Privacy Policy
Last updated: 23 June 2026
1. Who we are
Athenix JSC ("Athenix", "we", "us", or "our") operates the Athenix Personalizer application available on the Shopify App Store and the website at athenix.ai. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you install or use our service. Our registered office is in Hanoi, Vietnam.
2. Information we collect
2.1 Shopify store data
When you install Athenix, we access your Shopify store through the Shopify API under the permissions you grant. This includes product catalogue data, order history (aggregated and anonymised for recommendation modelling), and storefront configuration required to render recommendation widgets.
2.2 End-customer behavioural data
We collect anonymised event signals from your store visitors — such as page views, product clicks, add-to-cart actions, and purchases — to power real-time personalisation. We do not collect end-customer names, email addresses, or payment details.
2.3 Account and billing data
We collect the name and email address of the Shopify store owner or authorised team member who installs the app. Billing is processed entirely through Shopify Billing; we do not store payment card information.
2.4 Usage and log data
We automatically collect log data such as IP addresses, browser type, pages visited within our dashboard, and timestamps. This data is used for security monitoring, debugging, and improving the service.
2.5 Cookies and tracking
Our storefront script places a first-party session cookie (atx_sid) to maintain visitor context within a browsing session. We do not use third-party advertising cookies on your storefront.
3. How we use your information
- To deliver, operate, and improve the Athenix personalisation engine.
- To generate product recommendations personalised to each visitor's context.
- To send transactional communications (e.g. onboarding, billing notifications, service alerts).
- To provide customer support when you contact us.
- To comply with legal obligations and enforce our Terms of Service.
- To conduct aggregated, anonymised analytics that improve our algorithms.
We do not sell your data or your customers' data to third parties, and we do not use it to train general-purpose AI models outside of your store's personalisation context.
4. Legal bases for processing (GDPR / UK GDPR)
Where applicable, our legal bases for processing personal data are:
- Contract performance — processing necessary to provide the service you signed up for.
- Legitimate interests — security monitoring, fraud prevention, and service improvement, where these interests are not overridden by your rights.
- Legal obligation — where we are required to process data by law.
- Consent — where you have given explicit consent, which you may withdraw at any time.
5. Data sharing and sub-processors
We share data with a limited set of trusted sub-processors to operate the service. All sub-processors are bound by data processing agreements and provide at least the same level of data protection as we do. Our key sub-processors include:
- Cloud infrastructure provider — for hosting the recommendation engine and dashboard.
- Error tracking and monitoring tools — for diagnosing application errors.
- Transactional email provider — for sending service notifications.
We may also disclose data if required by law, court order, or a valid governmental request, or to protect the rights, property, or safety of Athenix, our merchants, or the public.
6. International data transfers
Athenix is incorporated in the United Kingdom. If we transfer personal data outside the UK or European Economic Area, we do so only to countries with an adequacy decision or under appropriate safeguards (e.g. Standard Contractual Clauses).
7. Data retention
We retain merchant account data for as long as your Athenix account is active and for up to 90 days after uninstallation to allow reinstallation without data loss. Aggregated, anonymised visitor behavioural data used for model training is retained for up to 24 months. Log data is retained for up to 12 months. You may request earlier deletion by contacting us at support@athenix.ai.
8. Your rights
Depending on your location, you may have the following rights regarding your personal data:
- Access — request a copy of the data we hold about you.
- Rectification — ask us to correct inaccurate data.
- Erasure — request deletion of your personal data, subject to legal obligations.
- Restriction — ask us to restrict processing in certain circumstances.
- Portability — receive your data in a structured, machine-readable format.
- Objection — object to processing based on legitimate interests.
To exercise any of these rights, email us at support@athenix.ai. We will respond within 30 days. If you are in the UK or EEA and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with the relevant supervisory authority (in the UK: the Information Commissioner's Office at ico.org.uk).
9. Security
We implement industry-standard technical and organisational measures to protect your data, including encryption in transit (TLS 1.2+), encryption at rest, role-based access controls, and regular security reviews. No method of transmission over the internet is 100% secure; we encourage you to use a strong, unique password for your Shopify account.
10. Children's privacy
Our service is designed for Shopify merchants and is not directed to children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will promptly delete it.
11. Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or via a prominent notice in the Athenix dashboard at least 14 days before the changes take effect. Continued use of the service after that date constitutes acceptance of the updated policy.
12. Contact us
If you have questions or concerns about this Privacy Policy, please contact our Data Controller at:
Athenix JSC
Hanoi, Vietnam