Fundas.ai / RiseIQ

Effective Date: March 17, 2026

Last Updated: March 17, 2026

Applies to: RiseIQ Shopify App (cloud) · RiseIQ Enterprise (self-hosted)

1. Introduction

Fundas.ai ("Fundas", "we", "our", or "us") operates RiseIQ, an AI-powered customer intelligence platform. RiseIQ is available as a Shopify App (cloud-hosted by Fundas on Railway) and as a self-hosted Enterprise product that clients install within their own infrastructure. This Privacy Policy explains how we collect, use, protect, and delete information across both deployment models.

We are committed to protecting the privacy of merchants, their end customers, and enterprise clients. Please read this policy carefully before using RiseIQ.

2. Scope — Two Deployment Models

2.1 RiseIQ for Shopify (Cloud-Hosted)

The RiseIQ Shopify App is listed on the Shopify App Store and hosted by Fundas.ai on Railway cloud infrastructure in the United States. Merchants install the app from the App Store and grant RiseIQ access to their Shopify store data via OAuth 2.0. In this model, Fundas processes merchant data on its own infrastructure.

2.2 RiseIQ Enterprise (Self-Hosted / VPC)

The RiseIQ Enterprise product is a Python/Streamlit application that clients deploy and run entirely within their own infrastructure — Virtual Private Cloud (VPC), on-premise server, or a managed cloud environment they control. In this model, Fundas.ai does not host, transmit, store, or have any access to client or customer data. All processing occurs exclusively within the client's own environment.

3. Information We Collect

3.1 Shopify App — Data We Receive from Shopify

When a merchant installs RiseIQ, Shopify's API provides the following data, which we process to deliver the service:

Order and Transaction Data

Order IDs, order numbers, and order creation dates
Line item details: product IDs, variant IDs, SKUs, quantities, and revenue amounts
Customer IDs (Shopify's internal numeric identifiers — not names or contact details)
Order status, fulfillment status, and channel information

Product Catalogue Data

Product titles, handles, variant IDs, and option names (e.g., Size, Color)
Product image URLs (hosted on Shopify's CDN — we do not copy or store images)
Variant prices and inventory levels

Shop Configuration Data

Store domain (e.g., yourstore.myshopify.com)
Store owner email address — used only for pipeline completion notifications
Shopify OAuth access token — encrypted at rest; used to call Shopify APIs

What We Do NOT Collect

Customer names, email addresses, phone numbers, or mailing addresses
Customer payment information, credit card data, or financial details
Customer browsing behavior, session data, or cookies
Any data from third-party apps, ERP systems, or platforms beyond Shopify

3.2 Enterprise (Self-Hosted) — Data Fundas Collects

Fundas.ai collects NO data from self-hosted enterprise deployments. The application runs entirely inside the client's own environment. Fundas may hold the following limited information through the licensing and support relationship only:

Licensee contact information (name, work email, company name) provided during contract execution
Support correspondence submitted to hello@fundas.ai

No telemetry, usage analytics, model data, or any information from the enterprise application is transmitted to Fundas.ai.

4. How We Use Information

4.1 Shopify App — Permitted Uses

We use merchant data exclusively to deliver and improve the RiseIQ service:

Training per-merchant machine learning models for customer lifetime value (CLTV) prediction, churn risk scoring, and purchase pattern analysis
Generating personalized product recommendations: upsell, cross-sell, frequently bought together bundles, and reorder reminders
Writing AI-generated insights back to Shopify as customer and product metafields for use in storefronts and marketing tools
Sending pipeline completion notifications to the store owner email
Diagnosing technical issues when requested by the merchant

We do not use merchant or customer data for:

Advertising, data brokering, or any commercial purpose unrelated to RiseIQ
Training shared or cross-merchant models — each merchant's models are trained solely on their own data
Profiling or tracking individual customers beyond what is necessary for the service

4.2 Enterprise

Fundas.ai does not use, access, view, or process any data from self-hosted enterprise deployments.

5. Data Storage and Security

5.1 Shopify App

Infrastructure: Railway cloud (United States), SOC 2 Type II compliant
Token encryption: Shopify OAuth access tokens are encrypted at rest using Fernet (AES-128-CBC + HMAC-SHA256)
Pipeline data: CSV exports and ML model artefacts are stored on isolated Railway volumes accessible only to the RiseIQ application process
Database: PostgreSQL stores shop configuration only. Raw order and customer data is not persisted after pipeline processing completes
Transit security: All API calls and data transfers use TLS 1.2 or higher
Access controls: Production infrastructure access is restricted to authorized Fundas engineers only

5.2 Enterprise

All data storage and security is entirely the responsibility of the client. Fundas.ai provides the application software but has no visibility into or control over the client's data storage, access controls, or security practices. Clients are responsible for ensuring their deployment meets applicable regulatory requirements (GDPR, CCPA, HIPAA, SOC 2, etc.).

6. Data Retention and Deletion

6.1 Shopify App

Active subscriptions: Data is retained for the duration of the app subscription and for 30 days following cancellation
Uninstall: When a merchant uninstalls RiseIQ, the OAuth token is immediately revoked. All pipeline data (CSV files, ML models) is deleted from Railway volumes within 48 hours of receiving Shopify's shop/redact webhook
Customer data requests: RiseIQ does not store customer PII. We acknowledge all Shopify GDPR webhooks within the required timeframe. Because we hold only anonymized customer IDs embedded in aggregate ML models, there is no customer-level record to retrieve or delete
Merchant-requested deletion: Email hello@fundas.ai with subject "Data Deletion Request" for immediate deletion of all data associated with your store

6.2 Enterprise

Data retention is governed entirely by the client's own policies. Fundas.ai retains no client data.

7. GDPR and Shopify Compliance Webhooks

As a Shopify App Store listed application, RiseIQ implements all mandatory Shopify compliance webhooks. These are required by Shopify for all public apps and support merchants' GDPR and CCPA obligations.

customers/data_request

When Shopify notifies us that a customer has requested their data, we acknowledge the request. RiseIQ processes only Shopify's internal numeric customer IDs — not names, emails, or contact details. There is no customer-identifiable record to retrieve or export.

customers/redact

When Shopify requests erasure of a customer's data, we acknowledge and confirm. RiseIQ does not store personally identifiable customer records. Customer IDs are embedded in ML model weights as aggregated statistical patterns and cannot be individually extracted by design.

shop/redact

Received 48 hours after a merchant uninstalls the app. Upon receipt, we permanently and irrecoverably delete: the shop's database record (including the encrypted OAuth token), all pipeline data on the Railway volume (CSV files, ML model artefacts), and all configuration associated with the shop.

8. Sharing and Disclosure

Fundas.ai does not sell, rent, licence, or share merchant or customer data with third parties, with the following narrow exceptions:

Infrastructure provider: Railway processes data solely to provide hosting services under their Data Processing Agreement
Legal requirements: We may disclose information if required by applicable law, court order, or regulatory authority
Business transfers: In the event of a merger, acquisition, or asset sale, data may transfer as part of the transaction, subject to the successor entity providing equivalent privacy protections

We do not share data with advertising networks, analytics vendors, or data brokers.

9. Merchant Rights (Shopify App)

Merchants using the RiseIQ Shopify App have the following rights regarding their data:

Right to access: Request a description of the data associated with your store
Right to deletion: Request immediate deletion of all store data at any time
Right to portability: Request an export of your pipeline data
Right to restrict processing: Uninstall the app at any time to immediately stop all processing
Right to object: Contact us to object to any specific use of your store's data

To exercise any right, email hello@fundas.ai with subject "Privacy Request — [your shop domain]". We will respond within 30 days.

10. Cookies and Tracking

Shopify App

RiseIQ runs as an embedded app inside the Shopify admin interface. We do not use third-party analytics cookies or tracking pixels. Authentication uses Shopify App Bridge session tokens — short-lived cryptographic tokens that expire after each session and are not stored persistently.

Enterprise App

The Streamlit-based enterprise application uses server-side session state managed by Streamlit's runtime. No external analytics, tracking cookies, or telemetry is used.

Website (fundas.ai)

Our website may use standard analytics tools. You can opt out using browser privacy settings. We do not use advertising cookies.

11. International Data Transfers

For Shopify App users, data is processed and stored on Railway infrastructure located in the United States. If you are located in the European Economic Area (EEA), United Kingdom, Switzerland, or other jurisdictions with data transfer restrictions, your data will be transferred to the US for processing.

We rely on Shopify's data processing framework and standard contractual clauses as the legal basis for international transfers of merchant data. By installing RiseIQ from the Shopify App Store, you acknowledge and consent to this transfer.

12. Children's Privacy

RiseIQ is a business-to-business (B2B) service for Shopify merchants and enterprise clients. We do not knowingly collect personal information from individuals under the age of 18. If you believe we have inadvertently collected such information, please contact hello@fundas.ai immediately.

13. Changes to This Policy

We may update this Privacy Policy periodically. When we make material changes, we will update the Effective Date at the top of this document, post the updated policy at fundas.ai/privacy, and for Shopify App users, display a notice within the app. Continued use of RiseIQ after changes take effect constitutes your acceptance of the revised policy.

14. Contact

Company: Fundas.ai

Email: hello@fundas.ai

Website: https://www.fundas.ai

Privacy requests: hello@fundas.ai — Subject: Privacy Request — [your shop domain]

We aim to respond to all privacy-related enquiries within 30 calendar days.