Privacy Policy
Last Updated: January 7, 2026
This Privacy Policy explains how AfterHours AI, Inc. (“AfterHours,” “ShopDucky,” “we,” “us,” or “our”) collects, uses, and shares information when you use our website, applications, and services (collectively, the “Platform”). The Platform provides AI-powered tools that help ecommerce merchants automate and assist with operations and customer support workflows (for example, generating responses, drafting and organizing case/dispute materials, and syncing information across connected systems).
Capitalized terms not defined here have the meaning given to them in our Terms of Service.
1) Scope and roles (Merchant data vs. customer data)
ShopDucky is primarily a business-to-business service. When a merchant connects ShopDucky to third-party services (like Shopify or a helpdesk), we may process information about that merchant’s customers and orders (“Customer Data”) on the merchant’s behalf to provide the Platform. In this context, the merchant is typically the “business” (or controller) and we are a “service provider” / processor, depending on the law and the relationship.
If you are a customer of a merchant using ShopDucky and have questions about how that merchant uses your data, contact the merchant directly.
2) Information we collect
A. Information you provide to us
We collect information you choose to provide, including:
-
Account information (name, email, password, organization/company name, role).
-
Billing information (billing contact details and payment method details handled by our payment processor, such as Stripe; we typically receive limited billing metadata, not full card numbers).
-
Support and communications (messages you send us, feedback, requests, and other correspondence).
-
Inputs and configuration you provide to run automations (e.g., business rules, workflow settings, templates, instructions, and content you submit for processing through the Platform).
-
Files and documents you upload (e.g., supporting materials for operational workflows, customer support cases, disputes, or chargebacks), if you use such features.
B. Information we obtain from connected third-party services (integrations)
If you connect the Platform to third-party services, we may collect and process information from those services as authorized by you and the integration’s permissions. This may include:
-
Shopify / ecommerce platform data (store information, products, orders, fulfillment/shipping status, refunds/returns, customer contact details, and related metadata).
-
Customer support systems (tickets, message threads, tags, macros, internal notes, and related customer contact information).
-
Payments and dispute systems (transaction metadata, dispute/chargeback statuses, reason codes, evidence documents, timelines, and outcome details), when you connect such systems.
-
Other tools you connect (CRM, email, spreadsheets, analytics, logistics tools), to the extent you enable them.
C. Information we collect automatically
When you use the Platform, we collect:
-
Usage and log data (feature usage, pages viewed, timestamps, performance metrics, error logs).
-
Device and network data (IP address, browser type, device identifiers, operating system, approximate location derived from IP, language settings).
-
Cookies and similar technologies (see “Cookies” below).
D. Sensitive information
We do not require you to provide sensitive personal information (e.g., government IDs, biometric identifiers) to use the Platform. Please do not upload sensitive data unless you have a specific need and appropriate rights/permissions.
3) Cookies
We use cookies and similar technologies to:
-
authenticate sessions,
-
keep you logged in,
-
remember preferences,
-
understand usage and improve performance,
-
prevent fraud and abuse,
-
measure marketing site performance.
You can control cookies through your browser settings. Disabling cookies may limit some Platform features.
4) How we use information
We use information to:
-
Provide and operate the Platform, including running automations and generating outputs based on your inputs and connected data.
-
Maintain integrations you enable (syncing data, executing workflows, and displaying information from connected services).
-
Process payments, manage subscriptions, and prevent fraud.
-
Provide support and respond to inquiries.
-
Improve and develop features, including debugging, analytics, and testing.
-
Secure the Platform, detect abuse, and enforce our Terms and policies.
-
Send service communications (e.g., security notices, billing notices, product updates). If you opt in, we may send marketing emails.
AI processing
The Platform may use AI models to generate suggestions, drafts, classifications, summaries, and other outputs. You control what you submit and what you connect. You are responsible for reviewing outputs before using them (e.g., sending messages, submitting disputes, or making operational decisions).
Model training. We may use Customer Data and other content processed through the Platform to improve and train our models and systems. When we do so, we take steps to de-identify the data by stripping or masking personal and business information (such as names, email addresses, phone numbers, and other direct identifiers) and by limiting or removing information that could reasonably be used to identify an individual, business or any sensitive business related information. We do not attempt to re-identify de-identified data except as permitted by law.
5) How we share information
We share information only as needed to run the Platform:
A. Service providers
We share information with vendors that help us operate, such as:
-
cloud hosting and infrastructure providers,
-
database and storage providers,
-
analytics and monitoring providers,
-
customer support tooling,
-
email/SMS delivery providers,
-
payment processors (e.g., Stripe),
-
AI service providers used to generate outputs (subject to your configuration and the provider’s processing).
These providers are authorized to process information only to provide services to us and must protect it.
B. Integration partners, at your direction
When you connect third-party services, we share and receive data with those services as directed by you through the integration (e.g., sending a drafted response to your helpdesk, syncing case status, exporting evidence).
C. Legal, safety, and compliance
We may disclose information if we believe disclosure is necessary to:
-
comply with law or legal process,
-
protect rights, safety, and security of ShopDucky, users, or the public,
-
investigate fraud, abuse, or security issues.
D. Business transfers
If we’re involved in a merger, acquisition, financing, reorganization, or sale of assets, information may be transferred as part of that transaction.
E. Aggregated / de-identified information
We may use and share aggregated or de-identified data that cannot reasonably identify you.
We do not sell personal information. We do not run an ad network based on your Customer Data.
6) Data retention
We retain information for as long as necessary to provide the Platform, comply with legal obligations, resolve disputes, and enforce agreements. You can request deletion of your account and associated data, subject to legal and operational retention needs.
7) Your rights and choices
Depending on where you live, you may have rights to:
-
access information we hold about you,
-
correct inaccurate information,
-
delete information,
-
export certain information,
-
opt out of certain processing (where applicable).
To submit a request, contact us using the details in the “Contact” section. We may verify your request (for example, by confirming access to the account email).
Marketing preferences
You can opt out of marketing emails via the unsubscribe link. Service/transactional messages (billing, security, account notices) may still be sent.
8) Security
We use reasonable administrative, technical, and physical safeguards designed to protect information. No method of transmission or storage is 100% secure.
9) International transfers
We may process and store information in the United States and other countries where we or our service providers operate. Where required, we use appropriate safeguards for cross-border transfers.
10) Children
The Platform is not intended for children. You must be at least 18 to create an account.
11) Changes to this Privacy Policy
We may update this Privacy Policy from time to time. We will update the “Last Updated” date and post the revised policy.
12) Contact
AfterHours AI, Inc. (ShopDucky)
Attn: Privacy / Legal
Mailing Address: 2261 Market St, STE 85717, San Francisco, CA 94114
Email: support@shopducky.com