Checkout AI: B2B Checkout

Privacy Policy

Effective July 6, 2026 · Smith Crafts LLC

Checkout AI: B2B Checkout (the “App”) is a Shopify app provided by Smith Crafts LLC (“we”, “us”). This policy explains what data the App accesses, why, and how we handle it. The App is an admin tool for authoring B2B checkout rules that run inside Shopify’s Functions runtime. We do not inject scripts or trackers into your storefront, and we do not store your customers’ names, postal addresses, email addresses, phone numbers, or payment details.

What we store today

Revenue Leak Finder — data processing on Platinum (activates only after Shopify PCD approval)

Our forthcoming Platinum tier (“Concierge in the Product”) includes a feature called Revenue Leak Finder, which reviews completed orders against the checkout rules you have published to detect rules that failed to apply, discount stacks that leaked revenue, and rules that no longer match any orders. This feature does not turn on automatically. It activates for your shop only when both of the following are true:

When both apply, the App will process order data as described below. Until then, no order data reaches our servers.

What we do not do

Sub-processors

How data is protected

Data retention & deletion

We retain installation, session, and rule data while the App is installed. When you uninstall, Shopify sends the App’s app/uninstalled webhook and we delete the shop’s Session rows immediately (including the merchant-staff fields listed above). About 48 hours later Shopify sends the mandatory shop/redact webhook, at which point we delete all remaining app-database records for the shop: AI rule drafts, support submissions, order-telemetry rows, AI usage counters, review-prompt state, and — once Platinum is active — order-audit snapshots, rule configuration versions, leak findings, and alert-delivery records.

When Shopify sends a customers/redact webhook, we delete any order-telemetry or order-audit-snapshot rows for the redacted customer’s orders identified in the payload.

When Shopify sends a customers/data_request webhook, the App responds with an inventory of the categories of data it may hold that reference a customer’s orders. Because the App never stores customer names, addresses, emails, or phone numbers, that inventory contains order-referenced records only. You may also email us at the address below to request deletion or a copy of the data we hold for your shop.

Your rights

Depending on your jurisdiction (including the EU/UK GDPR and the California CCPA/CPRA), you may have rights to access, correct, port, or delete data we hold that relates to you. Merchants can exercise these rights via the Shopify privacy webhooks described above or by emailing [email protected]. We respond within the timeframes required by applicable law. End customers of a merchant’s store should direct requests to the merchant, who is the data controller for their store’s customer data; we act as a processor on the merchant’s behalf.

International transfers

The App is operated from the United States. If you access it from elsewhere, your data may be transferred to and processed in the U.S. under the safeguards required by applicable law.

Changes

We may update this policy; material changes will be reflected by the effective date above and, where features that change data handling are added, in a same-release update. Continued use of the App after an update constitutes acceptance of the revised policy.

Contact

Smith Crafts LLC · Data-protection contact: [email protected].