Privacy Policy for Fluxley

Last Updated: October 23, 2025

Introduction

Fluxley ("we", "our", or "us") is a Shopify app that provides AI-powered price negotiation capabilities for online stores. This Privacy Policy explains how we collect, use, store, and protect information when you use our application.

We are committed to protecting your privacy and handling your data responsibly. This policy applies to merchants who install Fluxley and their customers who interact with our negotiation widget.

Information We Collect

1. Merchant Information

When you install Fluxley, we collect and store:

  • Shop Information: Your Shopify shop domain, shop owner name, email address, and user ID
  • Authentication Data: OAuth access tokens required to interact with your Shopify store
  • Account Details: First name, last name, account ownership status, locale preferences, email verification status
  • App Configuration: Your minimum and maximum discount percentage settings, product-specific negotiation settings
  • Subscription Data: Subscription status, billing information, commission rate (2.9% promotional or 4% standard), monthly usage charges, and billing period details

2. Customer Information

When your customers use the Fluxley negotiation widget:

  • Conversation Data: Messages exchanged during price negotiations (not stored by us - see "AI Processing" below)
  • Product Interaction: Product IDs, titles, and prices that customers negotiate on
  • Order Information: When a customer completes a purchase using a Fluxley discount code, we collect:
    • Order ID and order name
    • Customer email address (from the order)
    • Total order amount
    • Discount amount applied
    • Generated discount code used
  • Negotiation Outcomes: Whether negotiations resulted in a sale, discount percentages offered

3. Technical Information

  • Session Data: Server-side session management for merchant authentication
  • Webhook Data: Order creation events, app subscription updates, app uninstallation events

How We Use Your Information

Merchant Data

We use merchant information to:

  • Authenticate and authorize access to your Shopify store
  • Configure negotiation parameters (min/max discount percentages)
  • Process billing and calculate usage-based charges (commission on sales)
  • Display dashboard analytics showing negotiation performance
  • Provide customer support

Customer Data

We use customer information to:

  • Facilitate AI-powered price negotiations
  • Generate time-limited discount codes (24-hour expiration)
  • Track negotiation outcomes and conversion rates
  • Calculate commission charges for completed sales
  • Provide merchants with sales analytics

AI Processing

Customer conversation messages are sent to Anthropic's Claude AI API for processing price negotiations. Important notes:

  • Conversations are not stored by Fluxley or Anthropic
  • Each negotiation session sends the full conversation history to Claude for context
  • Messages are processed in real-time and are stateless
  • Anthropic uses prompt caching for system instructions (ephemeral cache only)
  • No conversation data is retained after the negotiation session ends

Data Storage and Security

Where We Store Data

  1. Application Database (PostgreSQL in production, SQLite in development):
    • Merchant session tokens and authentication data
    • Subscription status and billing information
    • Commission rates and usage charges
  2. Shopify Metafields (stored within your Shopify store):
    • Sales records (up to 100 most recent sales)
    • Negotiation attempt records (up to 100 most recent)
    • Product-specific discount configuration
    • All metafield data is stored under the namespace "fluxley"
  3. Third-Party Services:
    • Anthropic Claude API: Processes conversations in real-time (not stored)
    • Shopify APIs: All Shopify data accessed via official Admin API

Storage Limits

  • Maximum 100 sales records stored per shop
  • Maximum 100 negotiation records stored per shop
  • Discount codes expire after 24 hours
  • Metafield data is limited to 64KB per field

Security Measures

  • OAuth 2.0 authentication with Shopify
  • Secure access token storage in encrypted database
  • Cryptographically secure discount code generation
  • Webhook request validation using Shopify signatures
  • Idempotency keys to prevent duplicate billing charges
  • Input validation and sanitization on all API endpoints

Data Sharing and Third Parties

We share data with the following third parties:

Anthropic (Claude AI)

  • Purpose: AI-powered price negotiation
  • Data Shared: Customer messages, product title and price, discount range limits, conversation history
  • Storage: Not stored - conversations are stateless
  • Privacy Policy: https://www.anthropic.com/privacy

