← Back to Home

Privacy Policy

Last Updated: November 2025

1. Introduction

Codename: LISA ("we," "our," or "us") operates an AI-powered shopping assistant service for e-commerce stores. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you:

• Visit our website at codenamelisa.com
• Use our AI shopping assistant service
• Interact with LISA on merchant websites that have installed our service
• Contact us for support or inquiries

2. Information We Collect

2.1 Information You Provide Directly

• Contact Information: Name, email address, phone number when you contact us or request a demo
• Account Information: Business name, store URL, payment information (processed securely through third-party payment processors)
• Communication Data: Messages, questions, and feedback you provide through our contact forms or support channels

2.2 Information Collected Automatically

• Usage Data: How you interact with LISA, including conversation logs, product queries, and preferences
• Device Information: IP address, browser type, device type, operating system
• Analytics Data: Pages visited, time spent, clicks, and navigation patterns (via Google Analytics and Microsoft Clarity)
• Cookies and Tracking Technologies: See our Cookie Policy for detailed information

2.3 Information from Third Parties

• Shopify Store Data: Product catalogs, inventory, pricing, store policies (when merchants install LISA)
• Customer Shopping Data: Browsing patterns, cart contents, purchase history (to provide personalized recommendations)

3. How We Use Your Information

We use collected information for the following purposes:

3.1 Service Delivery

• Operating and maintaining LISA's AI shopping assistant functionality
• Learning customer preferences to provide personalized product recommendations
• Processing transactions and managing subscriptions
• Providing customer support and responding to inquiries

3.2 Service Improvement

• Training and improving LISA's AI models and natural language understanding
• Analyzing usage patterns to enhance service performance
• Developing new features and capabilities
• Conducting research and testing

3.3 Communication

• Sending service updates, technical notices, and security alerts
• Responding to customer support requests
• Sending marketing communications (with your consent, where required)

3.4 Legal and Security

• Complying with legal obligations and responding to lawful requests
• Protecting against fraud, abuse, and security threats
• Enforcing our Terms of Service and other agreements

4. How We Share Your Information

We do not sell or rent your personal information. We may share information in the following circumstances:

4.1 With Merchants

When you interact with LISA on a merchant's store, we share relevant conversation data and shopping preferences with that merchant to facilitate your purchase and improve their service.

4.2 Service Providers

We work with trusted third-party service providers who assist us in operating our service:

• Hosting Services: Railway (infrastructure hosting)
• Email Services: SendGrid (transactional emails)
• Analytics: Google Analytics, Microsoft Clarity
• Payment Processing: Secure third-party payment processors (we do not store payment card details)

4.3 Legal Requirements

We may disclose information if required by law, court order, or governmental request, or to protect our rights, property, or safety.

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

5. Data Retention

We retain your information for as long as necessary to:

• Provide our services and fulfill transactions
• Comply with legal obligations (e.g., tax records, transaction history)
• Resolve disputes and enforce agreements
• Improve LISA's AI capabilities (anonymized and aggregated data)

Conversation logs and shopping preferences are typically retained for 24 months unless you request deletion. Account information is retained for the duration of your subscription plus 7 years for legal compliance.

6. Your Privacy Rights

6.1 General Rights (All Users)

• Access: Request a copy of your personal data
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your personal data (subject to legal retention requirements)
• Opt-Out: Unsubscribe from marketing communications

6.2 GDPR Rights (EU/UK Users)

If you're located in the European Union or United Kingdom, you have additional rights under GDPR:

• Right to Portability: Receive your data in a structured, machine-readable format
• Right to Restriction: Restrict processing of your personal data
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time (where processing is based on consent)
• Right to Lodge a Complaint: File a complaint with your local data protection authority

6.3 CCPA Rights (California Users)

California residents have additional rights under the California Consumer Privacy Act:

• Know what personal information is collected, used, shared, or sold
• Delete personal information (subject to exceptions)
• Opt-out of the sale of personal information (we do not sell personal information)
• Non-discrimination for exercising CCPA rights

6.4 Canadian Privacy Rights (PIPEDA)

Canadian users have rights under the Personal Information Protection and Electronic Documents Act (PIPEDA):

• Right to access personal information held by us
• Right to challenge the accuracy and completeness of information
• Right to withdraw consent (subject to legal restrictions)
• Right to file a complaint with the Privacy Commissioner of Canada

6.5 Australian Privacy Rights

Australian users have rights under the Privacy Act 1988:

• Right to access and correct personal information
• Right to complain to the Office of the Australian Information Commissioner

7. Data Security

We implement robust security measures to protect your information:

• Encryption: Data encrypted in transit (TLS/SSL) and at rest
• Access Controls: Strict access limitations to personal data
• Regular Audits: Security assessments and vulnerability testing
• Secure Infrastructure: Industry-standard hosting with Railway
• Employee Training: Staff trained on data protection best practices

However, no method of transmission over the internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

8. International Data Transfers

LISA operates globally and serves customers in the United States, United Kingdom, Canada, Australia, and European Union. Your information may be transferred to and processed in countries other than your own.

For EU/UK users, we ensure adequate protection through:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions where applicable
• Additional safeguards to protect your rights

9. Children's Privacy

LISA is not intended for users under 16 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child under 16, we will take steps to delete it promptly.

10. Third-Party Links

Our website and service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any information.

11. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify you of material changes by:

• Posting the updated policy on our website with a new "Last Updated" date
• Sending email notifications to registered users (for significant changes)
• Displaying prominent notices on our service

Continued use of LISA after changes become effective constitutes acceptance of the updated policy.

12. Contact Us

13. Regional Contacts

EU Representative: For GDPR-related matters, EU users may contact our designated representative (details to be provided upon request).

UK Representative: For UK GDPR matters, UK users may contact our UK representative (details to be provided upon request).

← Return to LISA Homepage