Privacy Policy

Overview

Milly Software ("we", "our", or "us") provides Shopify applications including Milly Chat, an AI-powered shopping assistant, checkout customization and compliance apps, and inventory cost tools. This privacy policy explains how we collect, use, and protect information in connection with our applications and services.

Information We Collect

Milly Chat

• Shop Information: Your Shopify store domain and access token to authenticate API requests and sync your product catalog.
• Product Data: Product titles, descriptions, prices, images, variants, and metafields from your catalog to power AI-driven product search and recommendations.
• Conversation Data: Messages exchanged between your customers and the AI assistant, including search queries and product interactions. Conversations are associated with anonymous visitor IDs — we do not collect customer names, emails, or account information through the chat widget.
• Analytics Data: Widget interactions (opens, closes, clicks), search quality metrics, page URLs where the widget is displayed, device type, and session duration. This data is used to provide the analytics dashboard and improve the service.
• Order Data: Order line items (product titles, SKUs, quantities, prices) synced from Shopify to calculate sales metrics and power best-seller recommendations. We do not store customer names, addresses, or payment details from orders.
• Knowledge Base Content: Store policies, FAQs, and other content you provide for the AI to reference when answering customer questions.
• Configuration Settings: Widget branding, AI instructions, conditional rules, and other customization preferences.

CA Battery Fee

• Shop Information: Your Shopify store domain and access token to authenticate API requests.
• Configuration Settings: Your qualifying product collection, fee product, and applicable-state fee settings.

CA Battery Fee does not collect or store customer personal information, payment details, or analytics data.

Shipping Sorter

• Shop Information: Your Shopify store domain and access token to authenticate API requests.
• Configuration Settings: Your shipping-rate ordering, visibility, renaming, and conditional rules.

Shipping Sorter does not collect or store customer personal information, payment details, or analytics data.

Mattress Recycling Fee

• Shop Information: Your Shopify store domain and access token to authenticate API requests.
• Configuration Settings: Your qualifying product collection, fee products, per-state program toggles, and disclosure message template.
• Order Compliance Data: To verify that the statutory recycling fee was collected on every order — including express checkouts that can bypass checkout customizations — we process each new order's line items and shipping address. The shipping address is read transiently to determine the destination state and is not stored. We retain per order: order number, destination state code (e.g. "CA"), qualifying unit count, expected and collected fee amounts, order source, and order date. We do not store customer names, street addresses, emails, phone numbers, or payment details.

Landed Cost Receiving

• Shop Information: Your Shopify store domain and access token to authenticate API requests.
• Receiving Data: Received inventory transfer shipments from your store — shipment names and dates, and per-line product and variant titles, SKUs, accepted and rejected quantities, item weights, and unit costs at receiving time — to build each receipt in the app.
• Cost Inputs and History: The invoice extras you enter (freight, duty, brokerage, fees), your allocation drafts, and a cost-change ledger recording each item's previous and new cost per item so applies can be reviewed, exported, and undone.

Landed Cost Receiving works only with inventory and receiving data. It does not read orders, customers, or checkout, and does not collect or store any customer personal information.

How We Use Information

We use collected information to:

• Provide AI-powered product search and recommendations
• Generate analytics dashboards and performance metrics for merchants
• Enable conversation replay so merchants can review customer interactions
• Calculate best-seller rankings and product popularity metrics
• Authenticate API requests to your Shopify store
• Provide checkout customization functionality
• Verify statutory recycling fees on orders and tally monthly unit counts for merchant compliance reporting (Mattress Recycling Fee)
• Allocate invoice extras across received inventory and write accurate weighted-average unit costs back to your store (Landed Cost Receiving)
• Maintain and improve our services

Third-Party Services

To provide our services, we use the following third-party processors:

• Anthropic (Claude AI): Conversation messages are sent to Anthropic's API to generate AI responses. Anthropic does not use this data for model training. See Anthropic's Privacy Policy.
• OpenAI: Product data is processed to generate search embeddings (numerical representations for similarity search). OpenAI does not use API data for model training. See OpenAI's Privacy Policy.
• Stripe: Payment processing for subscription billing. We do not store payment card details. See Stripe's Privacy Policy.
• Shopify: Our applications integrate with Shopify's platform and APIs.

Data Storage and Security

Milly Chat data (products, conversations, analytics, orders) is stored in a PostgreSQL database hosted on Supabase with encryption at rest. Checkout app configurations, the Mattress Recycling Fee order compliance ledger, and Landed Cost Receiving receipts and cost history are stored in Google Cloud Firestore. All data transmission uses TLS encryption. Access is restricted to authorized systems only.

Data Sharing

We do not sell, trade, or otherwise transfer your information to third parties beyond the service providers listed above, which process data solely to provide our services.

Data Retention

We retain data while your subscription is active. Upon app uninstallation or account cancellation, all associated data (products, conversations, analytics, configurations) is deleted within 48 hours.

GDPR Compliance

Our applications comply with GDPR requirements. We provide the following data subject rights:

• Right to Access: Merchants can request a copy of their stored data.
• Right to Deletion: Merchants can request deletion of their data.
• Right to Rectification: Merchants can update their data at any time through the dashboard.

End customers (shoppers) can request deletion of their conversation data by contacting the merchant or by emailing us directly.

To exercise these rights, please contact us at [email protected].

Shopify-Specific Disclosures

Our applications are designed to work with Shopify's platform. We receive and handle data in accordance with Shopify's Privacy Policy and API Terms of Service.

Changes to This Policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated "Last updated" date.

Contact Us

If you have questions about this privacy policy or our data practices, please contact us:

• Email: [email protected]
• Website: millysoftware.com