Privacy & Data Protection
What data Lærke processes, how long we keep it, how it's protected, and what choices shoppers and merchants have.
Last updated 2026-05-21
Lærke is an AI chat assistant embedded on Shopify storefronts. It is operated by Spartahive.
Roles
The Shopify merchant who installs Lærke is the data controller for shopper interactions on their store. Spartahive acts as a data processor on the merchant's behalf, under a Data Processing Agreement that is part of the app's terms of service.
What we process
| Category | Examples | Source |
|---|---|---|
| Chat content | Messages the shopper sends and replies the assistant returns. | Direct from the shopper through the chat widget. |
| Conversation identifier | A random identifier generated in the browser so a returning shopper resumes the same thread. | Generated locally; stored in the shopper's browser. |
| Customer identifier & order data | The shopper's Shopify customer ID, order numbers and order status — fetched on demand only after the shopper explicitly authenticates through Shopify. | Shopify, with the shopper's consent. |
| Public catalog data | Product listings, descriptions, shop policies. | The merchant's public Shopify storefront. |
| Operational metadata | Timestamps, usage counts, error events. | Generated by Lærke itself. |
| Order outcome data | When an order is placed: the order identifier, total, currency, item count, financial status, and whether it contained a product the assistant recommended. No customer name, email, address, or payment details are stored. | Shopify, via the order webhook. |
We do not collect IP addresses for the chat, fingerprint devices, profile shoppers across sessions, or sell data to third parties.
To measure whether the assistant contributed to a sale, Lærke stores its conversation identifier as a hidden cart attribute (_laerke_conversation) so an order can be linked back to the chat session that influenced it. This identifier is random and not personally identifying.
How we use the data
- Run the conversation: pass prior turns to our AI provider to generate the next reply.
- Look up products and policies on the merchant's Shopify store in response to the shopper's question.
- Look up the shopper's own order status — only when the shopper has explicitly authenticated through Shopify.
- Let merchant staff review conversations and improve the assistant's answers through corrections, which the assistant learns from over time.
- Measure whether the assistant contributes to sales — linking products it recommended to subsequent orders — and show the merchant aggregate value analytics.
Sub-processors
We engage a small number of carefully chosen sub-processors to operate Lærke. Categories below; the current named list is available on request as part of the Data Processing Agreement.
| Category | Purpose | Region |
|---|---|---|
| AI language model | Generates chat replies. Our provider does not train on data we send via the API. | USA / EU |
| Embedding service | Helps the assistant retrieve relevant admin corrections when answering similar questions. | USA |
| Shopify International Ltd. | App platform, product and order data APIs. | EU / global |
| EU hosting provider | Server hosting and encrypted block storage. All Lærke servers run in the EU. | EU |
| Error monitoring service | Server-side error reports (stack traces and request metadata only — never chat content). | USA |
Retention
| Data | Retention |
|---|---|
| Chat conversations & messages | 90 days from last activity, then automatically deleted by a daily retention job. |
| Admin corrections (training data) | Kept for as long as the merchant has Lærke installed. Corrections contain the admin's preferred answer plus a snapshot of the shopper's question text — not the rest of the conversation. Deleted on uninstall. |
| Customer Account OAuth tokens | Until the token expires (typically minutes to hours) or the customer is redacted, whichever comes first. |
| Merchant configuration | Until the app is uninstalled, then 48 hours, then permanently deleted on Shopify's shop/redact webhook. |
| GDPR data exports | 30 days after the export has been delivered to the controller. |
| Order outcome data | About 13 months from the order date, then automatically deleted by the daily retention job. |
Security
In transit
All network traffic between the shopper, the merchant's storefront, the Lærke server, and our sub-processors is encrypted with TLS 1.2 or higher (Let's Encrypt certificates, HSTS preloaded).
At rest
Lærke's database lives on EU-hosted encrypted storage. Database files are not accessible outside the application and are protected by industry-standard disk-level encryption.
Backups
Backups are taken nightly to EU-hosted encrypted storage. They inherit the encryption of the source volume and are retained for 7 days before rotation. Restoration is permitted only to authorized Spartahive operators.
Access control
Production access is limited to named Spartahive staff, authenticated with cryptographic keys (no passwords). Access is logged. Internal administrative endpoints are protected by a bearer token that is rotated on personnel changes.
Data-loss prevention
- Application secrets are stored only in protected configuration, never in source control.
- Backups are written only to encrypted EU-hosted storage — no third-party backup services.
- Outbound network calls are limited to the documented sub-processors; we do not send data to other destinations.
- The retention job runs daily and is monitored — a failure alerts the on-call operator.
- Error reports are scrubbed of message content; only stack traces and request metadata are collected.
Automated decision-making
Lærke is a chat assistant that provides product information, recommendations, and order-status lookups. It does not make decisions that produce legal or similarly significant effects on a shopper. Pricing, fulfilment, refund, and account-status decisions remain entirely with the merchant.
A shopper can opt out at any time by closing the chat window or by contacting the merchant directly through the contact details published on the merchant's store.
Shopper rights (GDPR)
Because the merchant is the data controller, shoppers exercise their rights — access, rectification, deletion, restriction, portability, objection — through the merchant. The merchant uses Shopify's standard customers/data_request and customers/redact flows; Lærke participates in both:
- Access: we package the shopper's conversations and messages into a JSON export and make it available to the merchant.
- Deletion: we delete the shopper's conversations, messages, and stored Customer Account tokens. Corrections referring to the shopper's questions are also removed.
Website analytics
This policy covers the Lærke chat assistant. The Lærke marketing website (laerke.spartahive.com) separately uses Google Analytics to understand how visitors use the site. Analytics cookies load only after you accept the cookie banner — decline, and no analytics cookies are set. This is independent of the chat product, which performs no analytics tracking or profiling of shoppers.
Contact
Privacy questions and DPA requests: laerke@spartahive.com.