Privacy Policy

Effective Date: March 13, 2026

Nexus Commerce ("we," "us," or "our") operates the Nexus Commerce platform, including the Nexus Commerce Shopify app, website at nexuscommerce.co, and related services (collectively, the "Service"). This Privacy Policy explains how we collect, use, store, and protect information when you use our Service.

By installing the Nexus Commerce app or using our Service, you agree to the practices described in this policy.

SECTION 1 — INFORMATION WE COLLECT

1.1 Merchant Account Information

When you subscribe to Nexus Commerce, we collect:

• Email address
• Name
• Company or store name
• Payment and billing information (processed by Stripe; we do not store card numbers)

1.2 Shopify Store Data

When you connect your Shopify store, we access and store the following data through the Shopify API:

• Product catalog data (titles, descriptions, prices, variants, images, inventory levels, collections)
• Order data (order totals, line items, dates, fulfillment status, discount codes, shipping addresses)
• Customer data (names, email addresses, order history, customer tags, account creation dates)
• Abandoned checkout data (cart contents, email addresses, checkout timestamps, completion status)

We only access data that is necessary to operate the AI agents assigned to your store.

1.3 Usage and Interaction Data

• Actions taken within the Nexus Commerce workspace (approvals, rejections, feedback comments)
• Agent performance metrics and task history
• Email open and click events related to agent-generated communications (tracked by your email provider, not by us directly)

SECTION 2 — HOW WE USE YOUR INFORMATION

We use the information we collect for the following purposes:

Store Analysis
Analyzing your Shopify data to determine which AI agents are most beneficial for your business.

Agent Operations
Powering AI agents that monitor your store, identify opportunities, and prepare actions such as cart recovery emails, customer retention outreach, and operational reports.

Personalization
Generating personalized recommendations and communications tailored to your customers' behavior and your store's brand voice.

Approval Workflow
Presenting staged actions for your review before any customer-facing communication is sent.

Performance Reporting
Providing you with reports on agent activity, recovery rates, and business impact.

Service Improvement
Improving the accuracy and relevance of our AI agents based on aggregated, anonymized usage patterns.

Account Management
Managing your subscription, sending transactional emails, and providing customer support.

We do not use your data to train general-purpose AI models. Your store data is used solely to operate agents within your account.

SECTION 3 — HOW WE SHARE YOUR INFORMATION

We do not sell, rent, or trade your personal data or your customers' personal data to third parties.

We share data only with the following categories of service providers, strictly to operate the Service:

Provider: Supabase
Purpose: Database hosting
Data Shared: All store and account data (encrypted at rest)

Provider: Anthropic (Claude)
Purpose: AI analysis and agent reasoning
Data Shared: Store data excerpts sent for analysis (not retained by Anthropic for training)

Provider: Stripe
Purpose: Subscription billing
Data Shared: Merchant email and payment details

Provider: Nango
Purpose: OAuth connection management
Data Shared: Shopify access tokens (encrypted)

Provider: Loops
Purpose: Transactional email delivery
Data Shared: Merchant email addresses and agent-generated email content

Provider: Queue (UseQueue)
Purpose: Workspace and task management
Data Shared: Agent task summaries and merchant comments

All service providers are bound by their own privacy policies and data processing agreements. We select providers that maintain SOC 2 compliance or equivalent security standards.

SECTION 4 — YOUR CUSTOMERS' DATA

When our AI agents process data about your customers (for example, to identify abandoned carts or at-risk customers), this data is:

• Processed solely on your behalf and at your direction
• Stored in a tenant-isolated database with row-level security so no other merchant can access it
• Never shared with other merchants or third parties
• Never sold or used for advertising
• Deleted when you cancel your subscription (see Section 6)

You are responsible for ensuring that your use of Nexus Commerce complies with your own privacy policy and any applicable laws regarding your customers' data.

SECTION 5 — DATA SECURITY

We implement the following security measures:

Encryption at Rest
All data stored in our database is encrypted using AES-256 encryption.

