Privacy

Privacy policy for merchants, teams, and store visitors.

Nimora processes analytics, SEO, creative, and publishing workflows for Shopify merchants. This policy explains what we collect, why we collect it, and how we protect it.

Last updated: April 21, 2026

1. Introduction

Nimora operates as a Shopify application and related website services. This Privacy Policy explains how we collect, use, disclose, and protect information when merchants install or use Nimora.

2. Information We Collect

Store information

When a merchant installs Nimora, we collect and store:

  • Shopify store domain and related shop identifiers
  • Encrypted Shopify access tokens
  • Store owner contact details provided by Shopify
  • Plan, billing, and credit usage information

Behavior and analytics data

For merchants using analytics features, we process event and behavior data such as:

  • Page views, clicks, scroll depth, and session duration
  • Session replay event streams
  • Device type, browser family, screen size, and coarse location data
  • Campaign and referral attributes when available

Nimora is designed to avoid collecting customer names, customer emails, or payment card details through analytics tracking.

Generated assets and content

Product photos, videos, blog drafts, SEO suggestions, and related prompts generated in Nimora are stored against the merchant account so the merchant can review, publish, and manage them.

3. How We Use Data

  • To authenticate stores and maintain the Nimora service
  • To provide analytics, SEO, content, and creative workflows
  • To process subscriptions through Shopify Billing
  • To save generated assets and send approved output back to Shopify
  • To improve product performance, reliability, and support quality
  • To meet Shopify platform and legal compliance obligations

4. Data Retention

We retain merchant data while the merchant maintains an active Nimora account. Analytics retention depends on plan level:

  • Free: 30 days of analytics retention
  • Pro: 90 days of analytics retention
  • Business: 180 days of analytics retention
  • Rockstar: 365 days of analytics retention

Generated media may be retained for up to 365 days unless deleted earlier. When the app is uninstalled, merchant data is queued for deletion in accordance with Shopify platform requirements and our internal retention schedule.

5. Security

  • Encrypted storage for Shopify access tokens
  • HTTPS and TLS for data in transit
  • Database access controls and row-level protections where applicable
  • Webhook signature verification for Shopify webhooks
  • Access controls on internal systems and operational tooling

6. Third-Party Services

Nimora relies on service providers to operate key product workflows, including:

  • Supabase for database and operational data storage
  • Cloudflare R2 for generated media storage
  • OpenAI, Google, and DeepSeek for AI-assisted generation features
  • Shopify Billing for subscription processing
  • Vercel and supporting infrastructure services for hosting and delivery

7. GDPR and CCPA Rights

If you are entitled to privacy rights under applicable law, you may request access, correction, deletion, restriction, or portability of relevant personal data. We also support Shopify's mandatory privacy workflows for merchants and customers.

Contact privacy@nimora.us to submit a request.

8. Shopify Mandatory Webhooks

Nimora processes Shopify privacy webhooks required for public app compliance, including:

  • customers/data_request
  • customers/redact
  • shop/redact

9. Cookies

Nimora uses secure cookies and related browser storage to maintain merchant sessions and operate the app experience. We do not sell merchant or visitor data and we do not use consumer ad-tech tracking cookies on the marketing site.

10. Contact

Privacy questions and data requests can be sent to privacy@nimora.us.