This Privacy Policy explains how iLabs USA Inc. doing business as Xenia AI Marketer ("Xenia," "we," "us," or "our") collects, uses, discloses, retains, and protects personal information in connection with the Xenia website, Xenia AI Marketer platform, Shopify app, connectors, AI features, personalization tools, customer journey orchestration tools, messaging tools, analytics tools, and related services (collectively, the "Services").
Xenia provides an AI-assisted marketing platform for commerce and marketing teams, including Customer 360 profiles, audience and persona intelligence, behavioral signals, propensity and engagement metrics, experimentation, recommendations, AI content assistance, and cross-channel journey orchestration.
Legal entity: iLabs USA Inc., a Delaware C Corporation. Mailing address: 530 30th Avenue, San Francisco, CA 94121. General privacy contact: info@xeniamartech.com. Contact person: Punsri Abeywickrema, punsri@xeniamartech.com.
1Scope and Processing Roles
This Policy applies to personal information we process about website visitors, prospects, customers, merchants, authorized users, job applicants, and other people who interact with Xenia. When Xenia processes personal information about a merchant's shoppers, subscribers, customers, or end users on behalf of that merchant, Xenia generally acts as a processor, service provider, or equivalent role, and the merchant is responsible for its own privacy notice, legal basis, consent records, and customer-rights responses.
Xenia acts as a controller or business for limited information we process for our own purposes, such as website analytics, account administration, billing-contact information, sales communications, support, security, legal compliance, and Xenia marketing communications.
2Personal Information We Collect
2.1 Information You Provide
We may collect name, business email, phone number, company name, job title, account login details, role/permission settings, support requests, demo requests, billing-contact information, contract details, survey responses, feedback, and information included in prompts, uploads, forms, or communications with us.
2.2 Website, Device, and Cookie Data
When you visit our website or use the Services, we may collect IP address, browser type, device type, operating system, referring page, pages viewed, clickstream data, session duration, approximate location inferred from IP address, cookie identifiers, analytics events, security logs, and diagnostic information.
We may use cookies, pixels, local storage, SDKs, and similar technologies to operate the website and Services, authenticate users, remember preferences, improve performance, detect fraud or abuse, measure marketing effectiveness, understand product usage, and support diagnostics. Where required, we provide cookie controls or obtain consent before using non-essential cookies.
2.3 Platform Usage and AI Interaction Data
When authorized users use Xenia, we may process workspace IDs, user IDs, login history, feature usage, workflow and journey configurations, rule edits, experiment settings, content versions, prompt history, AI output history, approval logs, publishing logs, connector sync status, audit logs, error logs, and support diagnostics.
2.4 Shopify Integration Data
If a merchant installs or connects the Xenia Shopify app or Shopify connector, Xenia processes Shopify data authorized through Shopify permissions, Shopify APIs, storefront events, and webhooks. Depending on configuration and approved permissions, this may include store metadata, product/catalog data, customer records, marketing opt-in status, order, checkout, cart, abandoned checkout, discount, session, and event data.
Xenia uses Shopify data only as necessary to provide AI-assisted personalization, segmentation, customer journey orchestration, messaging, conversion tracking, abandoned checkout recovery, analytics, consent enforcement, support, security, and merchant-authorized services.
3Shopify API Read/Store Data Map
The current Shopify customer data inventory contains 30 data points: 21 stored data points and 9 real-time-only data points. Stored data is retained only for service purposes and according to the retention principles in this Policy, the DPA, and the merchant's configuration. Real-time-only data is used transiently for personalization, lookup, validation, or aggregate computation and is not persisted as a stored profile field.
- 1. Email (customer.email):
- Stored. Protected customer data; direct identifier; profile and messaging.
- 2. Phone (customer.phone):
- Stored. Protected customer data; direct identifier; messaging and consent.
- 3. Shopify customer ID (customer.id):
- Stored. Customer identifier for matching and deduplication.
- 4. First name (customer.first_name):
- Stored. Protected customer data; personalization.