Encryption in Transit
All data transmitted between your browser, our servers, Shopify, and third-party services uses TLS/HTTPS.

Tenant Isolation
Row-level security policies ensure each merchant can only access their own data.

Access Controls
Internal API endpoints are protected by cryptographic keys. Client-facing endpoints require authentication.

Rate Limiting
All API endpoints are rate-limited to prevent abuse.

Token Security
Shopify OAuth tokens are stored by Nango with encryption and are never exposed to client-side code.

Approval Gates
Customer-facing actions (emails, outreach) require explicit merchant approval before execution.

SECTION 6 — DATA RETENTION

Active Accounts
We retain your data for as long as your subscription is active and your Shopify store is connected.

Raw Shopify Data
Refreshed on each sync cycle. Previous snapshots are overwritten, not accumulated.

Agent Logs and Task History
Retained for the duration of your subscription to support performance reporting and training.

Cancelled Accounts
When you cancel your subscription, all data associated with your account — including store data, agent configurations, task history, and customer data — is deleted within 30 days. Deletion cascades through all related database tables.

Backup Retention
Encrypted database backups maintained by our hosting provider (Supabase) follow their standard retention schedule and are not accessible to other tenants.

SECTION 7 — YOUR RIGHTS

Depending on your jurisdiction, you may have the following rights:

Access
Request a copy of the data we hold about you and your store.

Correction
Request correction of inaccurate data.

Deletion
Request deletion of your data at any time. Uninstalling the Shopify app or cancelling your subscription will trigger automatic deletion within 30 days.

Data Portability
Request an export of your data in a machine-readable format.

Opt-out of Automated Decisions
All customer-facing actions generated by AI agents are staged for your manual review and approval. You may reject any action.

To exercise any of these rights, contact us at privacy@nexuscommerce.co.

SECTION 8 — YOUR CUSTOMERS' RIGHTS

If a customer of your store contacts us directly requesting access to, correction of, or deletion of their personal data, we will direct them to you as the data controller. We will cooperate with you to fulfill such requests.

We respect and apply the consent decisions made by customers through your Shopify store, including marketing opt-outs and data sale opt-outs where applicable.

SECTION 9 — COOKIES AND TRACKING

The Nexus Commerce platform does not use cookies for advertising or tracking purposes. We may use essential cookies or local storage for authentication sessions. We do not embed third-party trackers, pixels, or advertising scripts in our Service.

SECTION 10 — CHILDREN'S PRIVACY

Our Service is designed for business use by merchants. We do not knowingly collect personal information from children under 16. If we become aware that we have collected such data, we will delete it promptly.

SECTION 11 — INTERNATIONAL DATA TRANSFERS

Your data may be processed in the United States, where our hosting infrastructure is located. By using the Service, you consent to the transfer of your data to the United States. We ensure that all data transfers are protected by the security measures described in Section 5.

SECTION 12 — CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through the Service. The "Last Updated" date at the top of this page indicates when the policy was most recently revised.

SECTION 13 — CONTACT US

If you have questions about this Privacy Policy or our data practices, contact us at:

Nexus Commerce
Email: privacy@nexuscommerce.co
Website: https://nexuscommerce.co

SECTION 14 — SHOPIFY APP USERS

This section applies specifically to merchants who install the Nexus Commerce app from the Shopify App Store.

• We access your Shopify store data through the Shopify Admin API using OAuth credentials managed by Nango.
• We request only the API scopes necessary to operate the AI agents assigned to your store.
• We comply with Shopify's API Terms of Service and Partner Program Agreement.
• Uninstalling the Nexus Commerce app from your Shopify store will trigger the deletion of all data associated with your store within 30 days.
• We do not use Shopify customer data for any purpose other than operating the Service on your behalf.

If you want, I can also give you a Framer-optimized version (clean H1/H2 hierarchy + spacing) that will render much nicer on your legal page without manual formatting.