Data Privacy and GDPR
Last updated: June 2026
Ask AI Data Connector acts as a data processor on behalf of merchants who use our service. This page explains how we handle data, where it is stored, and what rights apply.
What data does Ask AI process?
When you connect your Shopify store, we synchronise the following data to power your analytics:
- Order data — order IDs, revenue, line items, financial and fulfilment status
- Customer data — names, email addresses, billing and shipping countries, order history
- Product data — titles, SKUs, inventory levels, prices
- Traffic data — session counts, pageviews, conversion events (from Shopify TrafficStat and, if connected, Google Analytics)
- Third-party source data — metrics from any additional sources you connect (Google Ads, Klaviyo, Gorgias, Triple Whale, etc.)
We do not process payment card data. Payment processing is handled entirely by Shopify and your payment provider.
Where is data stored and processed?
Your synchronised data is stored on servers located in London, United Kingdom. The UK has received an EU adequacy decision, meaning this is treated as equivalent to processing within the European Economic Area for GDPR purposes.
AI query processing
When you ask a question in the AI assistant, the relevant business metrics for that query are sent to Anthropic (United States) for processing by their Claude AI model. Anthropic operates under Standard Contractual Clauses for EU/EEA data transfers. The data sent to Anthropic consists of aggregated business metrics. Raw customer PII (individual names, email addresses) is not included in AI queries.
Sub-processors
We use the following sub-processors to deliver our service:
| Sub-processor | Purpose | Location |
|---|---|---|
| Fly.io | Application hosting and database storage | London, UK |
| Anthropic | AI query processing | United States (SCCs in place) |
| Resend | Transactional email (reports, notifications) | United States (SCCs in place) |
| Google LLC | Analytics and Search Console data retrieval | United States (SCCs in place) |
We will notify customers of any material changes to our sub-processors with reasonable advance notice.
Legal basis for processing
We process data under Article 6(1)(b) GDPR — processing is necessary for the performance of the contract between you (the merchant) and Ask AI. When you connect your store and data sources, you instruct us to retrieve and process that data to provide the analytics service.
Data retention
We retain your synchronised data for as long as your account is active. When you close your account, all data associated with your account is permanently deleted within 30 days of closure.
If you require earlier deletion, contact us at privacy@ask-ai-data-connector.co.uk and we will action it within 7 days.
Deleting your data
You can request deletion of all data associated with your account at any time by emailing privacy@ask-ai-data-connector.co.uk. We will confirm deletion within 30 days.
Individual customer records can also be deleted on request in accordance with your obligations as a data controller. Contact us with the specific customer identifier and we will remove their data from our systems.
Security
- All data in transit is encrypted using TLS 1.2 or higher
- All data at rest is encrypted at the storage level
- Access to production data is restricted to authorised personnel only
Data breaches
In the event of a data breach affecting your data, we will notify you without undue delay and within 72 hours of becoming aware of the breach, in line with Article 33 GDPR. Our notification will include the nature of the breach, the categories of data affected, likely consequences, and the measures we are taking.
Contact
For data privacy questions, subject access requests, or deletion requests:
Email: privacy@ask-ai-data-connector.co.uk
Data Controller (for your customers’ data): You, the merchant
Data Processor: Ask AI Data Connector