Effective Date: April 24, 2025

1. Introduction Generative Search ("we," "us," or "our") provides an AI‑powered product search solution for e‑commerce merchants via API and embedded front‑end components. We respect your privacy and are committed to protecting any information you share with us. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

2. Information We Collect2.1 Information You Provide Directly

• Search Queries: Text entered or uploaded image data (base64‑encoded) used to generate search results.
• Shop Credentials: Your store domain identifier and API access tokens stored in our secure database to call Shopify APIs.

2.2 Information Collected Automatically

• Usage Data: Log data such as request timestamps, IP addresses, user agent strings, and error reports recorded in AWS CloudWatch or similar services.
• Analytics: Aggregate metrics on query volumes, latency, and feature usage to improve performance.

3. How We Use Your Information

• Service Delivery: To process search requests, fetch product details from Shopify, and return relevant results.
• Optimization & Improvement: To analyze usage patterns, optimize query parsing models, and enhance search relevance over time.
• Monitoring & Security: To detect and prevent abuse, troubleshoot issues, and secure our infrastructure.

4. Information Sharing

• Third‑Party Service Providers: We share necessary data (e.g., search terms, image URLs) with OpenAI for text and image analysis, and with AWS (DynamoDB, S3) for storage and processing.
• Shopify: We fetch product metadata via Shopify’s GraphQL API using your store’s access token.
• Legal Compliance: We may disclose information to comply with legal obligations or protect rights and safety.

5. Data Retention

• We retain your search queries, usage logs, and credential records for as long as your merchant account is active, plus up to one year thereafter for audit and analytics purposes. Deleted or revoked stores have their data purged within 30 days.

6. Security Measures

• We implement administrative, technical, and physical safeguards to protect your information, including encryption at rest (AES‑256) and in transit (TLS 1.2+), IAM‑restricted access, and routine security reviews.

7. Your Rights & Choices

• Access & Portability: You may request a copy of your personal data by contacting us.
• Correction & Deletion: You can correct or delete stored information by revoking your store’s integration or contacting support.
• Opt‑Out: You may opt‑out of analytics tracking by contacting us, although this may limit our ability to improve the service.

8. Children’s Privacy Our service is not directed to children under 13. We do not knowingly collect personal data from minors.

9. Changes to This Policy We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify you of material changes via email or portal announcements and update the “Effective Date.”

10. Contact Us If you have any questions or requests regarding this Privacy Policy, please email us at contact@rpm.nz.