Privacy Policy
Effective Date: December 2025 | Last Updated: December 15, 2025
1. Introduction
Welcome to ShopAssist ("we", "us", "our"). We respect your privacy and protect your personal data in accordance with the EU General Data Protection Regulation (GDPR) and German data protection laws, including the Telekommunikation-Telemedien-Datenschutz-Gesetz (TTDSG). This policy explains what data we collect, how we use it, and your rights when visiting getshopassist.com or interacting with us (e.g., booking a demo, contacting us, or using our widget on a Merchant's store).
2. Controller
Kremic Ventures UG (haftungsbeschränkt)
trading as ShopAssist
Liselotte-Herrmann-Straße 12
10407 Berlin, Germany
3. Data We Collect and Process
3.1 Data you provide voluntarily
- Direct Interaction: When you book a call, request a demo, or contact us via email.
- Merchant Account Data: If you are a Merchant using our service, we collect your name, company details, business email, and Shopify store URL.
- Purpose: Responding to inquiries, onboarding your store, and managing business relationships.
- Legal basis: Art. 6 (1)(b) GDPR (contract performance/initiation) and Art. 6 (1)(f) GDPR (legitimate interest).
3.2 Automatically collected data
When you visit our website (getshopassist.com), we process technical data such as IP address, browser type, device/OS, referrer URL, and visited pages.
- Purpose: Security, stability, and performance of the website.
- Legal basis: Art. 6 (1)(f) GDPR (legitimate interest).
3.3 Privacy-Friendly Analytics (Legitimate Interest)
We use Vercel Web Analytics and Speed Insights to measure website performance and reach.
- No Cookies: These tools do not store any cookies or identifiers on your device.
- Anonymization: Your IP address is processed to create a temporary, anonymous hash that automatically expires after 24 hours. It is impossible for us to track your behavior across different days or other websites.
- Purpose: To analyze technical errors, load times, and visitor counts.
- Legal Basis: Art. 6 (1)(f) GDPR (Legitimate Interest in the technical optimization and error-free delivery of our service).
4. Purpose & Legal Basis
Service Provision
Connecting to Shopify APIs to sync products (Contract).
CRM & Sales
Managing demo requests and merchant onboarding (Legitimate Interest).
Website Operation
Hosting and security (Legitimate Interest).
Analytics
Performance measurement (Consent).
We do not sell or rent personal data.
5. Data Recipients / Processors
5.1 Data Collected via ShopAssist Widget (Shopper Interactions)
When a shopper interacts with the ShopAssist widget embedded on a Merchant's Shopify store:
- Role: The Merchant is the Data Controller. ShopAssist is the Data Processor.
- Data Processed: Chat inputs, product queries, interaction history, and session metadata.
- Purpose: To provide accurate product answers, recommendations, and facilitate the purchase journey.
- Legal basis: The Merchant’s lawful basis (typically Art. 6 (1)(f) Legitimate Interest or (a) Consent).
- AI Processing: Chat inputs are processed by Large Language Models (LLMs) to generate responses. We ensure these providers adhere to strict data security standards.
5.2 List of Service Providers
We work with trusted service providers under Art. 28 GDPR, all with data processing agreements (DPAs):
| Provider | Purpose |
|---|---|
| OpenAI | LLM & AI Response Generation |
| Neon | Relational Database |
| Pinecone | Vector Database |
| Shopify | E-commerce Platform Integration |
| Vercel | Hosting & Analytics |
| Render | Backend API hosting |
| Cal.com | Booking demos |
| Google Ireland | Workspace & Analytics |
| Slack | Internal communication |
6. International Data Transfers
Where data is transferred outside the EU/EEA (e.g., to US-based AI providers like OpenAI or Pinecone), we rely on adequacy decisions (e.g., EU-US Data Privacy Framework) and/or Standard Contractual Clauses (SCCs) under Art. 46 GDPR, with additional security measures.
7. Data Retention
We retain data only as long as necessary:
- Contact inquiries: up to 12 months.
- Merchant Account Data: Duration of the subscription + legal retention periods.
- Chat Logs (Processor Data): Retained according to the Merchant's instructions or anonymized for model improvement where permitted.
- Legal retention (invoices): up to 10 years (German law).
8. Your Rights (GDPR)
You have the right to Access (Art. 15), Rectification (Art. 16), Restriction (Art. 18), Data Portability (Art. 20), Objection (Art. 21), and Withdrawal of Consent (Art. 7 (3)).
To exercise these rights:
- Merchants: Contact privacy@getshopassist.com.
- Shoppers: Please contact the Merchant (Store Owner) directly, as they are the Controller of your chat data.
9. Data Security
We implement strict technical measures (SSL/TLS, access control, encrypted databases) to protect data, specifically regarding the syncing of Shopify inventory and processing of chat logs.
10. Supervisory Authority
Berliner Beauftragte für Datenschutz und Informationsfreiheit
Alt-Moabit 59–61, 10555 Berlin
11. Contact
Kremic Ventures UG (haftungsbeschränkt)
trading as ShopAssist
Liselotte-Herrmann-Straße 12
10407 Berlin, Germany
Managing Director: Tim Kremic