Privacy Policy
Effective date: April 11, 2026
Tolvren ("we," "us," or "our") operates the Tolvren platform at app.tolvren.com and related services, including our Shopify app, browser extensions, chat widget, attribution pixel, and AI agents (collectively, the "Service"). This Privacy Policy explains what personal data we collect, how we use it, who we share it with, and your rights regarding that data.
By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.
1. Information We Collect
1.1 Account Information
When you create an account, we collect:
- Name, email address, and organization name (via Clerk, our authentication provider).
- Billing information (processed by our payment provider; we do not store full credit card numbers).
- Team member invitations and role assignments within your organization.
1.2 Shopify Store Data
When you connect your Shopify store, we access and store:
- Order data — order numbers, amounts, line items, financial status, fulfillment status, timestamps, discount codes, and refund records.
- Customer data — customer name, email address, phone number, and shipping/billing addresses as attached to orders.
- Product data — product titles, descriptions, images, prices, variants, and inventory levels.
- Tracking data — shipment tracking numbers, carrier names, and tracking URLs.
We do not access or store credit card numbers, payment methods, or any financial account credentials. All payment processing is handled by Shopify.
1.3 Meta (Facebook/Instagram) Ads Data
When you connect your Meta Ads account, we access:
- Campaign, ad set, and ad performance metrics (impressions, clicks, spend, conversions, ROAS).
- Ad creative media (images, videos, and carousel assets) for AI analysis.
- Ad copy, headlines, and call-to-action text.
- Audience targeting metadata (interests, demographics, custom audiences) at the ad set level.
We do not access your personal Facebook profile, Messenger conversations, or social graph.
1.4 Google Ads Data
When you connect your Google Ads account, we access:
- Campaign and ad group performance metrics (impressions, clicks, spend, conversions).
- Search keyword performance data.
- Ad creative text and display assets.
1.5 TikTok Ads Data
When you connect your TikTok Ads account, we access:
- Campaign and ad group performance metrics.
- Video ad creative assets for analysis.
- Audience and placement data at the ad group level.
1.6 Review Data
When you enable review intelligence, we collect product reviews from platforms you connect or authorize, including:
- Review text, star ratings, reviewer display names, and dates.
- Review photos and media attachments.
- Review source platform (e.g., Judge.me, Yotpo, Trustpilot, Google Reviews).
1.7 Website Visitor Data (Tolvren Signal Pixel)
If you install the Tolvren Signal attribution pixel on your storefront, we collect from your website visitors:
- Page views, product views, add-to-cart events, checkout events, and purchases.
- A persistent visitor identifier stored in a first-party cookie (
_tolvren_vid, 1-year expiry). - A session identifier (
_tolvren_sid, per-session). - UTM parameters, referrer URL, and platform click identifiers (e.g.,
fbclid,gclid,ttclid). - Device type, screen size, timezone, user agent, and IP address.
- Consent signals (Google Consent Mode v2, Global Privacy Control).
We honor the Global Privacy Control (GPC) signal. When detected, we suppress non-essential tracking.
1.8 Support Interaction Data
When your customers contact support through Tolvren-powered channels (email, live chat widget, or phone):
- Email address, name, and message content are stored to manage support tickets.
- Phone calls are transcribed and stored for AI-assisted responses.
- Live chat conversations are stored for context continuity and quality assurance.
- Customer order history and return records are accessed to provide relevant support.
1.9 Competitive Intelligence Data
We collect publicly available information about competitor brands you identify, including:
- Ad creatives from the Meta Ad Library (public data).
- Public landing page content and offers.
- Public product reviews and ratings.
2. How We Use Your Information
- AI-Powered Creative Analysis — Ad creatives, performance data, and review content are analyzed by AI models to identify patterns, detect creative fatigue, and generate actionable insights.
- Concept Generation — Brand knowledge, product data, and creative performance patterns are used to generate new ad concepts and copy.
- Customer Support Automation — Customer profiles (name, email, order history, returns) are provided to AI models to generate draft support responses. Only data relevant to the specific ticket is included.
- Marketing Attribution — Pixel events and click identifiers are used to attribute conversions to marketing campaigns, ad creatives, and channels using multiple attribution models (first-touch, last-touch, linear, Markov chain, Shapley value).
- Paid Media Management — Campaign performance data is analyzed to generate budget recommendations, audience suggestions, and creative rotation strategies.
