Skip to content

Privacy policy.

Last updated
June 12, 2026
Applies to
Syrixia AI, all plans

1. Who this covers

This policy explains how Syrixia AI ("Syrixia", "we", "us") handles data for two groups: merchants who create accounts and connect stores, and shoppers who talk to the assistant on a merchant’s storefront. For shopper data, the merchant is the data controller and Syrixia processes that data on the merchant’s behalf.

2. What we collect

  • Store content. Products, prices, policies, pages, blog posts, and FAQs from stores a merchant connects. This is content the store already publishes.
  • Conversations. Messages between shoppers and the assistant, together with the page context the widget records to answer better, such as products viewed and cart contents when cart recovery is enabled.
  • Lead contact details. Names and email addresses that shoppers choose to leave, attached to the conversation they came from.
  • Merchant account data. Your email address and login credentials for the dashboard. Passwords are stored as salted hashes by our authentication provider, never in plain text.
  • Usage events. Widget opens, messages sent, product clicks, and similar counts per store, used for the analytics you see in your dashboard and for enforcing plan limits.

3. Order data and payments

When a shopper asks about their own order and gives the order number and the email used at checkout, Syrixia reads that order’s status from the connected store to answer them, and your dashboard can show a customer’s past orders for conversations you handle. We never see shopper payment details: card and payment data stay with the store platform and its payment processor, and checkout happens there, not in Syrixia. We do not run advertising and we do not sell personal data.

4. Why we process data

To operate the service a merchant signs up for: answering shopper questions from store content, recommending products, capturing leads the shopper chooses to leave, recovering carts, producing analytics and weekly reports, providing support, and billing. We do not use store content or conversations to train foundation models.

5. Subprocessors

We use a small set of service providers to run Syrixia:

  • OpenAI generates assistant replies, reports, and content embeddings.
  • Supabase hosts the database and authentication where store content, conversations, leads, and accounts live.
  • Render and Vercel host the API and the dashboard.
  • Paddle handles billing as merchant of record.
  • Resend sends email such as the weekly digest when enabled.

Each provider processes data only to provide its service to us. We will update this list if the set of providers changes.

6. Who can read conversations

The owner of the store you are chatting on can read the conversations that happen on their own store, including any contact details a shopper chooses to share. This is how merchants follow up on questions and leads. Store owners can only ever see conversations from their own store, never from anyone else’s. Syrixia staff access conversation data only when needed to investigate a reported problem or as required by law.

7. Retention and deletion

  • Store content is deleted when a merchant disconnects the store.
  • Conversations and leads stay until the merchant deletes them or closes the account.
  • Closing an account deletes its data within 30 days, except records we must keep for legal or accounting reasons.
  • Merchants and shoppers can request deletion at any time at syrixiaai@gmail.com.

8. Security

Data is encrypted in transit. Store platform access tokens are encrypted at rest. Access to production systems is limited to people who need it to run the service. Every store’s data is isolated by store, enforced in the API and again at the database layer. No method of storage is perfectly secure, but we treat reported vulnerabilities as the highest priority; report them to syrixiaai@gmail.com.

9. Your rights

Depending on where you live, you may have rights to access, correct, export, restrict, or delete personal data, and to object to processing. Merchants can exercise most of these directly in the dashboard; for anything else, or if you are a shopper, email syrixiaai@gmail.com and we will respond within 30 days. Shoppers can also contact the store they chatted with, who controls that data.

10. Children

Syrixia is a business tool and is not directed at children. Do not use the service if you are under 18.

11. Changes to this policy

We may update this policy as the service evolves. Material changes are announced by email or in the dashboard before they take effect, and the date at the top always reflects the current version.

12. Contact

Privacy questions go to syrixiaai@gmail.com.