1. Introduction
This Privacy Policy describes how Thom & Co GmbH (“Naridon”, “we”, “us”, or “our”) collects, uses, and discloses your Personal Data when you visit our website, install our Shopify Application, or use our services (collectively, the “Service”). We are committed to protecting your privacy in accordance with the EU General Data Protection Regulation (GDPR) and the Swiss Federal Act on Data Protection (FADP).2. Information We Collect
A. Information You Provide to Us
- Account Information: When you install Naridon, we collect your name, email address, and shop URL via Shopify’s API.
- Support Communications: Information you provide when contacting our support team (email content, screenshots).
- Configuration Data: Settings and preferences you input into the Naridon dashboard (e.g., target keywords, brand guidelines).
B. Information We Collect Automatically
- Log Data: We collect server logs which may include IP addresses, browser type, operating system, and timestamps.
- Usage Data: We track how you interact with the dashboard (pages visited, features used) to improve user experience.
- Store Data: We index public product information (titles, descriptions, images) to power the AI search features.
C. Information Processed on Behalf of Merchants
When you use Naridon on your store, we may process personal data of your customers (“End-Users”) on your behalf:- Search Queries: Questions asked by customers to the AI.
- Session Metadata: Anonymous session IDs to group interactions. Note: We do NOT collect or store sensitive payment information (credit cards) or passwords.
3. How We Use Your Information
We use your Personal Data for the following purposes:- Service Delivery: To provide the functionality of the Naridon App (contractual necessity).
- Billing & Administration: To manage your subscription and communicate service updates (contractual necessity).
- Security & Debugging: To detect and prevent fraud, abuse, or technical issues (legitimate interest).
- Product Improvement: To analyze usage patterns and train our search algorithms (legitimate interest).
- Marketing: To send you promotional content, where you have opted in (consent).
4. Data Sharing and Disclosure
We do not sell your Personal Data. We share data only in the following circumstances:- Service Providers: With trusted third-party sub-processors (hosting, AI, analytics) who assist us in operating the Service. These transfers are covered by Data Processing Agreements (DPAs).
- Legal Compliance: If required by law, subpoena, or legal process.
- Business Transfers: In connection with a merger, sale, or asset transfer, provided the receiving party agrees to privacy terms.
5. Data Retention
We retain Personal Data only for as long as necessary:- Merchant Account Data: Retained for the duration of your subscription plus 2 years for tax/legal records.
- End-User Search Logs: Retained for 30 days for analytics, then anonymized or deleted.
- Backups: Retained for 90 days in encrypted archives.
6. Cookies and Tracking
We use cookies to authenticate sessions and analyze traffic. You can control cookies through your browser settings.- Essential Cookies: Required for login (e.g., Shopify Session Tokens).
- Analytics Cookies: Used to measure site performance (can be opted out). For more details, please see our Cookie Policy.
7. Your Rights (GDPR/FADP)
If you are located in the EEA, UK, or Switzerland, you have the right to:- Access, correct, or delete your personal data.
- Restrict or object to our processing.
- Withdraw consent at any time (for marketing).
- Lodge a complaint with a supervisory authority.