Gimmie AI Privacy Policy

Last Updated: November 25, 2025

1. Introduction

At Gimmie AI, your privacy is our highest priority. This Privacy Policy outlines how we collect, use, and protect your information across our services, including the Gimmie AI Shopify App, embeddable widgets, and related services (collectively, the "Services"). We are committed to being transparent and respectful of your data.

This policy applies to:

  • Merchants who install our Shopify App
  • Customers who interact with our widget on merchant storefronts

2. Information We Collect from Widget Users (Customers)

When customers interact with the Gimmie widget on a merchant's storefront, we collect limited, non-identifying information:

  • Preference data: Gift recipient type, occasion, budget range, and style preferences provided during the widget questionnaire
  • Interaction data: Clicks, product views, add-to-cart actions, and navigation within the widget
  • Session tokens: Anonymous identifiers to maintain widget state and track the customer journey
  • Device information: Browser type and device category (for optimizing the experience)

What We Do NOT Collect from Customers:

  • Names or nicknames
  • Email addresses
  • Phone numbers
  • Physical addresses
  • Payment or financial information

2A. Information We Collect from Merchants (Shopify App)

When merchants install the Gimmie AI Shopify App, we collect the following data through Shopify's API:

Store Information

  • Shop domain and store name
  • Store timezone and currency settings
  • Shopify plan information

Product Catalog (via read_products scope)

  • Product titles, descriptions, and prices
  • Product images and variants
  • Product tags, collections, and categories
  • Inventory status

Order Data (via read_orders scope)

  • Order IDs and order totals
  • Products purchased and quantities
  • Order timestamps and financial status
  • Shopify customer IDs only (numeric identifiers for attribution)

Customer Data (via read_customers scope)

  • Shopify customer IDs only (numeric identifiers)
  • We do NOT access or store customer names, emails, phone numbers, or addresses

Why We Collect This Data

  • Product catalog: To power AI-driven gift recommendations
  • Order data: To calculate affiliate commission and track conversions
  • Customer IDs: To attribute purchases to widget sessions (for merchant analytics)

3. How We Use Information

We use collected information for the following purposes:

  • To provide personalized gift recommendations via our AI-powered widget
  • To build anonymous user profiles that enhance recommendation relevance
  • To analyze usage trends and improve user experience
  • To provide merchants with analytics on widget performance and conversion rates
  • To calculate and track affiliate commissions from purchases initiated through our Services
  • To improve our AI recommendation algorithms

4. No Financial or Payment Data Collected

Gimmie AI does not process or store credit card data or payment information. All purchases initiated through our widget are completed through Shopify's secure checkout. Payment processing is handled entirely by Shopify and the merchant's payment providers.

5. Data Sharing & Third-Party Services

We do not sell or rent your data. We share data only with the following trusted service providers necessary to operate our Services:

Service Providers

ServicePurposeData Shared
SupabaseDatabase hostingAll app data (encrypted)
OpenAIAI product recommendationsProduct titles and descriptions (no customer PII)
ShopifyPlatform integrationOAuth tokens, API data exchange
Fly.ioApplication hostingApp execution (no data storage)

Data Sharing Principles

  • We only share the minimum data necessary for each service to function
  • All service providers are bound by data processing agreements
  • No customer personal information (names, emails, addresses) is shared with AI services
  • We never share data for advertising or cross-platform marketing purposes

Merchant Analytics

Merchants can view analytics about their own store's widget performance, including:

  • Total widget sessions and conversion rates
  • Products recommended and purchased via the widget
  • Revenue attributed to Gimmie recommendations

This data is only accessible to the merchant who owns the store.

