Privacy Policy

LeMay Commerce — The Commerce Operating System

Effective Date: February 1, 2026 · Last Updated: February 26, 2026

1. Introduction

LeMay ("we," "us," or "our"), a corporation organized under the laws of the Commonwealth of Massachusetts and headquartered at Beacon Hill, Boston, operates LeMay Commerce ("the Application"), a Shopify application providing AI-powered commerce operations tools. This Privacy Policy describes how we collect, use, store, and protect information when you install and use LeMay Commerce.

2. Information We Collect

2.1 Shopify Store Data

When you install LeMay Commerce, we access Shopify store data as authorized by the scopes you approve during installation. This includes:

  • Order information (order details, fulfillment status, transaction records)
  • Product catalog data (titles, descriptions, variants, pricing, inventory levels)
  • Customer records (names, email addresses, order history, tags)
  • Store configuration (locations, shipping zones, tax settings)
  • Marketing and discount data (campaigns, discount codes, price rules)
  • Content and theme data (blog posts, pages, theme settings)
  • Analytics data (sales reports, traffic data, conversion metrics)

2.2 Usage Data

We collect information about how you interact with the Application, including:

  • Commands and queries submitted to the natural language interface
  • Tool execution logs (which tools are used, frequency, success/failure rates)
  • Session duration and feature usage patterns
  • Error reports and diagnostic data

2.3 Account Information

We store your Shopify shop domain, access tokens (encrypted), subscription plan, and billing status as necessary to provide the service.

3. How We Use Your Information

We use collected information exclusively to:

  • Provide, operate, and maintain LeMay Commerce services
  • Execute commerce operations you request through natural language commands
  • Process and manage your subscription and billing
  • Improve the accuracy and performance of our AI-powered tools
  • Provide customer support and respond to inquiries
  • Detect, prevent, and address technical issues and security threats
  • Comply with legal obligations and enforce our terms

We do not sell, rent, or trade your personal data or store data to third parties. We do not use your store data for advertising purposes. We do not share your data with other merchants or Shopify app developers.

4. Data Storage and Security

Your data is stored on servers located in the United States (AWS us-east-1, Virginia). We employ industry-standard security measures including:

  • AES-256 encryption at rest for all stored data
  • TLS 1.3 encryption in transit for all API communications
  • Encrypted access token storage with per-shop encryption keys
  • Role-based access controls for internal systems
  • Regular security audits and penetration testing
  • Automated intrusion detection and monitoring

5. Data Retention

We retain your store data only as long as your LeMay Commerce subscription is active. Upon uninstallation or subscription cancellation:

  • Session data and access tokens are deleted within 24 hours
  • Cached store data is purged within 48 hours
  • Usage logs and analytics are anonymized within 30 days
  • Billing records are retained for 7 years as required by applicable tax law

6. Third-Party Services

LeMay Commerce integrates with the following third-party services:

  • Shopify — Platform provider; governed by Shopify's Privacy Policy
  • AI Partners — Natural language processing for command interpretation; queries are processed without persistent storage of your data
  • Vercel — Application hosting; governed by Vercel's Privacy Policy

We do not transmit raw customer PII (personally identifiable information) to AI providers. Commands are processed with anonymized context where possible.

7. GDPR and International Privacy

For merchants and customers in the European Economic Area (EEA), United Kingdom, or other jurisdictions with comprehensive data protection laws:

  • Legal Basis: We process data based on contractual necessity (providing the service you subscribed to) and legitimate interest (improving the Application)
  • Data Subject Rights: You have the right to access, rectify, erase, restrict processing, data portability, and object to processing of your personal data
  • Data Processing Agreement: Available upon request for enterprise customers
  • Cross-Border Transfers: Data is transferred to the United States under Standard Contractual Clauses (SCCs)

8. CCPA Compliance

For California residents: We do not sell personal information. You have the right to know what personal information we collect, request deletion, and opt out of any future sale of personal information. To exercise these rights, contact privacy@lemay.app.

9. Children's Privacy

LeMay Commerce is a business-to-business application designed for Shopify merchants. We do not knowingly collect personal information from children under the age of 13. If we become aware that we have collected personal information from a child under 13, we will take immediate steps to delete such information.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last Updated" date. Continued use of LeMay Commerce after changes constitutes acceptance of the revised policy.

11. Contact

For privacy-related inquiries, data access requests, or complaints: