Privacy Policy - Ultimate Contact Page

Last Updated: January 14, 2026

Overview

Ultimate Contact Page ("we", "our", or "the App") is committed to protecting the privacy of merchants and their customers. This Privacy Policy explains how we handle personal data when merchants use our App.

About Our App

Ultimate Contact Page is a Shopify app that provides a comprehensive customer support solution. The app allows customers to check their order status by entering their email and order number, browse frequently asked questions, and interact with an AI-powered chat assistant.

Data We Access

Protected Customer Data

Our app accesses the following protected customer data:

• Email address: Used solely to verify customer identity when checking order status
• Order information: Order number, status, and basic order details

Why We Need This Data

• Email: To authenticate customers and ensure they can only view their own order information
• Order data: To display order status to the authenticated customer

How We Use Data

Email Address Usage

• Purpose: Real-time verification only
• Storage: Email is NOT stored, logged, or retained
• Process: Email is used immediately for verification and then discarded
• Transmission: Encrypted via HTTPS/TLS

Order Information Usage

• Purpose: Display order status to authenticated customers
• Storage: We do not store order information; it's fetched in real-time from Shopify
• Access: Only accessible to the customer who owns the order (verified by email)

Data Minimization

We practice strict data minimization:

• ✅ We only access email (no name, phone, or address)
• ✅ We do not store customer email addresses
• ✅ We do not log customer information
• ✅ We fetch order data in real-time (no retention)
• ✅ We do not share data with third parties

Data We Store

The only data we store is:

1. Merchant Settings: App configuration (e.g., custom messages, colors, titles)
2. FAQ Content: Frequently asked questions created by merchants
3. AI Settings: AI assistant configuration and system prompts
4. Shopify Session Tokens: For app authentication with Shopify

We DO NOT store:

• Customer names
• Customer email addresses
• Customer phone numbers
• Customer addresses
• Payment information
• Chat conversation history (conversations are not stored)

Data Security

Encryption

• In Transit: All data transmission uses HTTPS/TLS encryption
• At Rest: Our database is encrypted by our hosting provider
• Backups: All backups are encrypted

Access Controls

• Only authorized personnel have access to merchant data
• Strong password requirements for all accounts
• Activity logging for security monitoring

Separation of Environments

• Test data is completely separate from production data
• Development stores use test data only

Data Retention

• Customer Email: Zero retention (not stored)
• Customer Orders: Zero retention (fetched in real-time)
• Chat Conversations: Zero retention (not stored)
• Merchant Settings: Retained while merchant uses the app
• FAQ Content: Retained while merchant uses the app

When a merchant uninstalls the app, all their settings, FAQs, and AI configurations are deleted within 30 days.

Data Sharing

We DO NOT:

• Sell customer data
• Share customer data with third parties
• Use customer data for marketing
• Use customer data for analytics
• Transfer customer data outside our secure infrastructure

The only data sharing is:

• Shopify API: To verify orders (part of normal app operation)
• OpenAI API: To provide AI chat functionality (conversations are sent to OpenAI but not stored by us)

Customer Rights

Customers have the right to:

• Access: View their order status
• Deletion: Request deletion of their data (though we don't store it)
• Opt-out: Not use our order lookup or AI chat features

Merchants have the right to:

• Access: View all data we store about their store
• Deletion: Uninstall the app to delete all their data
• Portability: Request export of their settings and FAQs

GDPR Compliance

We comply with GDPR requirements:

• ✅ Data minimization
• ✅ Purpose limitation
• ✅ Storage limitation (zero retention of personal data)
• ✅ Encryption and security
• ✅ Data subject rights
• ✅ Transparency

We provide the required GDPR webhooks:

• customers/data_request: Provide customer data
• customers/redact: Delete customer data
• shop/redact: Delete shop data

Changes to This Policy

We may update this Privacy Policy from time to time. Merchants will be notified of significant changes via email or through the app.

Data Breach Response

In the unlikely event of a data breach, we will:

1. Notify affected merchants within 72 hours
2. Notify Shopify immediately
3. Take immediate action to contain the breach
4. Investigate and document the incident
5. Implement measures to prevent future breaches

Contact Information

For privacy questions or concerns:

• Email: [Your Support Email]
• Privacy Officer: [Your Name/Team]
• Shopify Partners Dashboard: [Your Partner Link]

Merchant Responsibilities

Merchants using our app are responsible for:

• Ensuring their customers are informed about data processing
• Complying with applicable privacy laws in their jurisdiction
• Maintaining accurate privacy policies on their stores

Third-Party Services

We use the following third-party services:

• Shopify API: For order and customer verification
• OpenAI API: For AI chat functionality (GPT-4)
• Hosting Provider: Render (for app hosting)

All third-party services are GDPR-compliant and have appropriate data protection agreements.

Legal Basis for Processing

Under GDPR, our legal basis for processing personal data is:

• Legitimate Interest: Providing order status and customer support functionality to merchants and their customers
• Merchant Consent: Merchants consent to data processing by installing our app

Data Protection Officer

For data protection inquiries:

• Email: [Your Email]
• Response Time: Within 48 hours

---

By installing Ultimate Contact Page, merchants agree to this Privacy Policy and confirm they have informed their customers about data processing.

Last reviewed: January 14, 2026