6. Data Storage & Security

Security Measures

We use industry-standard security measures to protect your data:

  • Encryption at rest: All data stored in our database is encrypted (AES-256)
  • Encryption in transit: All data transmission uses TLS 1.3
  • Access controls: Data access is restricted to authorized personnel only
  • Regular security audits: We conduct periodic security reviews

Data Storage Location

Our infrastructure is hosted in the United States:

  • Database: Supabase (AWS US-East region)
  • Application: Fly.io (US-West/LAX region)

International Data Transfers

If you are located in the European Economic Area (EEA), United Kingdom, or other regions with data protection laws, your data may be transferred to and processed in the United States. By using our Services, you consent to this transfer. We implement appropriate safeguards for international data transfers in compliance with applicable laws.

6A. Data Retention Periods

We retain different types of data for varying periods based on business necessity and legal requirements:

Data TypeRetention PeriodReason
Widget sessions90 daysAnalytics and conversion tracking
Product catalog30 days after app uninstallGrace period for reinstallation
Conversion records7 yearsFinancial and tax compliance
Commission data7 yearsBilling and audit requirements
Shopify customer IDsDeleted within 30 days of GDPR requestPrivacy compliance
Store data after uninstallDeleted within 48 hoursPer Shopify requirements

Data Deletion

  • Automatic: Session data older than 90 days is automatically purged
  • On uninstall: Store-specific data is deleted within 48 hours of app uninstallation
  • On request: Personal data deletion requests are processed within 30 days

7. Cookies & Tracking Technologies

Gimmie uses cookies and similar technologies solely to:

  • Maintain widget session state across page navigation
  • Store customer preferences during the recommendation flow
  • Enable accurate tracking for analytics and affiliate commission attribution
  • Remember widget settings (position, color preferences)

We do not use cookies for:

  • Cross-site tracking
  • Advertising or retargeting
  • Building profiles for third-party marketing

You can adjust your browser settings to control cookie behavior. Disabling cookies may affect widget functionality.

8. Your Rights and Choices

For All Users

You have the right to:

  • Access: Request a copy of your data
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your data
  • Opt-out: Decline certain forms of data collection

For EEA/UK Residents (GDPR Rights)

If you are in the European Economic Area or United Kingdom, you also have the right to:

  • Data portability: Receive your data in a machine-readable format
  • Restriction: Request limited processing of your data
  • Object: Object to processing based on legitimate interests
  • Withdraw consent: Withdraw previously given consent at any time

To exercise any of these rights, contact us at support@gimmie.ai

8A. Shopify Merchant Rights

GDPR Compliance

We comply with Shopify's mandatory privacy webhooks:

  • Customer data requests: We respond within 30 days to provide any stored customer data
  • Customer data deletion: We delete/anonymize customer IDs within 30 days of receiving a deletion request
  • Shop data deletion: We delete all store data within 48 hours of app uninstallation

What Happens When You Uninstall

When you uninstall the Gimmie app:

  1. Your widget immediately stops functioning on your storefront
  2. Within 48 hours, we delete your store settings and configuration
  3. Product catalog data is retained for 30 days (in case you reinstall), then deleted
  4. Conversion/commission records are retained for 7 years (financial compliance)

Data Export

Merchants can request a full export of their store's Gimmie data by contacting support@gimmie.ai. We will provide the export within 30 days.

Minimal Data Collection

We follow the principle of data minimization:

  • We only collect data necessary for app functionality
  • We do not store customer emails, names, phone numbers, or addresses
  • We use Shopify customer IDs (numeric) only for attribution purposes

9. Children's Privacy

Gimmie AI does not knowingly collect data from children under the age of 13 (or 16 in the EEA). Our Services are intended for use by merchants and adult shoppers. If we become aware that we have collected data from a child, we will delete it immediately.

10. Updates to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes:

  • We will update the "Last Updated" date at the top of this policy
  • For significant changes, we will notify merchants through the Shopify App dashboard
  • Continued use of our Services after changes constitutes acceptance of the updated policy

11. Contact Information

If you have any questions, concerns, or requests related to privacy or this policy:

Gimmie AI, LLC United States

We aim to respond to all privacy inquiries within 30 days.