Legal

Privacy Policy

Last updated: July 2026

Linra is an AI copilot for Shopify merchants. This Privacy Policy explains which data we process as part of the Linra app and chat widget, for which purposes and on which legal basis, in line with the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). For the personal data of a store's shoppers, the merchant is the data controller and Linra acts as a data processor (see our Data Processing Agreement at linra.io/dpa).

1. Data Controller

The party responsible for the processing described in this policy is:

Linra UG (haftungsbeschränkt)
Lachnerstraße 1
85057 Ingolstadt
Deutschland
E-Mail: [email protected]

2. Roles: Merchant and Linra

For the shopper data that arises through the chat widget in a store, the respective merchant is the data controller under the GDPR. Linra processes this data only on the merchant's instructions and on the basis of a Data Processing Agreement (linra.io/dpa).

For the merchant's own data, such as account and billing data, Linra is the controller in its own right. This policy covers both cases.

3. Data We Process

3.1 Conversation data

  • chat messages between the shopper and the copilot
  • timestamps, language, conversation history and a session identifier
  • technical identifiers to recognise a session, in pseudonymised form

3.2 Product and catalog data

  • product, variant and inventory data synchronised from the store to enable guidance and search
  • personal data is stripped from the synchronised catalog (PII stripping); the catalog serves product guidance only

3.3 Order and shipping data

  • order status and shipment tracking, where needed to answer a specific request (for example Where is my order)
  • address and contact details only within the scope of the requested action such as address change, cancellation or refund

3.4 Technical data

  • masked IP address, device type, browser type and version
  • aggregated usage and performance data to keep the service running

3.5 Merchant account and billing data

  • name, email address, store domain and account settings
  • billing data for outcome based usage (number of resolved cases per month); payment is handled through Shopify's billing function

4. Purposes and Legal Basis

4.1 Providing the copilot and guidance
Legal basis: performance of a contract (Art. 6(1)(b) GDPR) and, for shopper data, processing on behalf of the merchant (Art. 28 GDPR)

4.2 Security and operation
Legal basis: legitimate interests (Art. 6(1)(f) GDPR)

4.3 Billing
Legal basis: performance of a contract (Art. 6(1)(b) GDPR) and legal obligation (Art. 6(1)(c) GDPR)

4.4 Improving the service
Legal basis: legitimate interests (Art. 6(1)(f) GDPR), on the basis of aggregated or pseudonymised data

5. No Advertising Use, No Resale

We do not sell personal data and we do not share it for third party advertising. Store data and conversation data are used only to provide the service to the respective merchant and are never combined across merchants.

6. Subprocessors and Hosting

To provide the service we use carefully selected providers as subprocessors, in particular for hosting and database operation and for language model processing.

  • hosting and database run inside the European Union (EU infrastructure)
  • a current list of subprocessors is available on request and as part of the Data Processing Agreement
  • where processing takes place in a third country, we rely on appropriate safeguards, in particular the EU Commission's Standard Contractual Clauses

7. Retention

  • conversation data: until account deletion or as instructed by the merchant
  • catalog data: for the duration of the active synchronisation
  • technical and aggregated data: kept limited in pseudonymised form
  • billing data: in line with statutory retention periods

8. Deletion and Shopify Compliance Webhooks

Linra supports Shopify's mandatory privacy webhooks and responds to access and deletion requests:

  • customers/data_request: request for information about stored customer data
  • customers/redact: deletion of the data of a specific customer
  • shop/redact: deletion of all store data after the app is uninstalled

When the app is uninstalled, access is disabled and data is deleted in line with the Data Processing Agreement.

9. Your Rights

Under the GDPR you have the following rights:

  • access to the data stored about you
  • rectification of inaccurate data
  • erasure of your data
  • restriction of processing
  • data portability
  • objection to processing based on legitimate interests
  • lodging a complaint with a supervisory authority

If your request concerns data that arose in a store, please address it to the respective merchant as the controller. We support the merchant in responding.

10. Contact

For privacy questions you can reach us at [email protected].