Lærke is an AI chat assistant embedded on Shopify storefronts. This page describes what data we process when a shopper uses the chat, how long we keep it, how it is protected, and what choices shoppers and merchants have. Lærke is operated by Spartahive.
The Shopify merchant who installs Lærke is the data controller for shopper interactions on their store. Spartahive acts as a data processor on the merchant's behalf, under a Data Processing Agreement that is part of the app's terms of service.
| Category | Examples | Source |
|---|---|---|
| Chat content | Messages the shopper sends and replies the assistant returns. | Direct from the shopper through the chat widget. |
| Conversation identifier | A random identifier generated in the browser so a returning shopper resumes the same thread. | Generated locally; stored in the shopper's browser. |
| Customer identifier & order data | The shopper's Shopify customer ID, order numbers and order status — fetched on demand only after the shopper explicitly authenticates through Shopify. | Shopify, with the shopper's consent. |
| Public catalog data | Product listings, descriptions, shop policies. | The merchant's public Shopify storefront. |
| Operational metadata | Timestamps, usage counts, error events. | Generated by Lærke itself. |
| Order outcome data | When an order is placed: the order identifier, total, currency, item count, financial status, and whether it contained a product the assistant recommended. No customer name, email, address, or payment details are stored. | Shopify, via the order webhook. |
We do not collect IP addresses for the chat, fingerprint devices, profile shoppers across sessions, or sell data to third parties.
To measure whether the assistant contributed to a sale, Lærke stores its
conversation identifier as a hidden cart attribute
(_laerke_conversation) so an order can be linked back to the
chat session that influenced it. This identifier is random and not
personally identifying.
We engage a small number of carefully chosen sub-processors to operate Lærke. Categories below; the current named list is available on request as part of the Data Processing Agreement.
| Category | Purpose | Region |
|---|---|---|
| AI language model | Generates chat replies. Our provider does not train on data we send via the API. | USA / EU |
| Embedding service | Helps the assistant retrieve relevant admin corrections when answering similar questions. | USA |
| Shopify International Ltd. | App platform, product and order data APIs. | EU / global |
| EU hosting provider | Server hosting and encrypted block storage. All Lærke servers run in the EU. | EU |
| Error monitoring service | Server-side error reports (stack traces and request metadata only — never chat content). | USA |
| Data | Retention |
|---|---|
| Chat conversations & messages | 90 days from last activity, then automatically deleted by a daily retention job. |
| Admin corrections (training data) | Kept for as long as the merchant has Lærke installed. Corrections contain the admin's preferred answer plus a snapshot of the shopper's question text — not the rest of the conversation. Deleted on uninstall. |
| Customer Account OAuth tokens | Until the token expires (typically minutes to hours) or the customer is redacted, whichever comes first. |
| Merchant configuration | Until the app is uninstalled, then 48 hours, then permanently
deleted on Shopify's shop/redact webhook. |
| GDPR data exports | 30 days after the export has been delivered to the controller. |
| Order outcome data | About 13 months from the order date, then automatically deleted by the daily retention job. |
All network traffic between the shopper, the merchant's storefront, the Lærke server, and our sub-processors is encrypted with TLS 1.2 or higher (Let's Encrypt certificates, HSTS preloaded).
Lærke's database lives on EU-hosted encrypted storage. Database files are not accessible outside the application and are protected by industry-standard disk-level encryption.
Backups are taken nightly to EU-hosted encrypted storage. They inherit the encryption of the source volume and are retained for 7 days before rotation. Restoration is permitted only to authorized Spartahive operators.
Production access is limited to named Spartahive staff, authenticated with cryptographic keys (no passwords). Access is logged. Internal administrative endpoints are protected by a bearer token that is rotated on personnel changes.
Lærke is a chat assistant that provides product information, recommendations, and order-status lookups. It does not make decisions that produce legal or similarly significant effects on a shopper. Pricing, fulfilment, refund, and account-status decisions remain entirely with the merchant.
A shopper can opt out at any time by closing the chat window or by contacting the merchant directly through the contact details published on the merchant's store.
Because the merchant is the data controller, shoppers exercise their
rights — access, rectification, deletion, restriction, portability,
objection — through the merchant. The merchant uses Shopify's standard
customers/data_request and customers/redact
flows; Lærke participates in both:
This policy covers the Lærke chat assistant. The Lærke marketing website (laerke.spartahive.com) separately uses Google Analytics to understand how visitors use the site. Analytics cookies load only after you accept the cookie banner — decline, and no analytics cookies are set. This is independent of the chat product, which performs no analytics tracking or profiling of shoppers.
Privacy questions and DPA requests: laerke@spartahive.com.
Lærke · Terms of Service · Support
We use Google Analytics to understand how visitors use this site. Analytics cookies are set only if you accept. See our privacy policy.