Privacy Policy - Lasso App

Last updated: May 2026

1. Introduction

Lasso App ("we," "our," or "us") is a Shopify application that provides conversational store management capabilities. This Privacy Policy explains how we collect, use, and protect your information when you use our app.

2. Information We Collect

2.1 Shopify Store Data

When you install our app, we access and process the following data from your Shopify store:

  • Products: Product titles, descriptions, prices, inventory levels, variants, images, and metadata
  • Collections: Collection names, descriptions, and product associations
  • Metafields: Custom metafield data associated with products
  • Shop Information: Store name, domain, and basic configuration

2.2 Chat and Usage Data

  • Chat Messages: Conversations you have with our AI assistant
  • Project Data: Product management projects and pending updates you create
  • Usage Analytics: How you interact with the app (anonymized)
  • Session Data: Authentication and session management information

3. How We Use Your Information

We use your information solely to provide and improve our service:

  • Process your conversational requests to manage your store
  • Execute product updates, inventory changes, and other store operations
  • Maintain project history and pending updates
  • Provide customer support and troubleshooting
  • Review chat interactions internally to debug issues, identify feature gaps, and improve the Lasso product. Authorized DataWranglers staff may access stored chat transcripts for this purpose; obvious personal identifiers (email addresses, phone numbers) are masked in our admin viewing tools. Merchants can disable this access at any time from the Lasso Settings page ("Help improve Lasso by allowing chat review" toggle); when disabled, your shop is excluded from every admin chat-viewing tool. We do NOT use chat transcripts to train any AI model, and if we ever wanted to we would require explicit, opt-in consent from the merchant
  • Generate AI-assisted content on your behalf — SEO meta titles and descriptions, image alt text, and Shopify Standard Product Taxonomy category suggestions — using Anthropic's Claude API. Lasso does not train its own AI models, and Anthropic does not train on our API inputs
  • Comply with legal obligations and Shopify's requirements

4. Data Sharing and Third Parties

We do not sell, trade, or rent your personal information. We may share data only in these limited circumstances:

Anthropic (Claude) Processing

Chat messages, product management commands, and product catalog data (titles, descriptions, vendors, types, tags, and product image URLs) are processed by Anthropic's Claude API to understand your natural language requests and generate AI-assisted content such as SEO meta titles, SEO meta descriptions, image alt text, and product taxonomy suggestions. Image alt-text generation uses Claude's vision capabilities, which means product image URLs are sent to Anthropic so Claude can describe what each image shows. This data is subject to Anthropic's privacy policy and Commercial Terms. We implement the following safeguards:

  • Usage limits enforced per plan to prevent abuse
  • We send only the specific chat message content, relevant product catalog data, and product image URLs needed for the requested feature
  • We use Claude for natural language understanding, agentic tool execution, and AI-assisted content generation (SEO meta fields, image alt text, category suggestions)
  • No personal customer data or order information is included in AI requests. Product images are merchant catalog content already displayed publicly on the storefront — they are not customer or personal data
  • Per Anthropic's Commercial Terms, API inputs and outputs are not used to train Anthropic's models. Anthropic retains API data only for short periods needed for abuse monitoring and service operation

Sentry (Error Monitoring)

We use Sentry (Functional Software, Inc.) to capture application error reports and diagnostic information when something goes wrong inside the app. This helps us identify and fix bugs quickly. Sentry receives:

  • Error messages and stack traces from server-side and client-side exceptions
  • The URL of the page where the error occurred (which contains your Shopify store domain)
  • HTTP status codes, environment tag (production / dev), and the app release version

We do NOT ship the following to Sentry:

  • Cookies, IP addresses, request bodies, or request headers (disabled by default via the SDK's sendDefaultPii: false setting)
  • Customer emails, phone numbers, or Shopify customer IDs. These are scrubbed from error payloads before transmission via an additional filtering pass on top of Sentry's defaults.
  • Shopify: As required for app functionality within Shopify's ecosystem
  • Service Providers: Trusted third-party services that help us operate the app (under strict confidentiality agreements)
  • Legal Requirements: When required by law or to protect our rights

5. Cookie Policy

We use cookies and similar technologies to enhance your experience with our app:

  • Essential Cookies: Required for authentication and session management
  • Analytics Cookies: Help us understand how you use the app (anonymized)
  • Preference Cookies: Remember your settings and preferences

You can control cookie preferences through your browser settings, though disabling essential cookies may affect app functionality.

6. Data Security

We implement industry-standard security measures:

  • Encrypted data transmission (HTTPS/TLS)
  • Secure database storage with access controls
  • Regular security audits and updates
  • Limited employee access on a need-to-know basis

7. Data Retention

We retain your data only as long as necessary:

  • Store Data: While the app is installed. All projects, pending changes, apply history, chat messages, and session records are deleted immediately upon uninstall via Shopify's app/uninstalled webhook — no 30-day retention window.
  • Chat Messages: Individual chat messages older than 90 days are automatically deleted by a daily background job, even while the app is still installed. This caps the window in which any conversational data is retained for support and product- improvement review.
  • Chat History: For 12 months or until you request deletion
  • Compliance Logs: As required by law (typically 7 years)

8. Your Rights & Data Deletion Process

You have the right to:

  • Access: Request a copy of your data we hold
  • Rectification: Correct inaccurate information
  • Erasure: Request deletion of your data (subject to legal requirements)
  • Portability: Receive your data in a machine-readable format
  • Objection: Object to certain types of data processing

Data Deletion Process

To request deletion of your data, you can:

  1. 1.Uninstall the Lasso app from your Shopify store — all store data is deleted immediately
  2. 2.Contact us at support@lassoyourdata.com for immediate deletion
  3. 3.Use the data deletion feature within the Lasso app settings

We will confirm your deletion request within 48 hours and complete the process within 30 days.

Note on error monitoring data: Error events captured by Sentry are scrubbed of personally-identifying data before transmission, but any residual diagnostic events referencing your shop will age out of Sentry within 30 days per Sentry's default retention policy.

9. GDPR Compliance

For users in the European Union, we comply with GDPR requirements:

  • Lawful basis for processing: Legitimate interest and contract performance
  • Automated data subject request handling: Streamlined process for your rights
  • Right to be forgotten implementation: Complete data erasure upon request
  • Data protection impact assessments: Regular privacy risk evaluations

10. Contact Us

For questions about this Privacy Policy or to exercise your rights, contact us:

Email
support@lassoyourdata.com
Support
Via the Lasso App support channel in your Shopify admin
Company
Lasso
AI-Powered Shopify Management

11. Children's Privacy

Our app is not intended for users under 16. We do not knowingly collect personal information from children under 16.

12. International Data Transfers

Your data may be transferred to and processed in countries outside your jurisdiction. We ensure appropriate safeguards are in place for such transfers.

13. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes via email or through the app interface.

14. Shopify-Specific Information

This app operates within Shopify's ecosystem and is subject to Shopify's Privacy Policy. We comply with Shopify's App Store requirements and data handling guidelines.

Cart

Your cart is empty

Add some items to get started