Privacy Policy — Boon ‑ AI Upsell & Cross‑Sell

Effective date: 1 July 2026
Last updated: 1 July 2026

silverspark.ai (“we”, “us”, “Boon”) operates the Shopify app Boon ‑ AI Upsell & Cross‑Sell. This policy explains how we collect, use, store, and delete personal data when merchants install our app and when their customers interact with Boon-powered storefront features.

We process personal data as a service provider / processor on behalf of Shopify merchants. Merchants are responsible for their own storefront privacy notices and for lawful bases to use Boon. If you are a merchant, contact us using the details in §12. If you are a customer of a merchant, contact the merchant first; merchants can invoke Shopify's customer privacy tools, which trigger the workflows described in §8.

1. Scope

This policy applies to the Boon embedded admin app and background jobs hosted on our infrastructure; theme app extension and app proxy endpoints on merchant storefronts (/apps/boon/*); and data we receive from Shopify APIs and webhooks.

This policy does not govern Shopify's own services or third-party themes.

2. Information we collect

2.1 From merchants (via Shopify) — When you install Boon, Shopify shares data needed to authenticate and operate the app, including: shop name and domain; OAuth access tokens and related session metadata; staff user identifiers and, where provided by Shopify, staff name and email for admin sessions; product, variant, inventory, discount, and order data accessible via the permissions you approve; and webhook payloads for topics we subscribe to (including paid orders/create, products/update, inventory_levels/update, and mandatory compliance topics). We use Admin API data to sync catalog state, generate upsell offers, apply checkout discounts, attribute orders, and show analytics in the admin.

2.1a Subscription billing — Boon is a paid app billed through Shopify App Pricing. We do not collect or store merchant payment card details. Shopify processes subscription charges and shares subscription status with us (for example active plan, trial end date, and cancellation state) so we can grant or revoke access to paid features. Manage or cancel your plan in Shopify admin under Apps → Boon.

2.2 From merchants' customers (storefront) — Boon does not intentionally collect customer names, email addresses, phone numbers, or shipping addresses in our database. When shoppers use the Boon cart drawer or related storefront features, we may process: a pseudonymous session identifier generated in the browser for that visit (for example upsell-<random-uuid>); shopping interaction events (such as drawer opens, offer impressions, variant picks, upsell adds, progress-bar milestones); product and variant identifiers, cart subtotals, currency codes, and discount metadata tied to those events; and technical data necessary to secure requests (for example HMAC-signed tokens, timestamps, and anti-replay nonces). Our theme extension may use first-party browser storage (sessionStorage / localStorage) for functional caching. We do not use third-party advertising cookies or cross-site tracking pixels.

2.3 Information we do not sell — We do not sell personal data. We do not use merchant customer data for unrelated advertising profiles.

3. How we use information

We use collected information only to: provide, secure, and improve Boon (upsell offers, cart drawer, checkout discounts, progress bar, analytics); operate automation, catalog sync, and AI-assisted merchandising features on product catalog text (not shopper identity); attribute completed orders to Boon sessions for merchant reporting; comply with law and Shopify mandatory webhooks; and respond to merchant support requests.

We do not use shopper data for purposes unrelated to these features.

4. AI and automated processing

Boon may send product catalog fields (such as titles, descriptions, tags, and variant names) to Microsoft Azure OpenAI to classify products and generate upsell pairings or marketing copy. We do not send customer names, emails, or addresses to the model. Outputs are used only to configure offers for the installing merchant's store.

6. Storage, location, and subprocessors

ProviderServiceRegion
Microsoft AzureApp Service, PostgreSQLCentral India
Microsoft Azure OpenAIModel inferenceSouth India (APAC)
ShopifyPlatform, OAuth, APIs, webhooksPer Shopify

Primary hosting uses Microsoft Azure App Service and PostgreSQL in Central India, and Microsoft Azure OpenAI in South India (may change within Azure India/APAC). Shopify provides the platform, OAuth, APIs, and webhooks. We may use additional subprocessors for infrastructure operations (monitoring, email support). International transfers may occur where our subprocessors operate; where required, we rely on appropriate safeguards offered by subprocessors.

7. Retention

DataTypical retention
Merchant shop data (settings, catalog copies, offers, analytics)While the app is installed; deleted after uninstall / shop/redact (see §8)
Order attribution and storefront events linked to a customer's ordersUntil customers/redact for those orders, or shop deletion
Anti-replay noncesAbout 10 minutes
Database backups (Azure PostgreSQL)Up to 14 days (automated backups)
Application logs (including GDPR export entries)Up to 30 days, per Azure configuration

We may retain minimal records longer where required by law or to resolve disputes.

8. Customer privacy rights (Shopify compliance webhooks)

Data access (customers/data_request): When Shopify sends a customer data request, we gather Boon-held records tied to the orders Shopify specifies (order attribution, processed-order markers, and correlated storefront events). We write a structured export to our secure application logs (searchable by scope gdpr.dataRequest.export and Shopify's data_request_id). We do not email exports directly to end customers.

How merchants obtain a copy: Contact Boon at info@silverspark.ai with the Shopify data request ID (data_request_id). We will retrieve the matching export from our logs and provide it to the store owner within 30 days.

Erasure (customers/redact): We delete order attribution, processed-order records, and correlated storefront events for the orders Shopify specifies.

Shop deletion (shop/redact / uninstall): After uninstall (and per Shopify's shop/redact timing), we delete merchant data associated with that shop from our systems, including OAuth sessions and shop-scoped database rows.

9. Security

We use industry-standard measures including TLS in transit, access controls on production systems, secrets rotation for signing keys, and least-privilege API scopes. No method of transmission or storage is 100% secure; contact us if you believe an account has been compromised.

10. Children

Boon is not directed to children. Merchants must not use Boon to knowingly collect data from children in violation of applicable law.

11. Changes

We may update this policy. We will post the new version at this URL and update the Last updated date. Material changes may be communicated through the app or email where appropriate.

12. Contact

silverspark.ai

Near Kopar Station, RajajiPath Bingoprabhat 2, Dombivali, Kalyan, Thane 421201, Maharashtra, India

Email: info@silverspark.ai

Privacy inquiries: info@silverspark.ai