V-Staff Privacy Policy

This Privacy Policy explains how information is handled in the Shopify app "V-Staff" (the "App"). The App provides an embedded app inside the Shopify admin and a Live2D clienteling overlay that runs on the storefront.

1. Scope

This Policy applies to Shopify store operators who install the App and to users who interact with the App's clienteling UI on those stores' storefronts.

The App's current standard implementation does not use purchase-history-based individual customer profiles, and it is not designed to permanently store customer personal data in the App database.

2. Information Collected or Processed

The App may collect, process, or store the following information on the user's device.

  • Information about Shopify store operators: shop domain, OAuth session information, permission scopes, public product information, publication information, locale information, billing status, app settings, Live2D model settings, assistant settings, and usage aggregation information
  • Storefront input information: chat message text, conversation history, current page type, product handle, collection handle, and product information referenced during clienteling interactions
  • Storefront interaction events: event types such as recommendation impressions, product detail displays, product page navigation, and CTA clicks, as well as trace IDs, product handles, collection handles, CTA URLs, and the number of recommendations shown
  • Information stored on the user's device: display language, target category settings, selected character or assistant, onboarding completion status, recent recommendation history, and temporary product navigation information
  • Technical information: IP address, browser type, user-agent, error information, and other technical logs may be temporarily processed by infrastructure providers or in operational logs as part of request handling

Recommendation history and display settings are primarily stored in the user's browser localStorage or sessionStorage. This is separate from information permanently stored in the App's server database.

3. Purposes of Use

  • To provide, authenticate, control display of, operate, and maintain the App
  • To generate product recommendations, conversation responses, and product description narration
  • To maintain display settings, language settings, and history display on the storefront
  • To aggregate usage, manage billing, and manage plans
  • To investigate defects, respond to incidents, and handle security matters
  • To comply with legal requirements, including Shopify compliance webhooks

4. External Transfers, Processors, and Third-Party Services

The App uses the following third-party services or infrastructure to provide its functions.

  • Shopify: for authentication, app integration, product information retrieval, publication and locale retrieval, and webhook receipt
  • Cloudflare: for app hosting, Worker runtime, D1, KV, R2, and related infrastructure
  • OpenAI-compatible API providers: for generating recommendations and conversation responses. Chat text, conversation history, product context, page context, and related information may be sent to these providers

The App entrusts information processing to these providers only to the extent necessary to provide its functions. Except where required by law, the App does not sell customer personal data to third parties for their own independent purposes.

5. Retention Period

  • Shopify session information is retained for as long as necessary to maintain authentication and provide the App, and becomes subject to deletion when the app is uninstalled or when it is no longer needed
  • Store-level settings, model-related data, billing status, and usage aggregation are retained for a reasonable period necessary for contract management, support, and legal compliance
  • Browser-stored settings and recommendation history may remain until the user deletes them or clears browser storage data
  • Chat text and conversation history are temporarily processed to generate responses, but the App's standard implementation does not intend to permanently store them as customer personal data

6. User Choices and Deletion Requests

  • Storefront users can delete settings and history stored on their device by clearing localStorage and sessionStorage from their browser settings
  • Store operators can stop future integration by uninstalling the App
  • The App supports Shopify compliance webhooks. When shop/redact is received, the App deletes shop-level D1, KV, and R2 data
  • Because the current implementation does not permanently store customer personal data, customers/data_request and customers/redact are processed as having no stored data
  • For inquiries or rights requests, please contact the address below

7. Cross-Border Transfers

Because the App uses Cloudflare and OpenAI-compatible API providers, information may be processed in regions outside Japan. When cross-border transfers occur, the App handles information only to the extent necessary to provide its functions.

8. Changes

This Policy may be updated in response to changes in laws, service content, or operational practices. If material changes are made, notice will be provided by updating this page or by another reasonable method.

9. Contact

If disclosure of address or other information is required, we will respond without delay to legitimate requests made under applicable laws.

This Policy is based on the current implementation of V-Staff. If stored data or external integrations change in the future, this Policy will be updated accordingly.