Privacy Policy

Last updated: February 1, 2026

1. Introduction

Agent Rush ("we", "us", "our") operates the agent-rush.com website and platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service, including our Shopify integration, chat widget, and API.

2. Information We Collect

2.1 Account Information

When you create an account, we collect your name, email address, and authentication credentials. If you sign in via Google OAuth, we receive your Google profile information.

2.2 Shopify Store Data

When you connect a Shopify store, we access the following data through Shopify's APIs, limited to the scopes you authorize:

  • Products — product titles, descriptions, pricing, variants, and inventory status. Used to populate your agent's knowledge base.
  • Orders — order numbers, statuses, line items, shipping addresses, and tracking information. Accessed in real-time when a customer queries their order via the chat agent.
  • Customers — customer email addresses associated with orders, used solely for order lookup.
  • Store information — store name, domain, email, and currency, used for agent configuration and branding.

Shopify access tokens are encrypted using AES-256-GCM before storage and are never logged or exposed in plaintext.

2.3 Chat Conversations

We store chat messages between your customers and AI agents to provide conversation history, improve agent responses, and enable lead capture. Conversations are associated with your agent and are visible in your dashboard.

2.4 Website Visitor Data

Our chat widget collects limited visitor information including browser fingerprint (for session persistence), IP-based approximate location, and pages visited. This data is used to maintain conversation context across visits. We do not use third-party tracking cookies.

2.5 Lead Information

When a visitor voluntarily provides their name, email, or phone number through the chat widget, this is stored as a lead and associated with the conversation.

3. How We Use Your Information

  • Provide, operate, and maintain the Agent Rush platform
  • Process Shopify store connections and enable AI-powered customer support
  • Sync product data to your agent's knowledge base
  • Look up orders and tracking information on behalf of your customers
  • Send lead notification emails to store owners
  • Improve our AI models and service quality
  • Communicate with you about your account, updates, and support
  • Detect and prevent fraud, abuse, and security incidents

4. Third-Party Services

We use the following third-party services to operate our platform:

  • Supabase — authentication and database hosting (PostgreSQL)
  • Vercel — application hosting and edge network
  • Groq / OpenAI / Anthropic / Google — AI model inference for chat agents (conversation content is sent to the configured AI provider)
  • Shopify — e-commerce data access via OAuth APIs
  • Upstash — rate limiting (Redis)

Each provider processes data under their own privacy policies. We select providers that maintain industry-standard security practices.

5. Cookies and Tracking

We use essential cookies for authentication and session management. Our chat widget uses browser fingerprinting (canvas, WebGL) to maintain visitor sessions across page visits — this does not track users across different websites. We do not use advertising cookies or third-party trackers.

6. Data Retention

  • Account data — retained while your account is active, deleted upon request
  • Chat conversations — retained while the associated agent exists
  • Shopify tokens — deleted immediately when you disconnect a store or uninstall the app
  • Product data (KB) — removed when you disconnect a store or unlink an agent
  • Lead information — retained until you delete the lead from your dashboard
  • Webhook logs — retained for 90 days for debugging purposes

7. Data Security

We implement appropriate technical and organizational measures to protect your data, including AES-256-GCM encryption for sensitive tokens, HTTPS for all data in transit, HMAC signature verification for webhooks, rate limiting and CSRF protection on all API endpoints, and per-user data isolation. See our Security page for more details.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access — request a copy of the personal data we hold about you
  • Rectification — correct inaccurate or incomplete data
  • Erasure — request deletion of your personal data
  • Data portability — receive your data in a structured, machine-readable format
  • Restriction — request we limit processing of your data
  • Objection — object to processing based on legitimate interests
  • Withdraw consent — where processing is based on consent

To exercise any of these rights, contact us at privacy@agent-rush.com. We will respond within 30 days.

9. International Data Transfers

Your data may be processed in countries outside your jurisdiction, including the United States and the European Union, through our service providers. We ensure appropriate safeguards are in place for such transfers.

10. Children's Privacy

Our Service is not intended for individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the revised policy.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

Agent Rush

Email: privacy@agent-rush.com

Website: agent-rush.com