OpenStores
Privacy & Data

Privacy Policy

We believe in transparency. This policy explains how OpenStores collects, uses, and protects your personal information.

Last updated: January 2026

Introduction

OpenStores UG (haftungsbeschränkt) ("OpenStores", "we", "us", or "our") operates an AI commerce platform that connects merchants with customers through conversational interfaces. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services. We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

Data We Collect

We collect information that you provide directly to us, as well as information collected automatically when you use our platform. The types of data we collect include:

  • Account information including your name, email address, and encrypted password
  • Merchant business information including company name, address, tax identification numbers, and bank account details for payouts
  • Payment information processed securely through Stripe - we do not store full credit card numbers on our servers
  • Product catalog data including descriptions, images, pricing, inventory levels, and categories
  • Usage data such as pages visited, features used, time spent on the platform, and interaction patterns
  • Communications you send to us including support requests, feedback, and survey responses
  • Device information including IP address, browser type, operating system, and device identifiers
  • Approximate location data derived from IP address to provide localized experiences

How We Use Your Data

We process your personal data based on legitimate interests, contractual necessity, and your consent where required. Specifically, we use your information to:

  • Provide, maintain, and improve our platform services and features
  • Process transactions, payouts, and send related payment confirmations
  • Send you technical notices, updates, security alerts, and support messages
  • Monitor and analyze trends, usage patterns, and activities to improve user experience
  • Train and improve our AI systems, recommendation algorithms, and platform features
  • Detect, prevent, and address fraud, security issues, and technical problems
  • Comply with legal obligations and respond to lawful requests from authorities
  • Send promotional communications (with your consent) about new features and services

Third-Party Services

We share your information with carefully selected third-party service providers who assist us in operating our platform. Each provider is bound by data processing agreements and uses your data only for specified purposes:

  • Stripe Inc. - Payment processing, merchant onboarding, and financial services. Stripe may use data as described in their privacy policy.
  • Google Firebase (Google LLC) - User authentication, real-time database, cloud storage, and hosting services
  • Google Gemini (Google LLC) - AI-powered product description generation and image analysis
  • Analytics providers including Google Analytics to help us understand platform usage and improve our services
  • Cloudflare Inc. - Content delivery, DDoS protection, and security services

Cookies & Tracking

We use cookies and similar tracking technologies to enhance your experience on our platform. You can control cookie preferences through your browser settings. The types of cookies we use include:

  • Essential cookies required for the platform to function, including authentication and security
  • Functional cookies that remember your preferences such as language and display settings
  • Analytics cookies that help us understand how you use our platform to improve our services
  • Marketing cookies used to deliver relevant advertisements (only with your explicit consent)

Data Retention

We retain your personal data for as long as your account is active or as needed to provide you services. After account closure, we retain data for a period necessary to comply with legal obligations, resolve disputes, and enforce our agreements. Specifically: transaction records are retained for 7 years for tax and accounting purposes; support communications for 3 years; and usage logs for 2 years. Anonymized and aggregated data may be retained indefinitely for analytics, research, and platform improvement purposes.

Your Rights

Under the General Data Protection Regulation (GDPR) and other applicable data protection laws, you have the following rights regarding your personal data:

  • Right of Access - Request a copy of all personal data we hold about you
  • Right to Rectification - Request correction of any inaccurate or incomplete data
  • Right to Erasure - Request deletion of your personal data ("right to be forgotten")
  • Right to Data Portability - Receive your data in a structured, machine-readable format
  • Right to Object - Object to processing of your data for certain purposes including marketing
  • Right to Restriction - Request that we limit how we use your data
  • Right to Withdraw Consent - Withdraw consent at any time for processing based on consent
  • Right to Lodge a Complaint - File a complaint with a supervisory authority in your jurisdiction

To exercise any of these rights, please contact us at privacy@openstores.app. We will respond to your request within 30 days as required by GDPR. We may ask you to verify your identity before processing your request.

International Data Transfers

Your information may be transferred to and processed in countries other than your own, including the United States where some of our service providers are located. When we transfer personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place in accordance with GDPR requirements. These safeguards include Standard Contractual Clauses (SCCs) approved by the European Commission, adequacy decisions, or other legally approved mechanisms. You have the right to request information about the specific safeguards applied to transfers of your data.

Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. While no system is completely secure, we continuously work to improve our security practices.

Encryption

All data is encrypted in transit using TLS 1.3 and at rest using AES-256

Access Control

Strict role-based access controls and multi-factor authentication for all employees

Monitoring

24/7 security monitoring, intrusion detection, and automated threat response

Security Audits

Regular penetration testing and third-party security assessments

Children's Privacy

Our platform is not intended for use by children under the age of 16. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at privacy@openstores.app. If we discover that we have collected personal information from a child under 16, we will promptly delete that information from our servers.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will notify you by posting the updated policy on our platform with a new "Last updated" date. For significant changes that affect how we process your personal data, we will provide additional notice such as an email notification. We encourage you to review this policy periodically. Your continued use of our platform after changes constitutes acceptance of the updated policy.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Data Protection Officer:

OpenStores UG (haftungsbeschränkt)

Germany, European Union

privacy@openstores.app

We aim to respond to all inquiries within 48 business hours.

Privacy Policy - OpenStores