Privacy Policy for Franko.ai

Effective Date: 08/02/2026

Welcome to Franko.ai, an AI-powered NPS and customer feedback platform that integrates with Shopify and Klaviyo. This Privacy Policy explains how we collect, use, store, and protect personal information when you use our service. By using Franko.ai, you agree to the terms outlined in this policy.

1. Information We Collect

1.1 Merchant Information

When you sign up and connect your Shopify store, we collect:

• Your email address, name, and business name
• Shopify store domain, store name, and store owner contact details
• Store address (used for CAN-SPAM compliance in email footers)
• Brand assets (logo, colours, fonts) from your Shopify theme

1.2 Customer Information

When orders are placed in your Shopify store, we receive and store:

• Customer name and email address
• Order details (order number, total, products purchased, dates)
• Marketing consent status

1.3 NPS Survey Response Data

When customers complete an NPS survey via our chat interface, we collect:

• NPS score and survey responses
• Full conversation transcript
• Name and email (pre-filled from the invite or provided by the customer)

1.4 Automatically Collected Data

• IP address for rate limiting purposes (not stored long-term)

We do not collect sensitive data such as health or financial information.

2. How We Use Your Information

We use the information we collect to:

• Provide and operate the NPS survey and customer feedback service
• Schedule and send NPS survey invitations via Klaviyo on your behalf
• Generate analytics dashboards including NPS scores, sentiment analysis, and customer feedback trends
• Classify and categorise feedback using AI to identify common themes, problems, and outcomes
• Improve our service and user experience
• Communicate with you about your account

3. Automated Processing

We use AI (powered by Anthropic and OpenAI) to automatically process survey responses for:

• Sentiment analysis (positive, neutral, negative)
• Customer persona classification
• Product-market fit categorisation
• Extraction of key themes, friction points, and positive outcomes

These classifications are used for analytics purposes only and do not have legal or significant effects on customers.

4. Data Storage and Security

• Database: Your data is stored in PostgreSQL databases hosted by Supabase, which provides encryption at rest (AES-256) and holds SOC 2 Type II certification.
• Encryption in transit: All data transmitted between your browser, our servers, and third-party services uses TLS/SSL encryption.
• Token encryption: Shopify and Klaviyo access tokens are encrypted using AES-256-GCM before storage.
• Backups: Supabase provides automated encrypted daily backups with point-in-time recovery.
• Hosting: Our application is hosted on Vercel, which holds SOC 2 Type II certification.

5. Sharing of Information

We share your information with the following third-party service providers, solely for the purpose of operating our service:

• Shopify: We receive order and customer data via the Shopify API and webhooks. See Shopify's privacy policy.
• Klaviyo: We send NPS survey invitations via Klaviyo on your behalf, including customer email, name, and order context. See Klaviyo's privacy notice.
• Stripe: Payment processing for direct subscriptions. See Stripe's privacy policy.
• Vercel: Application hosting. See Vercel's privacy policy.
• Clerk: User authentication. See Clerk's privacy policy.
• Supabase: Database hosting. See Supabase's privacy policy.
• Anthropic & OpenAI: AI processing for survey response analysis. Conversation data is sent for classification and extraction. See their respective privacy policies.

We do not sell personal data to third parties.

6. Your Rights

You have the right to:

• Access the personal information we hold about you
• Request correction of inaccurate information
• Request deletion of your personal information
• Request a copy of your data in a portable format
• Object to automated processing of your information

To exercise these rights, please email us at fletcher@franko.ai. We will respond within 30 days.

For customers whose data is held on behalf of a Shopify merchant, please contact the merchant directly. When merchants request customer data deletion through Shopify, we automatically anonymise the associated data in our systems.

7. Data Retention

• Merchant data: We retain your data for as long as your account is active. If you uninstall the Shopify app, we deactivate your connection and cancel pending survey invitations. Associated data is retained for a reasonable period to support reinstallation and data export requests.
• Customer data: Customer data is retained for as long as the merchant's account is active. When we receive a data deletion request via Shopify's compliance webhooks, we anonymise the customer's personal information while preserving aggregated, non-identifiable analytics data.
• Account deletion: If you delete your account, we will delete your data within a reasonable period or sooner upon request.

8. Data Transfers

Your data may be processed in countries outside your jurisdiction, including the United States and Australia. Our service providers (Supabase, Vercel, Clerk) maintain appropriate safeguards for international data transfers.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on our website and updating the effective date. For significant changes, we will notify you via email.

10. Contact Us

If you have any questions or concerns about this Privacy Policy, please contact us at fletcher@franko.ai.