Privacy Policy

Last updated: March 16, 2026

GAGA AI ("we", "our", or "us") operates the gaga-ai.io website and the GAGA AI platform. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our services.

1. Information We Collect

Account Information

When you create a GAGA AI account, we collect your email address and password. We use this information to authenticate you and manage your account.

Store Data

When you connect your e-commerce store (e.g., Shopify), we import and store your product catalog (titles, descriptions, prices, images, URLs), store policies (refund, shipping, privacy, terms of service), and basic store information (store name, domain). This data is used to power the AI customer support widget on your storefront.

Customer Conversations

When visitors to your storefront use the GAGA AI chat widget, we collect and store the messages exchanged between the visitor and the AI assistant. These conversations are associated with your store and accessible from your dashboard.

Usage Data

We track the number of messages processed, AI token usage, and associated costs for billing and analytics purposes. This data is aggregated at the store level and visible in your dashboard.

2. How We Use Your Data

  • AI Processing: Your store data (products, policies, FAQs) is sent to our AI provider to generate responses to customer questions. We currently use Google Gemini for AI processing.
  • Service Delivery: To operate the chat widget on your storefront and provide accurate, store-specific customer support.
  • Analytics: To provide you with conversation analytics, usage statistics, and performance insights through your dashboard.
  • Billing: To track your usage against your plan limits and process subscription payments.
  • Service Improvement: To improve the quality and reliability of our platform. We do not use your data to train AI models.

3. Third-Party Services

We use the following third-party services to operate GAGA AI:

  • Google Gemini (AI Provider): Customer messages and your store context are sent to Google's Gemini API to generate AI responses. Google's data usage policies apply to data processed through their paid API tier, which does not use your data for model training.
  • Supabase (Database & Auth): We use Supabase to store your account data, store information, conversations, and usage logs. Supabase provides our authentication system.
  • Vercel (Hosting): Our application is hosted on Vercel. Vercel may collect standard server logs including IP addresses and request metadata.
  • Shopify (Integration): We connect to Shopify via their OAuth API to import your store data. We only request the permissions necessary to read your products, policies, and manage script tags.

4. Data Retention and Deletion

We retain your data for as long as your account is active. When you delete your account or disconnect your store, we delete all associated data (products, policies, conversations, usage logs) within 30 days. You can request immediate data deletion by contacting us at support@gaga-ai.io.

5. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of the data we hold about you.
  • Correction: Request correction of inaccurate data.
  • Deletion: Request deletion of your data and account.
  • Export: Request a portable copy of your data.
  • Opt-Out: You can disconnect your store or disable the chat widget at any time from your dashboard.

To exercise any of these rights, contact us at support@gaga-ai.io. We will respond within 30 days.

6. Cookies

We use essential cookies only. Our authentication system (Supabase Auth) uses secure, HTTP-only session cookies to keep you logged in. We do not use advertising cookies, tracking cookies, or third-party analytics cookies.

7. Data Security

We implement industry-standard security measures including encrypted data transmission (HTTPS/TLS), secure authentication with hashed passwords, access controls on database resources, and HMAC verification for webhook data integrity. However, no method of electronic transmission or storage is 100% secure.

8. Children's Privacy

GAGA AI is not directed at children under the age of 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us at support@gaga-ai.io.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through a notice on our website. Your continued use of the service after changes constitutes acceptance of the updated policy.

10. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

support@gaga-ai.io