Privacy Policy

1. Overview

Trooix ("Trooix", "we", "us") operates app.trooix.com (the "Service") — an AI-powered platform that builds, deploys, and maintains custom Shopify apps on behalf of Shopify merchants.

This Privacy Policy explains what information we collect when you install and use Trooix, how we use it, and what choices you have. By installing or using Trooix, you agree to the practices described here.

2. Data We Collect

We collect the following categories of data:

a) Shop and authentication data

• Your Shopify store domain (e.g. your-store.myshopify.com)
• Shopify OAuth access token — required to call the Shopify Admin API on your behalf
• Store owner name and email address (provided by Shopify during OAuth)
• Shopify plan and store currency

b) App configuration and project data

• Natural language descriptions you provide when requesting an app ("prompts")
• Project settings, preferences, and feedback you submit through the dashboard
• Build logs, test results, and deployment records generated by the Service

c) Shopify store data accessed via API

Depending on the app Trooix builds for you, the Service may read and/or write data from your Shopify store through the Admin API. The specific data accessed depends on the scopes granted during installation and the features of the app being built. Typical categories include:

• Products, variants, and inventory
• Orders and fulfillments
• Customer records (non-PII aggregates unless you explicitly request features requiring PII access)
• Store analytics and reporting

We access only the data necessary to build and operate the app you requested. We do not sell, share, or aggregate your store data for advertising or marketing purposes.

d) Usage and technical data

• Dashboard activity (pages visited, features used, session duration)
• Browser type and operating system
• IP address
• Error logs and performance metrics

3. How We Use Your Data

• Build your app — We use your prompt and store context to plan, write, test, and deploy your custom Shopify app.
• Maintain and update your app — We use your store data and build history to keep your app running and to apply updates when Shopify changes its API.
• Operate the dashboard — We use authentication data to let you log in, view build progress, and manage your projects.
• Send operational notifications — If you configure a Telegram or Discord bot, we send build status messages, alerts, and update approvals through that channel.
• Improve the Service — Anonymised, aggregated usage data helps us understand how Trooix performs and where it can be improved. We do not use your store-specific data for this purpose without your consent.
• Comply with legal obligations — We may process data to meet applicable laws, regulations, and Shopify Partner requirements.

4. AI Processing and Third-Party Providers

Trooix uses large language models (LLMs) to plan, write, and review code for your app. Your prompts and relevant store context (product names, order structure, etc.) may be sent to one or more of the following AI providers:

• Anthropic (Claude) — anthropic.com/privacy
• Google (Gemini) — policies.google.com/privacy
• OpenAI — openai.com/policies/privacy-policy

We use these providers under API agreements that prohibit them from training on your data or sharing it with third parties. Prompts sent to AI providers are the minimum necessary to complete the task — we do not include sensitive customer PII (names, email addresses, phone numbers) unless required by a specific feature you have explicitly requested.

5. Data Sharing and Disclosure

We do not sell your personal data. We share data only in the following circumstances:

• AI providers — as described in Section 4, solely to build and maintain your app.
• Infrastructure providers — cloud hosting, database, and CDN providers that process data on our behalf under data processing agreements (e.g. AWS, Render, Cloudflare).
• Analytics — anonymised event data may be sent to Mixpanel to measure feature usage. No store-specific or personal data is included.
• Legal requirements — we may disclose data if required by law, court order, or to protect the rights and safety of Trooix, its users, or the public.
• Business transfers — in the event of a merger, acquisition, or sale of assets, your data may be transferred to the successor entity, subject to the same privacy protections.

6. Data Retention

We retain your data for as long as your Trooix account is active or as needed to provide the Service. Specifically:

• Shop access tokens — retained until you uninstall Trooix from your Shopify store. On uninstall, we delete your access token from our systems within 48 hours.
• Project and build data — retained for the lifetime of your account plus 90 days after account closure, then permanently deleted.
• Conversation and prompt history — retained for the lifetime of your project to allow Trooix to provide consistent, contextual assistance.
• Usage logs — retained for up to 12 months for security and diagnostic purposes.

You may request earlier deletion of your data at any time by contacting us (see Section 13).

7. Security

We implement technical and organisational measures to protect your data, including:

• Encryption in transit (TLS 1.2+) and at rest (AES-256)
• Access controls limiting data access to authorised personnel only
• Regular security reviews of code and infrastructure
• Shopify access tokens stored as encrypted secrets, never in plaintext logs

No system is completely secure. If you believe your data has been compromised, please contact us immediately at trooix.com@gmail.com.

8. Merchant and User Rights

Depending on your location, you may have the right to:

• Access — request a copy of the personal data we hold about you
• Correction — request that inaccurate data be corrected
• Deletion — request that your data be deleted ("right to be forgotten")
• Portability — request your data in a machine-readable format
• Objection — object to certain types of processing (e.g. analytics)
• Restriction — request that we limit how we process your data

To exercise any of these rights, email us at trooix.com@gmail.com. We will respond within 30 days. We may need to verify your identity before fulfilling a request.

California residents (CCPA): You have the right to know what personal information we collect, the right to delete it, and the right to opt out of its sale. We do not sell personal information.

EEA / UK residents (GDPR): Our lawful basis for processing your data is contract performance (to provide the Service you requested) and legitimate interests (to improve and secure the Service). For any data processing based on consent, you may withdraw consent at any time.

9. Shopify-Specific Data Practices

Trooix is a Shopify app and adheres to the Shopify Partner Program Agreement and Shopify API Terms of Service.

• We use Shopify API data solely to provide the Service to the merchant who granted access.
• We do not use Shopify store data for any purpose beyond building and maintaining your app.
• When you uninstall Trooix from your Shopify store, we receive a mandatory uninstall webhook and delete your OAuth access token within 48 hours.
• We do not share or sell your Shopify store data to any third party for marketing, advertising, or analytics purposes.
• Customer PII (names, emails, addresses) accessed through the Shopify API is used only when required by a feature you have explicitly requested, and is not retained beyond the immediate operation.

10. Cookies and Tracking

The Trooix dashboard (app.trooix.com) uses:

• Session cookies — to keep you logged in during a dashboard session. These are essential and cannot be disabled.
• Authentication cookies — a JWT stored as an HttpOnly, Secure, SameSite=None cookie, required for the Shopify Admin embedded app context.

The marketing site (trooix.com) does not use tracking cookies or advertising pixels.

11. Children's Privacy

Trooix is a business-to-business service intended for Shopify merchants. We do not knowingly collect personal data from children under the age of 16. If you believe a minor has provided us with personal data, please contact us and we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you via the dashboard or email. Your continued use of the Service after a policy update constitutes acceptance of the updated terms.

13. Contact Us

If you have questions, requests, or concerns about this Privacy Policy or how we handle your data, please reach out: