Terminal Commerce Channel
Privacy Policy & Data-Retention Statement
Operator: Ensemble Ventures (Guillaume Racine), Montréal, Québec, Canada.
Contact: guillaume.racine.gr@gmail.com
Effective: 2026-06-18.
What this app does
Terminal Commerce Channel lets a merchant expose approved products to AI assistants that can search products and prepare a Shopify-hosted checkout. Payment always happens in Shopify checkout; the app never sees or processes payment details.
Data we process
From the merchant's store (with the merchant's authorization):
- Product catalog data (titles, prices, images, variants, availability) — to let agents discover eligible products.
- Order data, limited to non-PII fields (order number, status, totals, line items, and cart attribution attributes) — to attribute and report channel sales to the merchant.
- Per-shop API tokens (offline Admin token, Storefront token) — to operate the channel on the merchant's behalf.
We do NOT collect or store customer names, emails, phone numbers, addresses, payment instruments, or customer identifiers. These are redacted at the boundary, before display and before any logging or persistence.
How we use it
- Enable agent product discovery and cart preparation.
- Attribute resulting orders back to the agent session and report channel sales to the merchant.
- Operate, secure, and debug the service (redacted audit events only).
We do not sell data, use it for advertising, or share it except with subprocessors strictly necessary to run the service (hosting: Railway; database: PostgreSQL).
How we protect it
- API tokens encrypted at rest (AES-256-GCM) with key rotation.
- HTTPS in transit; server-side Admin/Storefront calls.
- Merchant-scoped, token-authenticated, rate-limited endpoints.
- PII redaction enforced and covered by automated tests.
Retention & deletion
- Order/attribution data is retained only as redacted, non-PII summaries for as long as the app is installed.
- On app uninstall, all per-shop data (tokens, sessions, evidence) is deleted.
- We honor Shopify's GDPR webhooks:
customers/data_request, customers/redact, shop/redact.
- Merchants may request deletion at any time via the contact email above.
Your rights
Depending on jurisdiction (GDPR / CCPA / PIPEDA), you have rights to access, correct, delete, or restrict processing. Send requests to the contact email above.
Changes
We'll post changes here and update the effective date.