- Review Intelligence — Product reviews are analyzed by AI to identify sentiment trends, product quality issues, and customer satisfaction patterns.
- Vector Embeddings — Creative assets, brand knowledge, and SOPs are converted into vector embeddings for semantic search and pattern matching. These embeddings are numerical representations and cannot be reverse-engineered into the original content.
- Email Delivery — Customer email addresses and response content are sent to our email provider to deliver support replies on your behalf.
- Analytics and Reporting — Order, product, and performance data are aggregated for dashboards, segmentation, and cross-agent intelligence.
- Platform Improvement — We use anonymized, aggregated usage patterns to improve our AI models and platform features. We do not use your data to train third-party AI models.
3. Data Sharing and Third Parties
We share data with the following service providers to operate the platform. We do not sell personal data to any third party.
| Service | Data Shared | Purpose |
|---|---|---|
| Anthropic (Claude) | Customer profiles, order context, support messages, creative text, review content | AI-generated support drafts, creative analysis, review intelligence |
| OpenAI | Creative text, review content, brand knowledge | Embeddings, intent classification, pattern extraction |
| Clerk | Email, name, organization | Authentication and user management |
| SendGrid | Customer email, response text | Email delivery for support replies |
| Backblaze B2 | Creative assets, review photos, ad media | Secure cloud storage |
| Shopify | Order updates, fulfillment data | Store integration and webhook processing |
| Meta Platforms | Pixel events, conversion data | Conversions API (CAPI) and advertising attribution |
| Campaign metrics (via API) | Ads performance sync | |
| TikTok | Campaign metrics (via API) | Ads performance sync |
| Shippo | Tracking numbers, carrier names | Shipment status tracking |
| Retell.ai | Phone call audio/transcripts | Voice AI support |
| Hetzner Cloud | All platform data (hosting) | Infrastructure hosting (EU and US data centers) |
3.1 AI Data Processing
When we send data to AI providers (Anthropic and OpenAI), we use their API services. Per their data usage policies, data sent via API is not used to train their models. We send only the minimum data necessary for each specific task.
3.2 Legal Requirements
We may disclose personal data if required to do so by law, or in the good-faith belief that such action is necessary to comply with legal obligations, protect our rights or safety, or investigate fraud.
4. Data Retention
- Account data is retained while your account is active and for 30 days after cancellation.
- Order and customer data is retained while your Shopify connection is active. Upon disconnection, we stop syncing new data. Historical data is retained until you request deletion.
- Support tickets and conversations are retained as business records while your account is active.
- Pixel tracking events are retained for attribution and analytics purposes while the pixel is active.
- Ad creative media is retained while the connected ad account is active.
- Vector embeddings are retained while the source data exists and deleted when the underlying content is removed.
- AI-generated content (analyses, concepts, drafts) is retained while your account is active.
After account deletion, all organization data is permanently removed within 30 days, except where retention is required by law (e.g., financial records).
5. Data Security
We implement industry-standard security measures to protect your data:
- Encryption in transit — All data transmitted between your browser, our servers, and third-party services uses TLS 1.2 or higher.
- Encryption at rest — Database storage is encrypted. API tokens and credentials are encrypted using Fernet symmetric encryption.
- Tenant isolation — PostgreSQL Row-Level Security (RLS) ensures complete data isolation between organizations. No organization can access another's data, even in the event of an application-level bug.
- Webhook verification — All incoming webhooks from Shopify and other platforms are verified using HMAC-SHA256 signatures.
- Role-based access control — Team members have role-based permissions within their organization.
- Infrastructure security — Servers are hosted on private networks with firewall rules restricting access. Database servers are not exposed to the public internet.
- Minimal privilege — Application database connections use restricted roles with row-level security enforcement. Administrative access requires separate credentials.
6. Your Rights
6.1 Rights Under GDPR (European Economic Area)
If you are located in the EEA, you have the following rights under the General Data Protection Regulation:
- Right of access — Request a copy of the personal data we hold about you.
- Right to rectification — Request correction of inaccurate or incomplete data.
- Right to erasure — Request deletion of your personal data ("right to be forgotten").
- Right to restrict processing — Request that we limit how we use your data.
- Right to data portability — Receive your data in a structured, machine-readable format.
