Privacy Policy
Last updated: April 2, 2026
Maitch Inc. (“Maitch,” “we,” “us”) operates the AI-powered discovery platform available at maitch.ai, fashion.maitch.ai, through embedded widgets on merchant websites, and via the Maitch Shopify app (collectively, the “Service”). This Privacy Policy explains what data we collect, how we use it, and your rights.
1. What We Collect
End-User (Shopper) Data
When you interact with a Maitch-powered search widget or discovery experience, we collect pseudonymous session-level data. We do not require login, and we do not collect your name, email, payment information, or any other directly identifying information.
| Data | Purpose |
|---|---|
| Session ID (random UUID stored in browser localStorage) | Link interactions within a single session |
| Search queries | Provide relevant results and improve search quality |
| Product interactions (clicks, comparisons, ratings) | Learn preferences in real time and improve ranking |
| Widget engagement events (open, close, filter changes) | Product analytics and performance monitoring |
| IP address hash (SHA-256, truncated, non-reversible) | Click fraud detection only |
| Surface and platform identifiers | Distinguish traffic sources (e.g. web, widget, Shopify) |
We do not use cookies. Session IDs are stored in your browser’s localStorage and are never shared with third parties for advertising purposes.
Merchant (Store Owner) Data
When a merchant installs the Maitch Shopify app or integrates directly, we collect:
- Shopify OAuth data — store domain, owner name, and email (required for app operation and billing).
- Product catalog data — titles, descriptions, images, prices, and variants (used to power search and discovery).
- Billing and usage data — plan tier, session counts, and overage charges (for usage-based billing).
2. How We Use Data
- Provide the Service — power AI-driven search, preference learning, and product recommendations.
- Billing — count unique discovery sessions per merchant for usage-based pricing.
- Improve quality — analyze aggregate search patterns to improve ranking, relevance, and the discovery experience.
- Fraud prevention — detect and prevent click fraud using hashed IP addresses.
Merchant analytics dashboards show aggregate data only (e.g. top search queries with counts). No per-session drill-down or individual shopper activity is exposed to merchants.
3. Data Retention
- Event data (searches, clicks, preferences): retained for 12 months, then automatically deleted.
- Merchant account data: retained for as long as the merchant has an active installation. Deleted upon app uninstallation or shop redaction request.
- Product catalog data: synced periodically and removed when a merchant uninstalls.
4. Affiliate Links & Third-Party Networks
Maitch participates in affiliate marketing programs through networks including CJ Affiliate (Commission Junction) and Rakuten Advertising. When you click an affiliate link, those networks may set cookies and collect data in accordance with their own privacy policies. We do not control third-party data collection practices. We may earn a commission on qualifying purchases at no additional cost to you.
5. Data Sharing
We do not sell or rent personal data. We share data only:
- With merchants — aggregate analytics about their store’s discovery performance (never individual shopper data).
- With infrastructure providers — Google Cloud Platform (hosting and database) and Shopify (app billing). These providers process data on our behalf under their own privacy policies.
- With affiliate networks — CJ Affiliate and Rakuten Advertising may collect data via cookies when you click affiliate links.
- When required by law — in response to valid legal process.
6. Shopify App — GDPR Compliance
The Maitch Shopify app fully supports Shopify’s mandatory privacy webhooks:
- Customer data request — we store no direct customer PII, so these requests return an acknowledgment with no data payload.
- Customer data erasure — same as above; no customer PII to erase.
- Shop data erasure — upon receiving this webhook, we delete all billing records, sync jobs, OAuth sessions, and shop records associated with the requesting store.
7. Your Rights
Depending on your jurisdiction (GDPR, CCPA, etc.), you may have the right to:
- Request access to data we hold about you.
- Request deletion of your data.
- Object to or restrict processing of your data.
- Data portability.
Because our shopper data is pseudonymous (keyed to a random session ID with no login), we cannot identify a specific individual from our records without additional information. If you wish to exercise your rights, please contact us and we will work with you to verify your identity and fulfill your request.
8. Security
We use industry-standard measures to protect data, including encrypted connections (TLS), managed database infrastructure on Google Cloud Platform, and hashed IP addresses. Access to production systems is restricted to authorized personnel.
9. Children’s Privacy
The Service is not directed at children under 13. We do not knowingly collect data from children. If you believe a child has provided us with data, please contact us and we will delete it.
10. Changes to This Policy
We may update this policy from time to time. Material changes will be posted on this page with an updated date. Continued use of the Service after changes constitutes acceptance.
11. Contact
For privacy-related questions or requests, please contact:
Maitch Inc.
Email: hello@maitch.ai
Incorporated in Delaware, USA