​​​​

1. How You Access CMOgpt

CMOgpt is provided as a web-based service accessed via Shopify authentication. It is not installed on a merchant’s device or Shopify store. Shopify verifies your identity and store ownership, and only authenticated merchants can access their own data.

 

​

2. What Data We Collect

We collect only the merchant-level data required to provide decision-support insights in connection with the service.

​

2.1 Merchant Account Information

• Shopify account email address

Purpose: onboarding, service communications, product updates related to the service, and support.

 

2.2 Store Performance Data (via Shopify API)

• Aggregated order-level sales values

• Inventory summaries

• Product and revenue performance metrics

​

We do not collect customer personal data, customer names, email addresses, phone numbers, postal addresses, payment details, or card information.

​

2.3 Analytics Data (via Merchant-Authorised Connections)

Analytics and performance data from Google Analytics (GA4), where you choose to connect your analytics account.

This may include aggregated traffic, conversion, and performance metrics at a store or account level.

CMOgpt does not collect end-customer personal data, identifiers, or behavioural tracking data from Google Analytics.

 

2.4 Merchant-Provided Inputs

CMOgpt also processes information you choose to enter directly into the service, such as business questions, commercial prompts, or contextual inputs used to generate insights.

Merchant-provided inputs are used only to support analysis and decision-support within CMOgpt and are not used to train public AI models.

​

​

3. What We Do Not Collect

CMOgpt does not collect end-customer personal data, customer contact details, payment information, or behavioural tracking data. CMOgpt is a business performance and strategy tool, not a customer data platform.

 

 

4. How Data Is Used

Merchant data is used only to calculate performance indicators, generate benchmarks and insights, support business decision-making, and power the embedded AI experience.

 

 

5. AI & Automated Processing

CMOgpt includes an AI-powered decision-support experience. AI uses merchant performance data to interpret results and support decision-making. Merchant data submitted for AI processing is not used to train public AI models. AI conversations are not persisted beyond what is necessary to deliver the service and maintain security. OpenAI acts as a sub-processor under commercial API terms, solely to support AI processing within the service.

 

 

6. Data Storage & Security

CMOgpt is hosted on Amazon Web Services (AWS) in the ap-southeast-2 (Sydney, Australia) region. Data is encrypted at rest using AES-256 and in transit using TLS 1.2+. Merchant data is logically segregated and protected using role-based access controls.

 

 

7. Data Retention & Deletion

Merchant data is retained only while a subscription is active. Data is deleted following account disconnection or subscription cancellation, subject to limited retention required for security, compliance, or legal purposes.

 

​

8. Your Rights

Depending on your jurisdiction and where applicable under law, you may have rights to access, correct, or delete your data.

​​

​

9. Third-Party Services

Use of those services may be subject to their own terms and policies, for which those providers are independently responsible.

 

 

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via the service or email.

​

 

11. Contact

Email: support@cmogpt.io

​