policy

Privacy,line by line.

Thynk operates as an AI ops layer over your Shopify store and the third-party tools you connect. This page is the plain-English account of what that means for your data — what we collect, who sees it, how long we keep it, and what you can ask us to do.

last updated 2026-05-12operator · Thynk Labs Inc.contact · privacy@thynk.app

Scope

This policy covers data processed by Thynk when a Shopify merchant installs the Thynk app, connects additional integrations (Klaviyo, Meta Ads, Gorgias, Slack, and others via MCP or Composio), and uses the orchestrator to run playbooks against those systems.

It does not cover: the merchant's own privacy obligations to their customers (that is between the merchant and the data subjects), nor the privacy practices of the third-party tools we connect to — each operates under its own policy.

What we collect

We collect three categories of data, no more:

account
Shop domain, store name, contact email, billing plan, install timestamp.
operational
Orders, products, customers, refunds, fulfillments, and Klaviyo/Gorgias/Meta data — exactly the slices your scopes authorize, fetched on demand for the playbook you ran.
usage
Prompts you submit, the playbooks the orchestrator chose, run outcomes, approval decisions, and execution logs — used to render Activity and to debug failures.

We do not sell data. We do not train external models on your data. We do not run analytics that fingerprint your buyers.

Shopify scopes

Thynk requests the minimum scopes required by the skill packs you enable. The current default install requests read access to orders, products, customers, and inventory; write access is requested only for actions that explicitly modify the store, and Thynk acts only within the scopes you grant — every action is logged to the audit trail.

Protected customer data (PII) — names, emails, phone numbers, addresses — is treated as sensitive: it is fetched only when a playbook needs it, never logged in plaintext, and never exposed to connected third parties beyond what the playbook scope requires.

How we use data

  • Run playbooks. Your prompt routes to the specialist agents; each agent reads only the slice it needs.
  • Persist memory. Per-merchant, per-skill-pack key-value memory powers recurring playbooks (brand voice, business rules, prior decisions).
  • Render Activity. A timeline of scheduled, running, and completed runs — visible only to authenticated merchant staff.
  • Audit trail. Every approval decision and every MCP call is logged for compliance, retained separately from operational memory.
  • Improve the product. Aggregated, de-identified usage signals — never raw customer data.

Sub-processors

We use a short list of sub-processors to operate the service. Each is bound by a Data Processing Agreement that limits how they may handle merchant data.

infrastructure
Google Cloud Platform — application hosting, Postgres, log storage.
LLM routing
Anthropic and OpenAI — model inference. Prompts and tool calls are processed under each provider's zero-retention or short-retention terms.
integrations
Composio and the upstream MCP servers (Shopify, Klaviyo, Meta, Gorgias, Slack) — they handle the read/write to your connected tools.
billing
Shopify Billing API for plan changes; Stripe is not used.

Retention

  • Account data — kept while the app is installed; purged within 30 days of uninstall.
  • Operational data — cached only as long as the playbook needs; raw payloads are not stored beyond run completion.
  • Memory — persists across runs to power your workflows; deletable on request.
  • Audit logs — retained for 12 months for compliance, then purged.
  • Shopify GDPR webhookscustomers/data_request, customers/redact, and shop/redact are honored within 30 days.

Your rights

Under GDPR, CCPA, and the equivalent regimes, you may request access to, correction of, or deletion of data we hold. Merchants can self-serve a full export and delete from Settings → Data, or email privacy@thynk.app. We respond within 30 days.

End customers of merchants should direct requests to the merchant — we only process their data on the merchant's behalf.

Security

Credentials are encrypted at rest. Transport is TLS 1.2+. Memory and audit logs are scoped per merchant and per skill pack — no cross-tenant leakage by design. Detailed practices live on the Security page.

Changes

Material changes are announced in the app shell and via email to the install contact at least 14 days before they take effect. Non-material edits (clarifications, link fixes) update silently; the “last updated” timestamp at the top reflects the latest revision.

Contact

For privacy questions, data subject requests, or compliance documentation: privacy@thynk.app.

Postal: Thynk Labs Inc. · Mailing address provided on request via the address above.