AgentReady

Effective April 30, 2026

AgentReady Privacy Policy

AgentReady ("the App") provides Schema.org JSON-LD generation, AI-agent-readable structured data injection, and an LLMs.txt service ("the Service") to merchants who use Shopify to power their stores. This Privacy Policy describes how personal information is collected, used, and shared when you install or use the App in connection with your Shopify-supported store.

Personal Information the App Collects

When you install the App, we are automatically able to access certain types of information from your Shopify account, scoped to what the App needs to do its job:

  • Products (read_products, write_products) — to read your product catalog and write product-level metafields containing the AgentReady JSON your storefront serves.
  • Content (read_content, write_content) — to read your blog posts, articles, and pages, and to write metafields on those resources.
  • Online Store Pages (read_online_store_pages, write_online_store_pages) — to read pages via the dedicated Online Store Pages GraphQL API and write FAQ structured-data metafields.
  • Online Store Navigation (read_online_store_navigation, write_online_store_navigation) — to read your store's primary navigation so we can emit accurate BreadcrumbList JSON-LD.
  • Themes (read_themes) — to verify whether you've enabled our theme app embed (which injects the JSON-LD into your storefront) so we can guide you through the setup if it's off.
  • Legal Policies (read_legal_policies) — to read your store's refund, shipping, privacy, and terms-of-service policy URLs so we can reference them correctly in your storefront's structured data. We never modify these.

Additionally, we collect the following types of personal information from you and/or your customers once you have installed the App:

  • Information about you and others who may access the App on behalf of your store, such as your name, email address, hashed password (if you signed up with email), and an optional Google account identifier (if you signed in with Google). We never store the raw password — only a one-way bcrypt hash used to verify future logins.
  • Store metadata, including your shop's myshopify domain, primary domain, currency, and locale — read once on install and refreshed when you trigger a sync.
  • Sync history and audit results: timestamps of background jobs we ran for your store, the count and status of products / pages / collections we processed, and the readiness scores we computed against your store's structured data. Job history is retained while you use the App and is deleted when you uninstall.
  • AI usage counters: a per-store, per-month integer count of the AI extraction operations you've used (e.g. FAQ generation, recipe extraction). We do not log the AI prompts or responses themselves beyond the cache described below.
  • AI cache: when you use an AI feature, we hash the input content (e.g. the page body we send to an AI provider for FAQ extraction) and store the AI's response keyed by that hash. This avoids re-sending the same content for the same query and lowers your AI quota usage. The cache stores no personally identifying customer information; it stores merchant-facing content (page text, policy text) that is already publicly visible on your storefront.

We collect personal information directly from you, through your Shopify account, or using the following technologies:

  • "Cookies" — we use a single first-party session cookie (better-auth.session) to keep you signed in to the AgentReady dashboard at app.caffeinecommerce.com. We do not use third-party advertising cookies or cross-site tracking technologies. For more information about cookies, and how to disable them, visit allaboutcookies.org.
  • "Log files" — our hosting provider records standard server logs including IP address, browser type, request paths, and timestamps. These logs are used for security, abuse prevention, and operational debugging, and are retained for up to 30 days unless required for legal compliance.

We do not use web beacons, tracking pixels, advertising tags, or third-party analytics scripts on the merchant-facing surfaces of the App.

How Do We Use Your Personal Information?

We use the personal information we collect from you and your store in order to provide the Service and to operate the App. Specifically, we use this personal information to:

  • Authenticate you when you sign in to the AgentReady dashboard.
  • Read product, page, collection, blog post, and policy data from your Shopify store, generate Schema.org JSON-LD and AI-agent-readable JSON, and write that data back to your store's metafields so it appears on your storefront.
  • Send you transactional email about your account, billing, and the App's status (e.g. "first sync complete", "plan upgraded").
  • Aggregate anonymized operational metrics (job durations, error rates, cache hit rates) to monitor and improve the App's reliability.
  • Comply with our legal obligations and enforce our Terms of Service.

We do not use your personal information for advertising, behavioral targeting, or to train any machine-learning model. Your data is used to power the App you installed, and nothing else.

Sharing Your Personal Information

We share your personal information only with the third-party service providers we rely on to operate the App. Each provider has access only to the data they need to perform their function, and is contractually obligated to keep it confidential:

  • Shopify (the platform you installed the App from) — receives the API requests we make to read your store data and write metafields. Shopify's privacy practices are described at shopify.com/legal/privacy.
  • Vercel (United States) — hosts the AgentReady web application and processes incoming HTTP requests. See vercel.com/legal/privacy-policy.
  • Neon (United States) — hosts the Postgres database where your account record, store record, and operational data are stored. See neon.com/privacy-policy.
  • Inngest (United States) — runs our background job queue (product sync, content sync, audit). Receives job payloads which may include Shopify resource IDs and short metadata strings (handles, titles). See inngest.com/privacy.
  • Resend (United States) — delivers transactional email (welcome, receipt, status notifications). Receives your email address and the message body. See resend.com/legal/privacy-policy.
  • xAI / Anthropic / OpenAI — when, and only when, you use an AI feature (e.g. FAQ generation, recipe extraction, policy summarization), we send the relevant content snippet (page body, article body, policy text) to one of these providers and receive a structured response. We never send customer PII to these providers — only content you have already published or are about to publish on your storefront. AI features are paid-plan-only; free-plan stores never trigger calls to these providers. See:

We do not sell, rent, or trade your personal information to any other party. We may also share your personal information to comply with applicable laws and regulations, to respond to a subpoena, search warrant, or other lawful request for information we receive, or to otherwise protect our rights.

Behavioural Advertising

AgentReady does not use your personal information for behavioral advertising or targeted marketing, and we do not share your data with any advertising network. There is therefore nothing to opt out of in this regard.

Your Rights

If you are a European resident (or a resident of any jurisdiction granting similar rights, including the United Kingdom, California, and Canada), you have the right to access personal information we hold about you, and to ask that your personal information be corrected, updated, or deleted. If you would like to exercise this right, please contact us through the contact information below.

Additionally, if you are a European resident we note that we are processing your information in order to fulfill contracts we might have with you (specifically, the App services you have installed and use), or otherwise to pursue our legitimate business interests listed above. Please note that your information will be transferred outside of Europe, including to Canada and the United States, where our hosting and AI providers operate.

Data Retention

We retain your account record, store record, and operational data for as long as your account is active. When you uninstall the App from your Shopify store, the GDPR-compliance webhooks Shopify sends us (app/uninstalled, customers/data_request, customers/redact, shop/redact) trigger our deletion routines: we revoke our access token, mark the store as uninstalled, and within 30 days delete the associated job history, sync records, and AI cache entries. You may also delete your AgentReady account at any time by emailing us at the address below.

Changes

We may update this Privacy Policy from time to time in order to reflect, for example, changes to our practices or for other operational, legal, or regulatory reasons. The "Effective" date at the top of this page indicates when the policy was last revised. Material changes will be communicated to active App users via email.

Contact Us

For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by email at hello@caffeinecommerce.com.

AgentReady is operated by CaffeineCommerce. Mailing address available on request to the email above.