Privacy Policy

Last updated: February 2026

1. Introduction

SupportRetriever ("we", "us", or "our") operates the SupportRetriever website and service (the "Service"). This page informs you of our policies regarding the collection, use, and disclosure of personal data when you use our Service and the choices you have associated with that data.

2. Information Collection and Use

We collect several different types of information for various purposes to provide and improve our Service to you.

Types of Data Collected

Personal Data: While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you ("Personal Data"). This may include, but is not limited to: Email address, Name, and Usage Data.
Usage Data: We may also collect information on how the Service is accessed and used ("Usage Data"). This Usage Data may include information such as your computer's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data. Note: IP addresses are hashed before storage and are used solely for rate limiting and security purposes.
Cookies: We use essential session cookies to maintain your login session. These cookies (`sb-access-token` and `sb-refresh-token`) are necessary for the Service to function and do not require consent. We may also use analytics and tracking cookies with your consent (see Cookie Consent section below).
Analytics Data: We collect analytics data including page views, button clicks, referrer information, and UTM parameters (source, medium, campaign) to understand how users interact with our Service and improve our offerings.
Shopify Integration Data: If you connect your Shopify store to SupportRetriever, we access order data from Shopify (including customer email addresses, order counts, order totals, and order dates) on-demand when you view support conversations. This data is fetched in real-time from Shopify's API and is used solely to display purchase context in your support conversations. We do not permanently store this Shopify data in our systems.
AI Companion Data: If you enable the AI-powered reply suggestion feature, your encrypted API keys are stored in our database, and customer messages and conversation history are temporarily processed to generate suggestions. Message content is sent to your chosen third-party AI provider (OpenAI, Anthropic, Google, or others) for processing. We implement security measures to redact sensitive information (credit card numbers, social security numbers, passwords) before sending to AI providers. AI-generated suggestions are stored in our database and can be reviewed, edited, or dismissed by you.

2.5. Authentication Methods

We support multiple authentication methods for your account:

Email and Password: Traditional email and password authentication
Google OAuth: Sign in with your Google account. When you use Google OAuth, Google shares your email address and basic profile information with us to create and manage your account.

2.6. Cookie Consent

We use essential cookies (session cookies) that are necessary for the Service to function. These cookies do not require consent. We also use optional analytics and tracking cookies (such as Meta Pixel) that require your consent. You can manage your cookie preferences through the cookie consent banner that appears on our website. You may withdraw your consent at any time, which will prevent future tracking cookies from being set.

3. Use of Data

SupportRetriever uses the collected data for various purposes:

To provide and maintain the Service
To notify you about changes to our Service
To allow you to participate in interactive features of our Service when you choose to do so
To provide customer care and support
To provide analysis or valuable information so that we can improve the Service
To monitor the usage of the Service
To detect, prevent and address technical issues
To track analytics including page views, user interactions, and conversion events (with your consent)
To analyze referrer data and UTM parameters to understand how users discover our Service
To display customer purchase context in support conversations when you connect your Shopify store (order count, lifetime value, and last order date are fetched from Shopify and displayed to help you provide better context-aware customer support)
To generate AI-powered reply suggestions when you enable the AI Companion feature (customer messages are sent to your chosen third-party AI provider for processing, and AI-generated suggestions are stored for your review)

3.5. Account Deletion and Data Removal

You may request deletion of your account at any time through your account settings. Upon account deletion:

All your personal data, forms, conversations, messages, and related information will be permanently deleted
Data deletion occurs through database cascade operations and cannot be recovered
If you are a team member on other users' forms, your access will be removed, but the form owner's data will be preserved
Analytics and tracking data associated with your account will also be deleted

To delete your account, go to Settings and use the account deletion feature. Account deletion is permanent and irreversible.

4. Transfer of Data

Your information, including Personal Data, may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.

5. Disclosure of Data

We may disclose your Personal Data in the good faith belief that such action is necessary to:

To comply with a legal obligation
To protect and defend the rights or property of SupportRetriever
To prevent or investigate possible wrongdoing in connection with the Service
To protect the personal safety of users of the Service or the public
To protect against legal liability

6. Security of Data

The security of your data is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.

7. Service Providers

We may employ third party companies and individuals to facilitate our Service ("Service Providers"), to provide the Service on our behalf, to perform Service-related services or to assist us in analyzing how our Service is used. These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

We use the following third-party service providers:

Supabase: Provides our database, authentication services, and storage infrastructure. Your account data, forms, conversations, and messages are stored securely in Supabase's systems.
Mailgun: Handles email delivery for form submissions and customer communications. Mailgun processes email addresses and message content to deliver emails on our behalf.
Cloudflare: Provides bot protection (Turnstile) and security services. Cloudflare may process IP addresses and other connection data for security and spam prevention purposes.
Google: Provides OAuth authentication services. When you sign in with Google, Google processes your authentication request and shares your email and basic profile information with us.
Meta/Facebook: Provides Meta Pixel for analytics and conversion tracking (with your consent). Meta Pixel may set cookies and track your interactions with our Service for analytics purposes. This service is only active if you consent to analytics cookies.
Paddle: Processes payments for Pro subscriptions (for non-Shopify accounts). Paddle handles payment information including credit card details and billing addresses. We receive subscription status updates via webhooks but do not store full payment card details. Paddle processes payment data according to their Privacy Policy. For Shopify-connected accounts, payments are processed by Shopify as described below.
Shopify: If you choose to connect your Shopify store to SupportRetriever, we access order data via Shopify's API to display customer purchase context (order count, lifetime value, and last order date) in your support conversations. This data is fetched on-demand when viewing conversations and is used solely to help you provide better context-aware customer support. We do not store this Shopify data permanently. Additionally, if you have a Shopify-connected account, your Pro subscription payments are processed by Shopify. The integration requires your explicit authorization and you can disconnect it at any time through your account settings.
Third-Party AI Providers: If you enable the AI Companion feature, customer messages and conversation history are sent to your chosen third-party AI provider (such as OpenAI, Anthropic, Google, or other supported providers) using your own API keys. These providers process the data to generate reply suggestions. You are directly responsible for your relationship with these AI providers, including their terms of service and privacy policies. We implement security measures to redact sensitive information before sending data to AI providers, but you should review their respective privacy policies to understand how they handle your data.

8. Links to Other Sites

Our Service may contain links to other sites that are not operated by us. If you click on a third party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

9. Data Retention

We retain your Personal Data and other information for as long as your account is active or as needed to provide you with the Service. When you delete your account, all associated data is permanently deleted through database cascade operations. We may retain certain information as required by law or for legitimate business purposes, such as preventing fraud or resolving disputes.

Analytics and tracking data are retained according to our data retention policies and are deleted when you delete your account or withdraw consent for tracking cookies.

10. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

11. Your Rights

Depending on your location, you may have certain rights regarding your Personal Data:

Right to Access: You have the right to access the Personal Data we hold about you. You can view most of this information in your account settings.
Right to Deletion: You have the right to request deletion of your Personal Data. You can delete your account at any time through your account settings, which will permanently delete all associated data.
Right to Rectification: You have the right to correct inaccurate or incomplete Personal Data. You can update your profile information in your account settings.
Right to Data Portability: You have the right to receive your Personal Data in a structured, commonly used format. Contact us via the support form to request a copy of your data.
Right to Withdraw Consent: If we process your data based on consent, you have the right to withdraw that consent at any time. You can manage cookie consent preferences through the cookie consent banner.

To exercise these rights, please contact us via the support form linked in the footer of our website. We will respond to your request within a reasonable timeframe.

12. Contact Us

If you have any questions about this Privacy Policy, please contact us via the support form linked in the footer of our website.