Alcemi ← Back to home

Privacy Policy

Last updated: 27 June 2026

This Privacy Policy explains how Alcemi ("Alcemi", "we", "us", or "our") collects, uses, shares, and protects personal data when you visit alcemi.ai, install or use our AI shopping agent for Shopify, or otherwise interact with our services (together, the "Services").

By using the Services you agree to the practices described here. If you do not agree, please do not use the Services.

1. Who we are

Alcemi provides an AI-powered shopping agent that merchants install on their Shopify stores to power product discovery, personalized consultations, and automated customer support. Alcemi is established in the European Union, and we store and process personal data primarily within the European Economic Area (EEA).

For the purposes of data protection law, Alcemi acts as a data controller for personal data collected through our marketing website and our direct relationships with merchants, and as a data processor for the merchant and shopper personal data we process on behalf of merchants who use our app, under their instructions and our data processing agreement with them.

2. Information we collect

2.1 Information we collect through Shopify's APIs

When a merchant installs the Alcemi app, we access store and customer data through Shopify's APIs, only with the merchant's authorization and only to the extent needed to provide the app. This includes:

This data is treated as Shopify protected customer data. We apply data minimization, request only the data fields required for the app's functionality, and handle it in line with Shopify's protected customer data requirements.

2.2 Information we collect directly from merchants

2.3 Information we collect from shoppers

We process shopper data on behalf of, and under the instructions of, the merchant operating the store. Shoppers should also review the merchant's own privacy policy.

2.4 Information we collect on our marketing website

3. How we use information

We do not sell personal data, and we do not use protected customer data for purposes beyond providing and improving the app's functionality to the merchant.

4. How AI is used

The agent generates responses using third-party large language models provided by Google (Gemini), acting as our sub-processor. Conversation content and the context needed to generate a response are sent to this provider solely to produce the agent's output. We do not permit our AI sub-processor to use this data to train its general-purpose models.

5. Legal bases for processing

Under the GDPR we rely on: performance of a contract (to deliver the Services to merchants), legitimate interests (to operate, secure, and improve the Services), consent (for certain cookies and marketing), and legal obligation (to meet regulatory requirements). Where we act as a processor for a merchant, the merchant is responsible for the legal basis for the underlying processing.

6. Cookies and analytics

On our marketing website we use cookies and similar technologies to run the site, remember preferences, and understand usage. We use Google Analytics to measure website traffic and engagement, which involves collection of usage and device data by Google. You can control cookies through your browser settings and, where shown, our consent controls. Disabling some cookies may affect functionality.

7. How we share information & sub-processors

We do not sell personal data. We share it only as follows:

All sub-processors are bound by confidentiality and data-processing terms.

8. Data subject requests and Shopify compliance webhooks

We honour data subject requests (such as access, correction, and deletion) for all individuals, regardless of location. As an app distributed through the Shopify App Store, we implement Shopify's mandatory compliance webhooks:

9. International data transfers

We store and process personal data primarily within the EEA. Where a sub-processor processes data outside the EEA, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses or an adequacy decision.

10. Data retention

We retain merchant and shopper personal data for as long as the merchant uses the app. Following uninstall, store personal data is deleted in response to Shopify's shop/redact webhook (received 48 hours after uninstall), and individual customer data is deleted on receipt of a customers/redact request. We retain account, billing, and website data only as long as needed for the purposes described here or to meet legal obligations, after which we delete or anonymize it.

11. Data security

We use technical and organizational measures designed to protect personal data against unauthorized access, loss, or misuse, including encryption in transit and access controls. No method of transmission or storage is fully secure, so we cannot guarantee absolute security.

12. Your rights

Depending on where you live, you may have the right to access, correct, delete, or port your personal data; to object to or restrict certain processing; and to withdraw consent. Residents of the EEA/UK (GDPR) and California (CCPA/CPRA), among others, have specific rights, including the right to lodge a complaint with a supervisory authority. To exercise any right, contact us using the details below; where we process data on a merchant's behalf, we will direct your request to that merchant. We respond as required by applicable law.

13. Children's privacy

The Services are not directed to children under 16, and we do not knowingly collect their personal data. If you believe a child has provided us data, contact us and we will delete it.

14. Third-party links

Our Services may link to third-party websites and tools that we do not control. Their privacy practices are governed by their own policies.

15. Changes to this policy

We may update this Privacy Policy from time to time. We will post the revised version here and update the "Last updated" date. Material changes may be communicated through the Services.

16. Contact us

For questions about this policy or your personal data, or to exercise your rights, contact us:

ControllerDžiugas Balčiūnas, conducting individual activity (individuali veikla) No. 1091771, Lithuania, trading as “Alcemi”
Emailhello@alcemi.ai
Websitealcemi.ai