Primis AI HS Code Application - Privacy Policy

Primis AI HS Code Application – Privacy Policy

Last updated: 25 March 2026

Introduction

This privacy policy explains how the Primis AI HS Codes application (“the App”), operated by Primis (“we”, “us”, “our”), collects, uses, stores, and shares data from merchants who install the App on their Shopify store, and forms an addendum to the Primis Data Processing Agreement.

Data We Collect

Once the App is installed, we collect the following data from your Shopify store:

– Product data: Product titles, descriptions, variants, SKUs, categories, images, and product identifiers.

– Inventory data: Country of origin, Harmonized System (HS) codes, country-specific tariff codes, material compositions, and shipping requirements associated with your products and variants.

– Store information: Your shop domain, store name, and location details.

– Billing data: Credit balance, purchase history, and Shopify charge identifiers associated with your use of the App’s paid features.

– AI classification logs: Records of AI-generated HS code suggestions, including the product data submitted for classification, the AI model’s response, confidence levels, and credits consumed.

Data We Do Not Collect

– No customer personal data: We do not collect, store, or process any of your customers’ personal information, including names, email addresses, shipping addresses, phone numbers, payment details, or order data.

– No order data: We do not access or store any information about orders placed in your store.

– No browsing or analytics data: We do not track how your customers interact with your store.

How We Use Your Data

We use the data collected to:

– Synchronise product and variant information from your Shopify store to provide compliance reporting.

– Identify products and variants missing critical international commerce data (HS codes, country of origin, material composition).

– Generate AI-powered HS code classification suggestions using your product data (titles, descriptions, categories, materials, and other attributes).

– Display compliance dashboards, reports, and audit logs within the App.

– Process credit purchases and maintain billing records.

– Send operational notifications related to app lifecycle events such as uninstallation or data requests.

Our legal basis for processing this information is the performance of a contract (to provide the App’s services to the merchant) and our legitimate interests in maintaining, securing, and improving our App.

Data Sharing

Sub-Processors

We use third-party service providers (sub-processors) to host our infrastructure, store data, and process AI classification requests. A list of our current sub-processors is available upon request.

AI Classification Services

When you use the AI-powered HS code classification feature, product data (titles, descriptions, categories, materials, and other relevant attributes) is sent to a custom AI model for processing. This data:

– Is used solely for the purpose of generating HS code classifications at the time of your request.

– Is not retained by the AI service beyond the immediate processing request.

– Is not used to train, fine-tune, or improve any AI models.

International Data Transfer

Where we transfer personal data outside of the UK or European Economic Area (EEA), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or reliance on adequacy decisions, to ensure the data remains protected to the same standard.

Data Storage and Security

Your data is stored in secure, encrypted databases. We implement appropriate technical and organisational measures to protect your data against unauthorised access, alteration, or loss.

For this App, additional measures include:

– Encryption of data in transit and at rest.

– Per-store data isolation at the database level (no data is shared or merged between stores).

– HMAC verification of all Shopify webhook payloads.

– Secure authentication via Shopify’s managed installation and token exchange.

Data Ownership

In the context of data protection laws (such as GDPR and UK GDPR), the merchant installing the App acts as the Data Controller of any personal data processed through the App. Primis acts as a Data Processor, processing this data only on behalf of and under the instructions of the merchant to provide the agreed-upon services.

Data Retention

We retain product, variant, and compliance data for as long as the App remains installed. This data is required to support ongoing compliance monitoring and reporting.

Upon uninstallation of the App, your store is marked as inactive and no further data is collected. All stored data associated with your store is deleted from our systems in accordance with Shopify’s requirements. You may request earlier deletion of your data at any time by contacting us.

Your Rights

You have the right to:

– Request access to the data we hold about your store and products.

– Request deletion of your data by contacting us directly.

– Uninstall the App at any time through your Shopify Admin.

If a customer of your store submits a data access or deletion request through Shopify, we will process it in accordance with Shopify’s requirements and applicable data protection laws. As we do not store customer personal data, such requests will typically require no action on our part.

Shopify Webhooks (GDPR Compliance)

To comply with Shopify’s requirements for all apps, we implement mandatory data webhooks:

– Customer data requests and deletion: As no customer data is held, these requests require no action on our part.

– Shop data deletion: All stored product, compliance, and billing data associated with your store is deleted upon request.

Changes to This Policy

We may update this privacy policy from time to time. Any changes will be reflected in the “Last updated” date above.

Contact

If you have any questions about this privacy policy or how your data is handled, please contact your Primis account manager or email us at support@primis.cx.