Shopify

  • Purpose: App platform, billing, and merchant store integration
  • Data Shared: Usage charges, discount codes created, order webhooks
  • Privacy Policy: https://www.shopify.com/legal/privacy

We do not share your data with:

  • Analytics platforms
  • Advertising networks
  • Marketing services
  • Any other third parties not listed above

Data Retention

Automatic Deletion

  • Conversation History: Not stored (processed in real-time only)
  • Discount Codes: Expire after 24 hours
  • Session Data: Deleted when you uninstall the app

Indefinite Retention (Until App Uninstall)

  • Sales records (capped at 100 most recent)
  • Negotiation attempt records (capped at 100 most recent)
  • Subscription and billing information
  • Product configuration settings

App Uninstallation

When you uninstall Fluxley:

  • All session tokens are immediately deleted from our database
  • Subscription records are marked as inactive
  • Metafield data remains in your Shopify store (under your control)
  • You can manually delete metafields through Shopify admin if desired

Your Data Rights

As a Merchant

You have the right to:

  • Access: View all data we store about your shop through the Fluxley dashboard
  • Correct: Update your discount settings and configuration at any time
  • Delete: Uninstall the app to remove all session and authentication data
  • Export: Access sales and negotiation data through your Shopify metafields
  • Opt-Out: Stop data collection by uninstalling the app or disabling negotiation on specific products

As a Customer

Customers have the right to:

  • Access: Request what personal data was collected during negotiations
  • Delete: Request deletion of negotiation records and email addresses
  • Opt-Out: Choose not to use the negotiation feature

Customer data requests should be directed to the merchant, who can then contact us for assistance.

Compliance with Privacy Laws

GDPR (European Union)

For merchants and customers in the EU:

  • We process data based on legitimate business interests and contractual necessity
  • You have the right to data portability, erasure, and restriction of processing
  • We comply with mandatory GDPR webhooks for data deletion requests
  • International data transfers to Anthropic (US-based) are subject to standard contractual clauses

CCPA (California)

For California residents:

  • We do not sell personal information
  • You have the right to know what personal information is collected
  • You have the right to request deletion of personal information
  • You have the right to opt-out of the sale of personal information (we do not sell data)

Shopify Mandatory Compliance Webhooks

We subscribe to Shopify's mandatory compliance webhooks:

  • customers/data_request: We will provide customer data within 30 days
  • customers/redact: We will delete customer data within 30 days
  • shop/redact: We will delete all shop data within 48 hours of uninstallation

Note: Currently, Fluxley stores minimal customer data (email addresses from completed orders). Most customer interaction data (conversations) is not stored.

Cookies and Tracking

Fluxley does not use cookies or tracking technologies.

  • No browser cookies are set
  • No localStorage or sessionStorage is used
  • No third-party analytics or tracking scripts
  • All session management is server-side

Children's Privacy

Fluxley is not intended for use by individuals under the age of 13 (or 16 in the EU). We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a child, please contact us immediately.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make changes:

  • The "Last Updated" date at the top will be revised
  • Merchants will be notified of material changes via email
  • Continued use of Fluxley after changes constitutes acceptance

We encourage you to review this policy periodically.

Data Breach Notification

In the event of a data breach that affects your information:

  • We will notify affected merchants within 72 hours
  • Notification will include the nature of the breach, data affected, and remediation steps
  • We will comply with all applicable breach notification laws

Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us:

Email: [email protected]
Mailing Address: 6545 Market Avenue N., Suite 100, North Canton, Ohio 44721

For data deletion requests or privacy-related inquiries, please include:

  • Your Shopify shop domain
  • Detailed description of your request
  • Any relevant order numbers or dates

We will respond to all requests within 30 days.

Shopify App Store Listing

This privacy policy is provided in compliance with Shopify's App Store requirements. For questions about Shopify's handling of your data, please see Shopify's privacy policy at https://www.shopify.com/legal/privacy.

By installing and using Fluxley, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.