After Hours Privacy Policy

Last updated: 02/12/2025

This Privacy Policy explains how After Hours (“we”, “us”, “our”) collects, uses, and protects personal information when merchants install the app and when customers interact with the AI assistant on a Shopify storefront.

We are committed to complying with the UK GDPR, EU GDPR, and other applicable data protection laws. By installing After Hours or interacting with the AI assistant, you agree to the terms of this Privacy Policy.

1. Information We Collect

1.1 Merchant Information

When a Shopify merchant installs After Hours, we receive and store:

  • Store name and store URL
  • Shopify email address and contact details
  • API access scopes and authentication tokens
  • Store settings, policies, FAQs, and published content
  • Product, collection, inventory, and order information (read-only unless otherwise authorized)

We only request the minimum scopes required for the app to function.

1.2 Customer Information

When a customer interacts with the AI assistant on a merchant’s storefront, we may process:

  • Chat messages and questions asked
  • Product and page views related to the conversation
  • Cart details (add/update requests)
  • Order lookup requests (such as email and order number)
  • Metadata such as browser type, device type, and approximate location (country-level)

We do not require or intentionally store sensitive personal data unless the customer voluntarily provides it.

1.3 Automatically Collected Information

Our servers may log:

  • IP address (anonymised or truncated where required)
  • Time of access
  • Browser and user agent details
  • Error logs and diagnostic information

This information is used strictly for security, analytics, and improving service reliability.

2. How We Use Information

We use the information we collect to:

  • Provide automated AI responses to customer questions
  • Help customers find FAQs, policies, and product information
  • Assist customers with cart updates and add-to-cart actions
  • Support merchants with insights and service improvement
  • Authenticate the app and maintain secure connections to Shopify
  • Diagnose performance issues and prevent abuse
  • Train and improve our models where permitted (see Section 5)

We never sell personal data.

3. How After Hours Works With AI

After Hours uses AI models to generate responses based on:

  • Store content (FAQs, policies, product data)
  • Customer questions
  • Historical conversations (if the merchant opts in)

3.1 AI Safety & Privacy Measures

  • Customer data is processed only to generate responses.
  • We apply automated filters to reduce personal information during processing where possible.
  • AI outputs are logged for debugging only when needed and are not used to personally identify individuals.
  • Merchants may request deletion of chat logs at any time.

4. Sharing Information With Third Parties

4.1 Shopify

To perform app functions, Shopify may receive standard operational data in accordance with Shopify’s own privacy policy.

4.2 AI Model Providers

To generate AI responses, anonymised or partial conversation data may be sent to trusted AI compute providers such as:

  • OpenAI
  • Anthropic
  • Google Cloud AI
  • AWS or similar hosting providers

We do not send full order data, payment data, or sensitive customer information to AI providers.

4.3 Service Providers

Third-party service providers may assist us with hosting, logging, analytics, and security. All providers are contractually required to protect personal data and use it only for the services they provide to us.

5. Data Retention

  • Chat logs: retained for up to 30 days, unless the merchant disables logging or requests earlier deletion.
  • Merchant store data: retained while the app is installed and deleted within 30 days of uninstallation.
  • Diagnostic logs: retained for up to 90 days for security and troubleshooting.

We do not keep personal data longer than necessary for the purposes described in this policy.

6. Data Security

We use industry-standard safeguards to protect your data, including:

  • HTTPS encryption for data in transit
  • Encrypted tokens and API keys
  • Access control and permission restrictions
  • Regular monitoring and security reviews

No method of transmission or storage is completely secure, but we take all reasonable steps to protect personal information.

7. Children’s Privacy

After Hours is not intended for children under the age of 13. We do not knowingly collect information from children. If you believe a child has provided us with personal information, please contact us so we can delete it.

8. Your Rights (GDPR & UK GDPR)

Depending on your location, you may have the right to:

  • Access the personal data we hold about you
  • Request correction or deletion of your personal data
  • Object to or restrict certain types of processing
  • Withdraw consent where processing is based on consent
  • Request a copy of your data in a portable format

For merchant data, please contact us using the details in Section 12. For customer data, please contact the Shopify store owner (the data controller) first, as we process customer data on their behalf.

9. Merchant Responsibilities

Merchants installing After Hours agree to:

  • Inform their customers that an AI assistant is being used on the storefront where required
  • Ensure their own privacy policy reflects the use of After Hours as a processor
  • Ensure they have a lawful basis to process customer data and to share relevant data with After Hours for the purposes described in this policy

10. International Data Transfers

Data may be processed in the UK, EU, US, or other countries where our infrastructure or sub-processors operate. Where required, we rely on:

  • Standard Contractual Clauses (SCCs)
  • The UK Addendum to the SCCs
  • Applicable adequacy decisions or similar mechanisms

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect product changes, legal requirements, or operational needs. Updates will be posted on this page with a revised “Last updated” date. Continued use of After Hours after any changes constitutes acceptance of the updated policy.

12. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact:

On The Road Apps Ltd
Email: info@ontheroaduk.co.uk
Website: https://ontheroaduk.co.uk