Legal

Privacy Policy

Effective Date: January 1, 2026

1. Who We Are

EditMuse is operated by EditMuse Ltd, a company registered in England and Wales. We provide an AI shopping concierge application for Shopify merchants ("App" or "Service").

Data Controller Contact:
EditMuse Ltd
Email: privacy@editmuse.ai

2. What Information We May Collect

The information we collect depends on how you interact with EditMuse and which features merchants enable in their stores.

2.1 Merchant Account & Installation Data

When merchants install EditMuse from the Shopify App Store, we receive:

  • Shopify store identifier and domain
  • Merchant contact information (name, email) as provided by Shopify
  • Store locale and currency settings
  • Billing information (managed through Shopify's billing system)

2.2 Shop-Level App Data

To provide the Service, we access:

  • Product catalog data (titles, descriptions, attributes, images, prices)
  • Collection and tag information
  • App configuration settings created by the merchant

2.3 Anonymous Session & Activity Data

When shoppers interact with EditMuse on a merchant's store, we collect anonymous session data:

  • Queries and inputs provided during discovery flows
  • Products viewed and recommended
  • Session timing and flow progression
  • Device type and browser information (anonymized)

Important: The core concierge operation does not require or collect shopper personal identity information (such as name, email, or account details). Shoppers can use EditMuse without logging in or providing personal information.

2.4 Optional Analytics & Marketing Integrations

Merchants may enable optional integrations to send anonymous event data to their existing analytics and marketing platforms. When enabled:

  • Anonymous session events (searches, recommendations, clicks) may be transmitted
  • Events carry context identifiers configured by the merchant
  • No additional personal data is collected or shared beyond what the merchant configures

3. How We Use Information

We use collected information to:

  • Provide, maintain, and improve the Service
  • Process product recommendations for shoppers
  • Generate analytics and usage reports for merchants
  • Communicate with merchants about their account and the Service
  • Comply with legal obligations
  • Detect and prevent fraud or abuse

4. How We Share Information

We may share information with:

  • Service Providers: Third-party vendors who assist in operating the Service, including hosting, database storage, application runtime, email delivery, customer support tooling, error and performance monitoring, and AI-based processing. They may process data in the United Kingdom, the United States, and other countries where they operate. These providers are bound by confidentiality obligations. A list of sub-processors is available on request from privacy@editmuse.ai; we may also publish an updated list on our website from time to time.
  • Shopify: Data is processed as part of operating a Shopify app per Shopify's Privacy Policy and platform terms for app operation and billing.
  • AI Inference Provider: Shopper queries and product-related text may be sent to an AI provider (currently OpenAI) for inference to generate product recommendations. This processing is subject to the provider's API data usage policies. See OpenAI's Enterprise Privacy for details on how API data is handled. No shopper personal identity is included in these requests.
  • Merchant-Configured Integrations: When merchants enable integrations, anonymous event data is shared with the configured platforms (e.g. Klaviyo, Google Analytics 4, Meta Pixel).
  • Legal Requirements: When required by law, court order, or to protect our rights and safety.

We do not sell personal information to third parties.

5. Cookies & Similar Technologies

EditMuse may use cookies or local storage to maintain session state during shopper interactions. These are functional in nature and do not track users across websites.

Merchant stores may have their own cookie policies which govern their broader site behavior.

6. Data Retention

How long we keep information depends on the type of data and our need to run the Service, meet legal obligations, and protect against abuse.

Merchant and Store Account Data

We retain merchant account and store-related information for as long as the EditMuse app is installed on the store or we otherwise have an ongoing relationship with the merchant, and for a period afterwards where we have a legitimate need (for example billing queries, dispute handling, security, and legal requirements). Uninstalling the app does not automatically delete all information we hold in connection with that store; some records may be retained where needed to operate legitimate business functions (for example preventing abuse or preserving billing-related context). Merchants may contact us to request deletion as described in Your Privacy Rights below, subject to legal and legitimate retention needs.

Shopper Session and Usage Data

Where we process session or activity data in connection with the concierge (typically without shopper login), we retain it for as long as needed to provide analytics and improve the Service, unless a shorter retention period applies following a valid deletion request or merchant uninstall handling where we delete or anonymise such data as part of an agreed process. We do not commit to a single fixed number of days for all session records on this page; if we publish specific schedules (for example automated deletion after a stated period), we will update this policy accordingly.

Product and Catalogue-Related Data

Product information is accessed from Shopify to operate recommendations. We may cache or store limited catalogue-related material to make the Service efficient and accurate. Such information may be refreshed while the app is used and is not necessarily deleted in full immediately when the app is uninstalled. Merchants may contact us about deletion requests as described below.

Logs and Diagnostics

Our hosting and reliability providers may retain application logs for a limited period (for example, up to seven days on our current hosting plan). Our error monitoring provider retains diagnostic events for a limited period (typically on the order of 30 days under our current plan). These periods may change if we change providers or plans.

Email and Support

If you email us or use support tools, messages may be retained according to the retention practices of our email and support providers and for as long as we need to handle your request.

7. Security

We implement industry-standard security measures to protect data, including:

  • Encryption in transit (TLS) and at rest
  • Access controls and authentication
  • Regular security assessments
  • Secure development practices

While we strive to protect your information, no system is completely secure. We cannot guarantee absolute security.

8. Your Privacy Rights

Depending on your location, you may have rights regarding your personal data, including:

  • Access to your data
  • Correction of inaccurate data
  • Deletion of your data
  • Data portability
  • Objection to processing
  • Withdrawal of consent

For Merchants: Contact us at privacy@editmuse.ai to exercise your rights.

For Shoppers: Since we do not collect personal identity information through normal concierge operation, most privacy requests should be directed to the merchant whose store you visited. If you believe we have data about you, contact us at privacy@editmuse.ai.

9. International Data Transfers

EditMuse is based in the United Kingdom. Data may be transferred to, stored, and processed in the United States and other countries where our service providers operate. This includes infrastructure hosting, AI inference processing, and error monitoring services.

Where personal data is transferred outside the UK, we implement appropriate safeguards required by applicable law, including standard contractual clauses and the UK International Data Transfer Agreement (UK IDTA) or addendum as appropriate.

10. Children's Privacy

EditMuse is not directed at children under the age of 16. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify merchants of material changes via email or in-app notification. The "Effective Date" at the top indicates when this policy was last revised.

12. Contact Us

For privacy-related questions, requests, or concerns:

Email: privacy@editmuse.ai
Or use our contact form.