- 5. Last name (customer.last_name):
- Stored. Protected customer data; personalization.
- 6. Country (default_address.country_code):
- Stored. Regional personalization and compliance routing.
- 7. Language (customer.locale):
- Stored. Localization and language preference.
- 8. Email opt-in status (customer.accepts_marketing):
- Stored. Consent and marketing preference enforcement.
- 9. Order value (order.total_price):
- Stored. Order/transaction data; analytics.
- 10. Order currency (order.currency):
- Stored. Order/transaction data; currency-aware analytics.
- 11. Order date/time (order.created_at):
- Stored. Lifecycle timing and order analytics.
- 12. Conversion value (checkout.totalPrice):
- Stored. Checkout/conversion analytics.
- 13. Full order / checkout payload (order.* / checkout.*):
- Stored. High-sensitivity order/checkout data; minimize and retain only where technically necessary.
- 14. Visitor ID (_xenia_vid):
- Stored. Xenia visitor identifier and journey continuity.
- 15. Shopify client ID (_shopify_y):
- Stored. Shopify client identifier; customer/session linkage where permitted.
- 16. Lifetime value (derived from events):
- Stored. Computed customer profile metric.
- 17. Order count, 90 days (derived from events):
- Stored. Computed purchase behavior metric.
- 18. Last purchase date (derived from events):
- Stored. Computed lifecycle metric.
- 19. Average order value (derived from events):
- Stored. Computed purchase metric.
- 20. Email open rate, 30 days (derived from events):
- Stored. Computed engagement metric.
- 21. Email click rate, 30 days (derived from events):
- Stored. Computed engagement metric.
- 22. Logged-in flag (customer.loggedIn):
- Real-time only. Session personalization signal; not persisted as profile field.
- 23. Customer tags, storefront (customer.tags):
- Real-time only. Storefront personalization signal; not persisted as profile field.
- 24. Customer ID, storefront (customer.id):
- Real-time only. Real-time customer/session identifier through storefront path.
- 25. Locale, storefront (storefront context):
- Real-time only. Localization signal; not persisted as profile field.
- 26. Cart total (cart context):
- Real-time only. Cart personalization/trigger signal.
- 27. Cart item count (cart context):
- Real-time only. Cart personalization/trigger signal.
- 28. Guest email lookup (abandonedCheckouts.customer.email):
- Real-time only. Abandoned checkout lookup; direct identifier used transiently.
- 29. Order-exists check (Orders query):
- Real-time only. Purchase validation/suppression check.
- 30. Aggregate audience stats (backend aggregates):
- Real-time only. Aggregate audience computation; not stored as customer-level data.
4Protected Customer Data and Data Minimization
Some Shopify customer, order, checkout, and related data may be protected customer data. Xenia seeks access only to the minimum data reasonably necessary to provide the Services enabled by the merchant. Direct identifiers such as email, phone, name, and customer ID are used only for service purposes such as identification, segmentation, personalization, merchant-authorized messaging, consent enforcement, journey orchestration, analytics, support, security, and privacy-request handling.
Full order and checkout payloads are treated as high-sensitivity data. Xenia retains full payloads only where technically necessary for service functionality, attribution, troubleshooting, audit, or merchant-authorized journey processing, and minimizes, transforms, redacts, or deletes unnecessary fields as soon as commercially reasonable.
5How We Use Personal Information
We use personal information to provide, operate, secure, support, and improve the Services; create and manage accounts; authenticate users; provision workspaces; sync integrations; build and execute journeys; generate segments, personas, recommendations, and AI-assisted content; personalize experiences; run experiments; maintain dashboards; deliver messaging; enforce consent and suppression rules; troubleshoot issues; prevent misuse; comply with law; and communicate with customers and prospects.
For Xenia's own website and marketing activities, we may use contact and website-usage information to respond to inquiries, send product updates, measure marketing performance, and provide relevant communications where permitted. Merchant end-customer data and Shopify protected customer data are not used for Xenia's own advertising.
