Privacy Policy
Last updated: July 6, 2026
This Privacy Policy explains how Arcturus Consulting ("Arcturus", "we", "us") handles information in connection with the AI Parts Finder website at arcturus-consulting.com and the AI Parts Finder application for Shopify (together, the "Services"). We have written it to describe what our software actually does, in plain language.
The short version. The AI Parts Finder app reads a merchant's product catalog and helps their shoppers find the right part using plain-English search. It requests read-only access to products only — it does not access your store's customers, orders, or checkout. To generate answers, a shopper's search text and the store's product information are sent to OpenAI, our AI provider. We do not sell data, we do not run ads, and we do not use your data or your shoppers' data to train AI models.
1. Who we are
Arcturus Consulting is the developer of AI Parts Finder and the data controller for the information described in this policy. We are based in Massachusetts, United States. For any privacy question or request, contact [email protected].
This policy has two parts: A covers this marketing website, and B covers the AI Parts Finder Shopify app that a merchant installs on their store.
2. Part A — The website (arcturus-consulting.com)
If you only browse this website or request a demo, this is the information involved.
Demo requests
When you submit the "Book a demo" form, we collect the details you enter: your name, work email, company, store or website (optional), approximate catalog size, the type of business you are, and any message you add. We use this information solely to respond to your request and follow up about AI Parts Finder. This data is transmitted to and stored in our outreach and CRM provider (Smartlead) so we can manage the conversation. We do not sell it or use it for unrelated purposes. If you would rather not use the form, you can email us directly.
Hosting and analytics
This website is hosted on Cloudflare Pages. Like any web host, Cloudflare processes basic request information (such as IP address and browser type) to serve the site securely and defend against abuse. We use privacy-friendly, cookieless web analytics to understand aggregate traffic. This website does not set advertising or cross-site tracking cookies.
3. Part B — The AI Parts Finder Shopify app
When a merchant installs AI Parts Finder, the app is granted a single, read-only Shopify access scope: read_products. The app does not request or receive access to your customers, orders, checkout, payments, or any write permission. It cannot change anything in your store.
What the app receives and stores
| Data | Source | Stored? | Purpose |
|---|---|---|---|
| Shopper search text (what a visitor types into the search box, up to 1,000 characters), plus short in-session conversation context | The shopper, via the storefront widget | The search text is logged in our database against the store (not against any shopper identity). Conversation context is not stored. | Generate the answer, and let the merchant see recent and total searches in their dashboard |
| Store domain (e.g. yourstore.myshopify.com) | Shopify / the widget | Yes | Attribute searches and settings to the correct store |
| Product catalog (titles, SKUs, prices, availability, descriptions) | The merchant's own Shopify store, read live per search | No — used for the search and then discarded | Give the AI the products it can recommend and link to |
| Install session & access token, and widget settings (title, greeting, custom prompt, plan status) | Shopify OAuth at install; the merchant's settings page | Yes | Authenticate the app to Shopify and configure the widget |
Critically, the app does not store any information that identifies an individual shopper — no name, email, account ID, or IP address is attached to a search. Search text is logged only against the store and is not linked to any shopper identity; it is used for the merchant's own dashboard analytics.
One honest caveat. The search box accepts free text, so a shopper could type personal details (for example an email address or phone number) into it. If they do, that text is stored as part of the search log and sent to OpenAI along with the rest of the query — we do not scan or scrub it. We design the widget for describing parts, and we ask merchants not to use it to solicit personal information. Merchants can ask us to delete their store's search logs at any time (see Retention & deletion).
4. AI processing (OpenAI)
AI Parts Finder produces its answers using OpenAI (the gpt-4o-mini model) as our AI subprocessor. For each search, we send OpenAI the store's relevant product information, a short amount of conversation context, and the shopper's search text. OpenAI processes this to return the answer, which the app then shows to the shopper.
OpenAI states that data submitted through its API is not used to train its models and is retained only transiently for abuse and misuse monitoring before deletion (see OpenAI's API data usage policy). We do not use merchant data or shopper data to train, fine-tune, or improve any AI or machine-learning model, consistent with Shopify's Partner Program Agreement.
5. Where data is stored
The app's database (search logs, store domain, install session, and settings) is hosted in the United States on Render (Oregon region). OpenAI processes AI requests in the United States. If you access the Services from outside the United States, you understand that your information is processed in the United States, where data-protection laws may differ from those in your country. Merchants remain the controller of their store and shopper data and are responsible for the lawful basis for transferring that data to their service providers; Arcturus acts as a processor. If you require a data processing agreement or specific transfer terms, contact us at [email protected].
6. Retention & deletion
- Install session & access tokens are deleted when a merchant uninstalls the app.
- Search logs and store settings are deleted when Shopify sends us a store data-erasure request, which Shopify issues about 48 hours after an app is uninstalled. At that point all of that store's stored data (its search logs and settings) is permanently removed.
- We do not currently apply a fixed automatic expiry to search logs while a store is active. A merchant can request deletion of their store's search logs at any time by emailing us, and we will complete verified deletion requests within 30 days.
Product catalog data is never retained — it is read live for each search and discarded once the answer is produced.
7. Data requests & your rights
Depending on where you live, you may have rights to access, correct, delete, or restrict the use of your personal information, or to object to certain processing. To exercise any right, contact [email protected].
For the Shopify app specifically, we support Shopify's three mandatory data-request webhooks:
- Customer data request and customer redaction: because the app stores no data keyed to an individual shopper's identity, there is no shopper-identified record for us to return or delete for a single customer. Because a store's free-text search box could capture details a shopper chooses to type, a merchant can request deletion of their store's search logs at any time (see Retention & deletion).
- Shop redaction: issued by Shopify about 48 hours after a store uninstalls the app. This permanently deletes all of that store's stored data, including its search logs and settings.
Merchants are the controllers of their own store and customer data; Arcturus processes data only to provide the Services.
8. Security
Data is encrypted in transit (HTTPS/TLS) between shoppers, our servers, Shopify, and OpenAI, and stored data (search logs, settings, and install tokens) is encrypted at rest by our hosting provider. Access to our systems is limited to personnel who need it to operate and support the Services. No method of transmission or storage is perfectly secure, but we work to protect your information using reasonable, industry-standard measures.
9. Children
The Services are business tools intended for merchants and their adult customers. They are not directed to children, and we do not knowingly collect personal information from children.
10. Changes to this policy
We may update this policy as the Services evolve or as laws change. When we do, we will revise the "Last updated" date above. Material changes affecting merchants will be communicated through the app or by email.
11. Contact
Questions or requests about privacy: [email protected]
General support: [email protected]
Arcturus Consulting, Massachusetts, United States.