ShopCommander

ShopCommander

Privacy Policy

Last updated June 22, 2026

This Privacy Policy explains how ShopCommander, operated by Floox AI, Inc. (“ShopCommander”, “we”, “us”, or “our”), collects, uses, and protects information when you use our website, web console, mobile app, and the embedded Shopify application (together, the “Service”).

Information we collect

We collect the following categories of information:

  • Account information — your name, email address, and a securely hashed password when you create a ShopCommander account.
  • Shopify store data — when you connect a store, we access store data through the permissions you authorize during Shopify installation (for example products, inventory, orders, customers, fulfillments, and discounts). We access this data using a Shopify access token issued to us by you, and act on your behalf.
  • Content you provide — chat messages, workflows you build, instructions you give the agent, and files you upload.
  • Usage and device data — log data such as IP address, browser or device type, and timestamps, which we use for security, troubleshooting, and reliability.

How we use information

  • To provide and operate the Service, including running the AI agent and the workflows you create.
  • To carry out the actions you request against your connected store (such as updating the catalog, fulfilling orders, or purchasing shipping labels).
  • To send you transactional messages such as security, account, and service notifications.
  • To secure, maintain, debug, and improve the Service.
  • To comply with legal obligations and enforce our Terms of Use.

AI processing

To generate responses and perform the tasks you request, your chat messages and the relevant store context are sent to our AI provider (Anthropic, accessed via OpenRouter). This processing happens only to provide the Service. We do not sell your data, and we do not use your store or customer data to train third-party foundation models beyond what is necessary to deliver the features you use. AI output can be imperfect — you remain in control of which actions are executed.

How we share information

We do not sell personal information. We share data only with service providers (“sub-processors”) that help us operate the Service, under contractual confidentiality and data-protection obligations:

  • Anthropic / OpenRouter — AI model processing for the agent and workflows.
  • Shopify — the commerce platform your store runs on and through which you authorize access.
  • ShipStation / ShipEngine — carrier rate quotes, shipping labels, and tracking.
  • Amazon Web Services — application hosting and file/object storage.
  • Postmark — delivery of transactional email.

We may also disclose information if required by law, to protect our rights and users, or in connection with a merger, acquisition, or sale of assets, in which case we will notify you of any change in ownership.

Merchant and customer data

When you connect a Shopify store, the store and customer data we access belongs to you, the merchant. We process it as a service provider / data processor solely to provide the Service to you and in accordance with your instructions and the access scopes you grant.

Data retention

We retain account and store data for as long as your account is active. You can delete chats and workflows at any time. When you delete your account or uninstall the app, we delete or anonymize the associated data within a reasonable period, except where we must retain it to meet legal, security, or accounting obligations.

Security

We protect data in transit using TLS/HTTPS, store access tokens and credentials using access controls, and follow industry-standard practices to safeguard your information. No method of transmission or storage is completely secure, but we work to protect your data and to promptly address any issues.

Your rights

Depending on where you live, you may have the right to access, correct, export, or delete your personal information, and to object to or restrict certain processing. To exercise these rights, contact us at privacy@shopcommander.io. We do not sell personal information.

International data transfers

We operate from and process data in the United States. If you access the Service from outside the United States, you understand that your information may be transferred to and processed in the United States.

Children

The Service is intended for businesses and is not directed to children under 16. We do not knowingly collect personal information from children.

Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date above, and significant changes will be communicated through the Service.

Contact us

Questions about this policy or your data? Email us at privacy@shopcommander.io.