Privacy Policy

When you install Arya on your Shopify store, we collect and store:

• Your Shopify store domain and OAuth access token (to read orders and customers on your behalf)
• Customer email addresses from support tickets submitted to your store
• Support ticket content — email subjects and message bodies
• Your account email address and organisation name

Arya supports two billing paths depending on how you signed up:

• Shopify App Store install — billing runs through the Shopify Billing API and appears on your Shopify invoice. Card data is held by Shopify, never by Arya.
• Web signup at aryasupport.com — billing runs through Stripe. Card data is held by Stripe, never by Arya.

In both cases, we receive only a subscription identifier, plan name, and status — never credit card numbers.

We use the data we collect exclusively to provide the Arya service:

• Generating AI-drafted replies to your customers' support emails
• Displaying your customers' Shopify order history to your support agents
• Processing exchanges and refunds on your behalf via the Shopify API
• Computing analytics shown in your Arya dashboard

We do not use your data to train AI models or share it with third parties.

All data is stored in a PostgreSQL database hosted by Supabase on EU infrastructure. Your Shopify access token is encrypted at rest. Access to your data is restricted by row-level security policies — your data is never accessible to other Arya users.

We do not sell, rent, or share your data with any third party, except as required to provide the service (Supabase for storage, Anthropic for AI draft generation, Shopify Billing or Stripe for billing depending on your signup path, Resend for transactional email).

Arya uses Anthropic's Claude models to generate suggested replies and classify tickets. When an AI draft is generated, the relevant ticket context (subject, customer message, relevant Shopify order context, and your playbook rules) is sent to Anthropic's API.

Anthropic processes this content as a subprocessor under Anthropic's standard commercial API terms. Under these terms, your content is not used to train Anthropic's models and is retained only briefly for safety and abuse monitoring (typically up to 30 days) before being deleted. No customer payment or credential data is ever sent to Anthropic.

When you install Arya, we store your Shopify store domain and access token to read order and customer data on your behalf. We request only the scopes necessary to provide the service: reading orders, fulfillments, customers, and products; writing customer records and order edits.

When you uninstall Arya, your Shopify access token is immediately revoked. Forty-eight hours after uninstallation, all customer personal data is permanently anonymised: customer email addresses are replaced with a placeholder, support message content is redacted, and any attached files are permanently deleted.

If one of your end-customers submits a data access or deletion request, you can forward it to us at privacy@aryasupport.com. We will respond within 30 days.

Upon a verified deletion request, we anonymise all support ticket records associated with the customer's email address, including redacting the content of support messages and deleting any attached files. Ticket metadata (dates, status, tags) is retained as the merchant's legitimate business records.

We retain your data for as long as your Arya account is active. If you close your account, we will delete your personal data within 90 days, subject to any legal obligations that require us to retain it longer.

Support message content is retained for active accounts to allow merchants to reference historical conversations. It is anonymised upon a GDPR deletion request or when the associated Shopify store uninstalls Arya. Ticket metadata (dates, status, tags) may be retained indefinitely. Merchants may request deletion of specific records by contacting us.

For privacy-related questions or requests, contact us at privacy@aryasupport.com.

For general support, visit your Arya dashboard or email support@aryasupport.com.