Privacy Policy

Last updated: June 2, 2026

This Privacy Policy explains how Voice Nimble ("Voice Nimble", "we", "us") collects, uses, shares, and protects information in connection with the Voice Nimble application (the "App") for Shopify. Voice Nimble provides an AI-powered voice agent that places and answers phone calls on behalf of a Shopify merchant ("Merchant", "you"). By installing or using the App, you agree to this Policy.

1. Who is responsible for your data

For data the App processes about a Merchant's own end customers, the Merchant is the data controller and Voice Nimble acts as a data processor, processing that data only to provide the App's functionality and on the Merchant's instructions. For Merchant account information, Voice Nimble is the controller.

2. Information we collect

2.1 Collected when you install the App

When you install Voice Nimble on your Shopify store, we collect the following information from Shopify through the secure OAuth installation flow, so the App can connect to your store:

Store name — your shop's display name;
Store email — the primary contact email address on your Shopify account;
Store URL / domain — your .myshopify.com domain (and custom domain, if configured);
Shop ID — Shopify's unique numeric identifier for your store;
Access scopes — the permissions you grant on install: read_products, read_orders, read_customers;
Access token — the Shopify Admin API token issued to the App at install. It is stored encrypted at rest (AES-256-GCM) and used only to call the Shopify Admin API on your behalf;
Online store product data — your product catalog (and, via the scopes above, order and customer contact details) read through the Shopify Admin API to personalize and place calls.

2.2 Collected while you use the App

Category	Examples	Source
Online store data	Products, orders, and customer contact details (name, phone, email) accessed via the `read_products`, `read_orders`, and `read_customers` scopes.	Shopify Admin API (with your authorization)
Call data	Caller and called phone numbers, call timestamps and duration, call status, AI/caller transcripts, and — only when you connect your own cloud storage and enable it — call recordings.	Generated when the AI agent places or answers a call
Account & billing data	Subscription plan, status, and usage (minutes used). Payment itself is handled by Shopify; we do not receive or store card details.	You / Shopify Billing
Configuration	Agent settings, greetings, templates, knowledge base, phone/SIP connection details, and (encrypted) credentials for any cloud storage bucket you connect.	You

2.3 How it is stored

All data is transmitted over TLS/HTTPS and stored on access-controlled cloud infrastructure. Secrets — your Shopify access token and any cloud-storage credentials you provide — are additionally encrypted at rest with AES-256-GCM. We practice data minimization: we request only the data the App needs to function, and we process customer personal data solely to deliver the calling features you configure.

3. How we use information

To place and answer phone calls through your configured telephony connection;
To personalize calls (e.g. greeting a customer by name or referencing an order);
To transcribe calls and, where enabled, record them to your storage bucket;
To show call history, transcripts, and analytics in the App;
To operate, secure, support, and improve the App and enforce our Terms.

We do not sell personal information.

4. Subprocessors

To deliver the service we share the minimum necessary data with the following categories of service providers, each bound to process it only on our behalf:

Telephony / call routing — to connect calls and stream audio;
Speech-to-text (e.g. Google Cloud, Microsoft Azure) — to transcribe speech;
Text-to-speech (e.g. Google, Microsoft, ElevenLabs, OpenAI) — to generate the agent's voice;
AI language model (Anthropic Claude) — to understand and respond during calls;
Cloud hosting & database — to run the App and store configuration and call metadata;
Your own cloud storage (Amazon S3, DigitalOcean Spaces, or Google Cloud Storage) — call recordings are written to the bucket you connect and remain under your control.

5. Call recording & consent

Call recording is optional and is only active when a Merchant connects their own storage and enables it. Recording and the monitoring of phone calls are regulated by law in many jurisdictions. The Merchant is responsible for providing any legally required notice to, or obtaining consent from, call participants. The App can play a recording-disclosure message at the start of calls to assist with this.

6. Data retention

Call metadata and transcripts are retained for as long as your account is active or as needed to provide the service. Recordings are retained in your storage bucket according to your settings and plan, after which they are deleted. We delete or de-identify personal data on account uninstall and in response to the deletion requests described below.

7. Your rights & Shopify compliance requests

Voice Nimble honors Shopify's mandatory privacy webhooks. When a store owner or customer exercises their rights through Shopify, we respond accordingly:

customers/data_request — we make available the customer data the App holds;
customers/redact — we delete the identified customer's personal data, including related call records, transcripts, and recordings;
shop/redact — 48 hours after uninstall we erase all data associated with the shop.

Depending on your location, you (or your customers, via you) may have rights to access, correct, delete, or restrict processing of personal data. Contact us at the address below to exercise them.

8. Security

Data is encrypted in transit using TLS. Sensitive secrets — including Shopify access tokens and any cloud-storage credentials you provide — are encrypted at rest using AES-256-GCM. Access to production data is restricted to authorized personnel.

9. International transfers

Data may be processed in countries other than where you or your customers are located. Where required, we rely on appropriate safeguards for such transfers.

10. Changes to this Policy

We may update this Policy from time to time. Material changes will be reflected by updating the "Last updated" date above and, where appropriate, by notice within the App.

11. Contact us

Questions or requests regarding this Policy or your data can be sent to support@voicenimble.com.