Privacy Notice
How we handle your data with care and transparency.
Introduction
This Privacy Notice explains how Storita.ai processes personal data when acting as a data controller. It applies to visitors, account holders, and business contacts using the Storita.ai website and services.
Personal Data We Collect
Account & Business Information
- Name
- Email address
- Company name
- Account identifiers
Storita.ai does not store payment card data.
Data Processed on Behalf of Customers
When merchants connect Storita.ai to third-party platforms (e.g. WooCommerce, GA4), Storita.ai processes data under customer instructions, including:
- Order data
- Product data
- Customer names and emails
- IP addresses
- Behavioral analytics
Storita.ai does not knowingly process children’s data.
Technical & Usage Data
- IP addresses
- API request metadata
- Error and performance logs
- Usage analytics per user and tenant
Logs may contain limited personal data and are retained for operational and security purposes only.
How We Use Personal Data
Personal data is used to:
- Provide and operate the Storita.ai service
- Authenticate users and manage accounts
- Generate analytics and AI-driven insights
- Maintain platform security and reliability
- Comply with legal obligations
AI Processing
AI-powered analysis is an essential feature of Storita.ai.
- Customer data, including data obtained via Google APIs (such as Gmail, Google Drive, and Google Sheets), is shared with the following third-party AI providers for processing: Anthropic, OpenAI, and Google Gemini
- These providers' commercial API terms prohibit using customer API data to train or improve their generalized AI models. Storita.ai has not opted in to any such training programs
- Prompts and responses are stored for functionality and observability
- Customer data is not used to train foundation AI models
Users cannot opt out of AI processing while continuing to use the service.
Legal Bases for Processing
Processing is based on:
- Contractual necessity
- Legitimate interests (service improvement and security)
- Legal obligations
Data Sharing
Data may be shared with trusted subprocessors strictly for service delivery purposes. Storita.ai does not sell personal data.
Data Security
Storita.ai implements the following measures to protect personal and sensitive data:
- Encryption in transit: All data transmitted between users, the Storita.ai platform, and third-party services is encrypted using TLS.
- Access controls: Access to production infrastructure is restricted to authorized personnel using SSH key authentication.
- Infrastructure isolation: Each customer's data is logically isolated using tenant-scoped database queries. No cross-tenant data access is possible.
- Third-party AI processing: Store data is sent to Anthropic, OpenAI, and Google Gemini for AI-powered analysis. All transmissions use encrypted channels. Customer data is not used to train AI models, per the commercial API terms of each provider.
- Sub-processor standards: All sub-processors involved in service delivery are required to maintain appropriate data protection standards.
Subprocessors
Storita.ai relies on the following third-party subprocessors to deliver its services:
- Anthropic — AI model provider
- OpenAI — AI model provider
- Google — AI model provider (Gemini)
Self-hosted open-source tools are used for observability and do not transmit data to third parties.
Data Retention
- Account and store data is retained until deletion by the user
- Logs are retained on a rolling basis
- Backups are retained for up to 30 days
Your Rights
Depending on your jurisdiction, you may have the right to:
- Access your data
- Request correction or deletion
- Object to processing
Requests can be submitted to: [email protected]
Storita.ai responds within 30 days.
International Transfers
Where applicable, data transfers outside your jurisdiction are governed by Standard Contractual Clauses (SCCs).
Contact
For privacy-related inquiries:
[email protected]