data

11.1 What is non-personal data? Non-personal data is information that cannot be used to identify an individual. This includes aggregated statistics, anonymized usage patterns, and technical data such as device types and browser versions.

11.2 How we use non-personal data. We may use non-personal data for any lawful purpose, including analyzing service usage, improving our products, generating industry benchmarks, and sharing aggregated insights with third parties. Non-personal data is not subject to the restrictions that apply to personal data under this Privacy Policy.

11.3 Aggregation. If non-personal data were ever combined with other data in a way that allows identification of an individual, we would treat the combined data as personal data for as long as it remains identifiable. Currently, we do not combine data in this manner.

12. California Privacy Rights

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights regarding your personal information:

• Right to know — you may request that we disclose what personal information we have collected about you, the sources, the purposes, and the third parties with whom we have shared it.
• Right to delete — you may request deletion of your personal information, subject to certain exceptions.
• Right to opt-out of sale — we do not sell personal information as defined by the CCPA. No opt-out is required.
• Right to non-discrimination — we will not discriminate against you for exercising any of your CCPA rights.

To exercise your rights under the CCPA, contact us at [email protected]. We will verify your identity and respond within 45 days as required by law.

13. Data Processing Agreement

A Data Processing Agreement (DPA) is available upon request for merchants who require one for their compliance obligations. Contact [email protected] to request a copy.

14. Conditions of Use

Your use of RavenPulse and any dispute arising from it is subject to this Privacy Policy and any applicable terms of service or order forms agreed upon between you and RavenPulse. By installing or using the app, you acknowledge that you have read and understood this Privacy Policy.

15. Contact

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at: