TamedBack to Home

Privacy Policy

Effective date: April 5, 2026 · Last updated: April 5, 2026

1. Introduction

Tamed (“we,” “us,” or “our”) provides an AI agent platform that helps businesses build internal tools by connecting to third-party services such as Shopify, CRMs, databases, and other integrations (“the Service”). This Privacy Policy explains how we collect, use, disclose, and protect information when you use our website at tamed.sh, our application, and any related services.

By installing or using Tamed—including through the Shopify App Store—you agree to the practices described in this policy. If you do not agree, please do not use our Service.

2. Information We Collect

2.1 Information You Provide

  • Account information: name, email address, organization name, and password when you create an account or join a workspace.
  • Payment information: billing details processed through our third-party payment provider. We do not store full credit card numbers on our servers.
  • Support requests: any information you share when contacting us for help.

2.2 Information from Integrations

When you connect a third-party service (e.g., Shopify, HubSpot, Google Sheets), we access data from those services on your behalf, limited to the scopes you authorize. This may include:

  • Shopify store data: orders, products, customers, inventory, and other store information as permitted by the access scopes you grant during installation.
  • Other integration data: records, contacts, documents, or other data from connected services, limited to what is necessary to perform the actions you configure.

2.3 Automatically Collected Information

  • Usage data: pages visited, features used, agent queries, timestamps, and interaction patterns.
  • Device and browser data: IP address, browser type, operating system, and device identifiers.
  • Cookies and similar technologies: we use cookies, local storage, and similar technologies for authentication, preferences, and analytics.

3. How We Use Your Information

We use collected information to:

  • Provide, operate, and maintain the Service.
  • Execute AI agent tasks you configure, such as querying your Shopify store data or generating reports from connected integrations.
  • Authenticate your identity and manage access to your workspace.
  • Process transactions and send related notices (e.g., invoices, confirmations).
  • Respond to support requests and communicate product updates.
  • Monitor and improve the security, performance, and reliability of the Service.
  • Comply with legal obligations and enforce our terms.

We do not sell your personal information. We do not use merchant or customer data from Shopify for advertising, marketing to end customers, or any purpose unrelated to providing the Service.

4. AI Agent Data Handling

Tamed uses AI models to process natural-language queries and perform actions across your connected integrations. When you interact with the AI agent:

  • Your queries and the data retrieved from integrations are processed in real time to generate responses and execute tasks.
  • We may retain conversation logs to provide you with history, improve the Service, and debug issues.
  • Integration data accessed by the agent is handled according to the same protections described in this policy and is not used to train general-purpose AI models.
  • You control which integrations are connected and which data scopes are authorized. You can disconnect integrations at any time.

5. Data Sharing and Disclosure

We do not sell or rent your data. We may share information in the following limited circumstances:

  • Service providers: trusted third parties that help us operate the Service (e.g., hosting, payment processing, analytics, AI model providers). These providers are contractually required to protect your data and use it only as directed by us.
  • Integration partners: data is transmitted to and from the third-party services you choose to connect, in accordance with those services' own terms and privacy policies.
  • Legal requirements: when required by law, regulation, legal process, or governmental request.
  • Business transfers: in connection with a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you of any such change.
  • With your consent: in any other case where you have given explicit permission.

6. Shopify Data Practices

When you install Tamed from the Shopify App Store, the following additional practices apply:

  • We access your Shopify store data only through Shopify's official APIs, using the access scopes you approve during installation.
  • We use Shopify store data solely to provide the features and functionality of the Service as described in our app listing.
  • Customer personal data from your Shopify store (e.g., shopper names, emails, addresses) is handled in accordance with Shopify's API Terms of Service and Partner Program Agreement.
  • We comply with Shopify's mandatory data privacy requirements, including responding to data deletion and data access requests via Shopify's webhook mechanisms.
  • Upon uninstalling the app, we will delete or anonymize your Shopify store data within 30 days, unless retention is required by law.

7. Data Security

We implement industry-standard technical and organizational measures to protect your data, including:

  • Encryption in transit (TLS) and at rest.
  • Access controls and authentication for all internal systems.
  • Regular security reviews and monitoring for unauthorized access.
  • Minimal data retention—we only keep data as long as necessary to provide the Service or as required by law.

While no system is 100% secure, we are committed to protecting your information and will notify affected users promptly in the event of a data breach.

8. Data Retention

We retain your information for as long as your account is active or as needed to provide the Service. Specifically:

  • Account data: retained while your account is active and for up to 30 days after deletion, to allow for recovery.
  • Integration data: cached only as long as needed to fulfill agent tasks. Persistent storage of integration data is minimized and deleted upon disconnection.
  • Conversation logs: retained to provide you with history and may be deleted upon request.
  • Billing records: retained as required by applicable tax and accounting laws.

9. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: request a copy of the personal data we hold about you.
  • Correction: request that we correct inaccurate or incomplete data.
  • Deletion: request deletion of your personal data, subject to legal retention requirements.
  • Portability: request your data in a structured, machine-readable format.
  • Restriction: request that we limit the processing of your data in certain circumstances.
  • Objection: object to the processing of your data for specific purposes.
  • Withdrawal of consent: where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, please contact us at privacy@tamed.sh. We will respond within 30 days, or sooner where required by law.

10. European Data Protection (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data under the following legal bases:

  • Performance of a contract: to provide the Service you signed up for.
  • Legitimate interests: to improve our Service, ensure security, and communicate with you, where these interests are not overridden by your data protection rights.
  • Consent: where you have given consent for specific processing activities, such as marketing communications.
  • Legal obligation: where required to comply with applicable laws.

You may lodge a complaint with your local supervisory authority if you believe your data protection rights have been violated.

11. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

  • The right to know what personal information we collect, use, and disclose.
  • The right to request deletion of your personal information.
  • The right to opt out of the “sale” of personal information. We do not sell personal information.
  • The right to non-discrimination for exercising your privacy rights.

12. International Data Transfers

Your data may be processed in countries other than your own. We ensure appropriate safeguards are in place for international transfers, including standard contractual clauses or other approved mechanisms, to provide a level of data protection consistent with applicable law.

13. Children's Privacy

Tamed is a business tool and is not intended for use by individuals under 16 years of age. We do not knowingly collect personal data from children. If we learn that we have collected data from a child, we will delete it promptly.

14. Third-Party Links and Services

The Service may contain links to or integrations with third-party websites and services. We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies before providing them with your information.

15. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by updating the “Last updated” date at the top of this page and, where appropriate, by email or in-app notification. We encourage you to review this page periodically.

16. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us: