ShopHero

Privacy Policy

Last updated: June 2026

ShopHero (“ShopHero,” “we,” “us”) is an AI assistant for Shopify merchants. This policy explains what data we access, how we use it, and the choices you have. By installing or using ShopHero, you agree to this policy.

What we access

ShopHero connects to your store through Shopify's official Admin API, using only the permissions (scopes) you approve at install. Depending on those scopes, this can include your theme files, products, collections, pages and blog content, and store metadata. We act on your store on your behalf to produce and - with your approval - apply the changes you request.

How we use AI

To generate recommendations and edits, relevant store content and metadata are sent to our AI provider, Anthropic (the Claude API). Anthropic processes this data to return results and does not use API data to train its models. We select the appropriate Claude model for each task to balance quality and cost.

What we store

  • Your store domain and access token (stored securely / encrypted)
  • Your settings, Brand Kit, and any long-term “memory” you provide
  • Drafts, generated content, and version history of changes
  • Usage and billing events needed to operate and bill the service

We deliberately avoid processing your customers' personal data and do not require access to orders or buyer information to run ShopHero.

Service providers (subprocessors)

  • Shopify — the platform your store and our app run on
  • Anthropic — AI processing (Claude)
  • Our cloud hosting and database providers, used to run the service
  • Billing is handled through Shopify Billing

Data retention & deletion

We retain your data while ShopHero is installed. When you uninstall, we delete your store's data in response to Shopify's app-uninstalled webhook, and we honor Shopify's mandatory customer data-request and erasure webhooks. You can request deletion at any time through our contact page.

Security

We use Shopify's official APIs with least-privilege scopes, encrypt sensitive credentials, and transmit data over secure connections. No system is perfectly secure, but we work to protect your information.

Your rights

You may request access to, correction of, or deletion of your data. Contact us and we'll respond within a reasonable timeframe.

Changes

We may update this policy as the service evolves. Material changes will be posted on this page with a new “last updated” date.

Contact

Questions about privacy? Reach us through our contact page.