- Right to object — Object to processing based on legitimate interests or direct marketing.
- Right to withdraw consent — Where processing is based on consent, withdraw it at any time.
Our legal basis for processing personal data is: (a) performance of the contract (providing the Service), (b) legitimate interests (improving the Service, preventing fraud), and (c) consent (where specifically obtained, e.g., marketing communications).
6.2 Rights Under CCPA (California)
If you are a California resident, you have the following rights under the California Consumer Privacy Act:
- Right to know — Request disclosure of the categories and specific pieces of personal information we collect.
- Right to delete — Request deletion of personal information we have collected.
- Right to non-discrimination — We will not discriminate against you for exercising your rights.
- Right to opt out of sale — We do not sell personal information. No opt-out is necessary.
6.3 Exercising Your Rights
To exercise any of these rights, contact us at privacy@tolvren.com. We will respond within 30 days (or sooner where required by law). We may need to verify your identity before processing your request.
7. Shopify-Specific Provisions
7.1 Shopify App Permissions
Our Shopify app requests only the permissions necessary to provide the Service. You can review and revoke these permissions at any time from your Shopify admin under Apps > App permissions.
7.2 GDPR Webhooks
We implement all mandatory Shopify GDPR webhooks:
- customers/data_request — When a customer requests their data, we compile and return all personal data we hold for that customer.
- customers/redact — When a customer requests deletion, we remove their personal data (name, email, phone, addresses) from all stored records. Order shells (amounts, dates, line items) are retained as required for financial compliance.
- shop/redact — When you uninstall our app, we delete all store data within 48 hours of receiving the webhook. This includes orders, customers, products, support tickets, creative analyses, and all associated data.
7.3 App Uninstall
When you uninstall the Tolvren Shopify app:
- All OAuth tokens are immediately revoked and deleted.
- Data syncing stops immediately.
- All store data is queued for deletion and removed within 48 hours.
- Vector embeddings associated with your store are deleted.
- You may request immediate deletion by contacting privacy@tolvren.com.
8. Cookie and Pixel Policy
8.1 Cookies on app.tolvren.com
The Tolvren dashboard uses cookies set by our authentication provider (Clerk) for session management. These are strictly necessary for the Service to function.
8.2 Tolvren Signal Attribution Pixel
If you install the Tolvren Signal pixel on your storefront, the following first-party cookies are set on your store's domain:
| Cookie | Purpose | Duration |
|---|---|---|
_tolvren_vid | Persistent visitor identification for attribution | 1 year |
_tolvren_sid | Session identification | Session |
_tolvren_attr | Cached attribution parameters (UTM, click IDs) | 30 days |
8.3 Third-Party Cookies Read
The pixel reads (but does not set) third-party cookies for attribution correlation:
_fbc,_fbp— Meta click and browser identifiers._shopify_y— Shopify persistent visitor identifier.
8.4 Chat Widget
The Tolvren chat widget embedded on your storefront uses a Shadow DOM container and does not set any cookies. Session state is maintained in-memory for the duration of the chat session.
8.5 Consent and Opt-Out
The Tolvren Signal pixel respects Google Consent Mode v2. If your store uses a consent management platform, the pixel will honor denied consent by suppressing tracking cookies and limiting data collection to aggregated, non-identifying signals.
The pixel also respects the Global Privacy Control (GPC) browser signal. When GPC is detected, non-essential tracking is suppressed.
9. Children's Privacy
Tolvren is a business-to-business platform designed for use by e-commerce merchants and their teams. We do not knowingly collect personal data from children under the age of 16. If you believe a child has provided us with personal data, please contact us at privacy@tolvren.com and we will promptly delete it.
10. International Data Transfers
Your data may be processed in data centers located in the European Union and the United States. Where data is transferred outside your jurisdiction, we rely on appropriate safeguards, including standard contractual clauses and our service providers' compliance certifications, to ensure adequate protection.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the platform. The "Effective date" at the top of this page indicates when the policy was last revised. Continued use of the Service after changes constitutes acceptance of the updated policy.
12. Contact Information
For privacy-related questions, data requests, or complaints:
- Email: privacy@tolvren.com
- General support: support@tolvren.com
- Website: app.tolvren.com
If you are in the EEA and believe we have not adequately addressed your data protection concerns, you have the right to lodge a complaint with your local data protection supervisory authority.