6AI Features
Xenia's AI features may process prompts, Customer Data selected by users, campaign goals, performance data, brand guidelines, audience definitions, product data, and behavioral data to generate content, rules, journeys, recommendations, explanations, and insights.
Unless a customer expressly opts in or separately agrees in writing, Xenia does not use Customer Data, Shopify protected customer data, prompts containing Customer Data, or AI outputs generated from Customer Data to train general-purpose foundation models or Xenia models for other customers. AI outputs are intended to assist marketers, and customers remain responsible for reviewing, approving, and publishing final content, journeys, offers, and campaigns.
8No Sale of Customer Data
Xenia does not sell Customer Data, does not sell Shopify protected customer data, and does not use Shopify protected customer data for Xenia's own advertising or cross-context behavioral advertising. Xenia may use limited website visitor data for Xenia's own analytics and marketing as described in this Policy and any cookie notice or consent banner.
9Messaging, Consent, and Suppression
If customers use Xenia for email, SMS, MMS, push notifications, WhatsApp, in-app messages, abandoned checkout workflows, or other customer communications, Xenia may process recipient identifiers, message content, templates, delivery logs, engagement data, consent records, opt-in/opt-out status, suppression lists, and compliance logs. Mobile phone numbers, SMS opt-in records, and messaging consent data are not sold, rented, or shared with third parties for their own independent marketing purposes.
Customers are responsible for obtaining legally required consents, honoring opt-outs, maintaining suppression lists, and configuring campaigns lawfully. Additional rules are described in the Anti-Spam and Messaging Policy at /messaging-policy.
10Shopify Privacy Webhooks and Privacy Rights
For public Shopify apps, Xenia supports Shopify's mandatory privacy webhook framework, including customer data request, customer redaction, and shop redaction workflows. When Xenia receives a valid Shopify privacy webhook, Xenia will assist the merchant, delete/redact/anonymize applicable data, or take other required action unless retention is required or permitted by law, contract, security, audit, or compliance obligations.
Depending on your location, you may have rights to access, correct, delete, port, restrict, object to, or opt out of certain processing. To exercise rights regarding information Xenia controls directly, contact info@xeniamartech.com. If you are a shopper, subscriber, or end customer of a merchant using Xenia, contact that merchant first; Xenia will assist the merchant where required.
11Security
Xenia maintains administrative, technical, and organizational safeguards designed to protect personal information, including access controls, role-based permissions, encryption in transit, encryption at rest, logging, monitoring, vulnerability management, environment separation, backup controls, vendor review, and incident response processes. Additional details are published at /security.
12Data Retention
We retain personal information only as long as reasonably necessary for the purposes described in this Policy, unless a longer period is required or permitted by law. Account and workspace data are retained while the account is active and for a limited period after termination. Shopify protected customer data is retained only as necessary to provide Services, comply with merchant instructions, respond to privacy requests, satisfy legal obligations, or as otherwise permitted. Consent and suppression records may be retained to document compliance and honor opt-outs. Backups are deleted or overwritten according to backup schedules. Aggregated or de-identified data may be retained where it cannot reasonably identify a merchant, store, or individual.
For any immediate data deletion request, you must contact us at info@xeniamartech.com.
13International Transfers
Xenia and its service providers may process personal information in the United States and other countries. Where required by law, we use appropriate safeguards for international transfers, which may include Standard Contractual Clauses, transfer impact assessments, supplementary measures, or other lawful mechanisms.
14Children and Sensitive Personal Information
The Services are intended for businesses and are not directed to children. Customers may not use the Services to knowingly collect or process children's personal information or sensitive personal information unless legally permitted and expressly authorized in writing by Xenia with appropriate safeguards.
15Changes and Contact
We may update this Policy from time to time. If we make material changes, we will provide notice through the Services, by email, or by other appropriate means. The 'Last updated' date indicates when this Policy was last revised.
For privacy questions or requests, contact info@xeniamartech.com. You may also contact Punsri Abeywickrema at punsri@xeniamartech.com. Mail may be sent to 530 30th Avenue, San Francisco, CA 94121.
