Privacy Policy

Effective 1 June 2026

This Privacy Policy explains how CoreAttend ("CoreAttend", "we", "us") collects, uses, and protects information when you use our website, our customer portal, and our Shopify application (collectively, the "Services"). We act as a data processor for the merchant store data we access on a merchant's behalf, and as a data controller for our own account and website data.

1. Information we collect

  • Shopify store data (merchants). When a merchant installs our Shopify app, we access — on a strictly read-only basis — store products, customers, and orders via the scopes read_products, read_customers, and read_orders. We use this data only to power subscription analytics and management for that merchant's own store.
  • Subscriber data (customers). For brands using our customer portal, we process subscriber contact details, subscription and billing status, shipment history, and curation preferences in order to deliver the subscription service.
  • Account data. Names, email addresses, and authentication credentials for merchant and customer accounts.
  • Website & usage data. Standard server logs (IP address, user agent, timestamps) and the content of messages you send to our website assistant.

2. How we use information

  • Provide subscription intelligence, analytics, and lifecycle management.
  • Authenticate users and secure accounts.
  • Operate our website assistant and respond to support requests.
  • Comply with legal obligations and prevent abuse.

We do not sell personal information, and we do not use merchant store data to train AI models.

3. AI processing

Our in-product and website assistants send the text of your messages (and, in the customer portal, the relevant subscription context) to our AI provider, Anthropic, solely to generate a response. This data is not used to train models. Do not submit sensitive personal information to the assistant.

4. Sharing & sub-processors

We share data only with service providers that help us run the Services:

  • Shopify — platform integration and billing.
  • Anthropic — AI assistant responses.
  • Our hosting provider — secure application and database hosting.

We may also disclose information where required by law.

5. Data retention & deletion

We retain data for as long as a merchant or customer account is active. When a merchant uninstalls our Shopify app, we stop accessing the store and suspend the associated records. We honor Shopify's mandatory data-protection requests:

  • customers/data_request — we compile the store-customer data we hold.
  • customers/redact — we delete the relevant customer's personal data.
  • shop/redact — we delete the store's data 48 hours after uninstall.

6. Your rights

Depending on your location (including under the GDPR and CCPA), you may have the right to access, correct, delete, or port your personal data, and to object to or restrict certain processing. Shopify subscribers should direct requests to the merchant who operates the store; we will assist that merchant in fulfilling them. You can contact us using the details below.

7. Security

We protect data with encryption in transit (TLS), encryption of stored access tokens, scoped access, and a strict content-security policy. No method of transmission or storage is completely secure, but we work to protect your information using industry-standard safeguards.

8. International transfers

We may process data in countries other than your own. Where required, we rely on appropriate safeguards for such transfers.

9. Children

The Services are not directed to children under 16, and we do not knowingly collect their data.

10. Changes

We may update this policy from time to time. Material changes will be reflected by updating the effective date above.

11. Contact

Questions or privacy requests: privacy@coreattend.com.

← Back to home

Need help with your subscription? Chat with us!

CoreAttend AI
Online — ready to help

Powered by AI. Responses may not always be accurate.