Aevo AI Predictor — Shopify DTC Intelligence Engine
We primarily process order- and product-level data for AI predictive analytics. We follow a PII-minimization approach: core workflows do not rely on personal profile fields such as customer name or phone, and Shopify customer identifiers are used only when necessary for deduplication/cohorting. We never sell, rent, or share your data with third parties for marketing.
All data is stored in encrypted PostgreSQL databases hosted on Fly.io's secure infrastructure. Shopify access tokens are encrypted at rest using AES-256-GCM. AI inference services run on isolated Google Cloud Run containers with OIDC-authenticated service-to-service communication. All data in transit is encrypted via TLS 1.3.
Your order data undergoes feature engineering and is used to train proprietary machine learning models (XGBoost, LightGBM, Ridge). These models are used solely for generating predictions — customer lifetime value (LTV), churn probability, fraud risk scores, conversion rate analysis, and demand forecasting. Models are trained per-shop and are never shared across tenants. Raw customer email, phone, and fine-grained address fields are stripped before order feature snapshots are stored for model use. AI-powered insights are generated on-demand only, subject to monthly usage limits based on your plan.
Data retention varies by plan: Free — 30 days, Starter ($49/mo) — 90 days, Pro ($149/mo) — 365 days, Enterprise ($299/mo) — 730 days. Automated cleanup jobs enforce these windows across retained orders, orphan customer linkage rows, analytics buckets, and model artifacts. When you uninstall the app, associated data is deleted through the GDPR shop/redact flow, including model artifacts linked to your shop.
You may request deletion of all data related to your shop at any time. We support the following Shopify GDPR mandatory webhooks: (1) customers/data_request — export customer data, (2) customers/redact — delete specific customer records, (3) shop/redact — delete all shop data upon uninstallation. You can also contact us directly to request immediate data deletion.
Your data may be processed in the following regions: Fly.io US East (primary database), Google Cloud (AI inference via Cloud Run), and Google AI API (natural language processing). All inter-service transfers are encrypted via TLS 1.3 and authenticated via OIDC tokens and internal shared secrets. We comply with GDPR cross-border data transfer requirements.
Every database query is scoped to your shop's unique identifier. Shop A can never access Shop B's data. AI models are trained and stored per-tenant. Session tokens are encrypted per-shop. Rate limiting is applied per-shop to prevent abuse.
If you have any questions about this privacy policy, wish to exercise your data rights, or need to report a security concern, please contact us at: aevo@aevointelligence.ai