AgentShelf avoids customer data and keeps merchant catalog data scoped to product work.

Data we process

• Shop identity and installation state, including MyShopify domain and billing status.
• Product, variant, catalog, theme status, and merchant-provided product content needed to score, generate, review, publish, and monitor product guidance.
• Operational records such as webhook delivery hashes, job states, support requests, audit logs, and privacy request lifecycle records.

Data we avoid

AgentShelf is designed to avoid customer data by default. Shopify privacy webhook payloads are not stored raw. Customer email addresses from privacy webhooks are stored only as SHA-256 hashes when Shopify includes them.

How data is used

• To sync catalog data and identify missing product information.
• To generate source-backed buyer guidance for merchant review.
• To publish approved content to Shopify app-owned fields and storefront blocks.
• To monitor changed products, support merchants, maintain security, and satisfy Shopify compliance webhooks.

Retention and deletion

When a merchant uninstalls AgentShelf, the app revokes local token access and marks the shop as uninstalled. Shopify compliance webhooks for customer data requests, customer redaction, and shop redaction are verified, deduped, and recorded without retaining raw private payloads.

Subprocessors

AgentShelf may use infrastructure, logging, queue, storage, and AI providers to operate the app. Product data sent to an AI provider is limited to the fields needed for the selected product guidance workflow.