CommerceGov is a private software platform providing governance infrastructure for AI-assisted commerce operations. It is not affiliated with, endorsed by, or operated by any government entity.
CommerceGov stores limited shop data only for the purpose of operating the application and providing governance for product content updates.
Overview
CommerceGov provides a governance workflow that allows agencies to review, approve, and apply product content updates to Shopify stores before changes are written to production.
CommerceGov is an agency-managed Shopify application. Merchants do not log into this application directly; an authorized agency operates the control plane on the merchant's behalf.
Data We Store
CommerceGov stores the following information required for the operation of the service:
- Shop domain (used for tenancy and access control)
- OAuth access token for secure access to the Shopify Admin API
- Product mirror and metadata cache used for analysis and governance workflows
- AI-generated product content suggestions created within the application
- Webhook processing records used for reliability and idempotent processing
- Governance and audit records related to review, approval, and applied changes
CommerceGov does not store payment card data or customer personal data.
Shopify App Store public review
CommerceGov is free for this build. No in-app merchant charges, no payment card collection, no paid plans, no subscriptions, no pricing, and no payment flow on public install surfaces.
Data Usage
CommerceGov reads product content and metadata from the Shopify Admin API in order to:
- analyze product content quality
- generate optimization suggestions
- enable review and approval workflows
- apply merchant-approved product updates
All write operations to Shopify occur only after explicit approval within the application workflow.
Approved writes are executed through worker-controlled jobs and recorded in audit history.
AI-generated suggestions are provided as informational recommendations only and require explicit human approval before any changes are applied to a Shopify store.
Customer Data
CommerceGov operators do not store customer PII or process customer personally identifiable information (PII).
Shopify customer data protection webhooks (customers/redact, customers/data_request)
are acknowledged for compliance. Because CommerceGov does not persist customer records,
these requests do not result in stored customer data deletion.
Data Deletion and Retention
When the app is uninstalled (app/uninstalled) or Shopify issues a shop redaction request
(shop/redact), CommerceGov revokes operational Shopify access and clears uninstall-scoped
operational records.
Uninstall/redaction processing clears or redacts operational data such as:
- OAuth access usability (token is deactivated and no longer used for API operations)
- Webhook processing records used for in-flight reliability handling
- Apply plans, sync/onboarding job state, and other transient operational state
- Stored owner contact fields where redaction is required for uninstall safety
CommerceGov retains governance evidence required for deterministic operations, security, legal integrity, and auditability, including command/audit history and product governance records.
CommerceGov does not claim zero retention. Data handling follows operational necessity and governance integrity requirements for controlled Shopify mutations.
Data Security
CommerceGov uses industry-standard security practices including encrypted HTTPS communication and restricted access to stored data. Access tokens are stored securely and used solely for communication with the Shopify Admin API.
Third-Party Services
CommerceGov may use external AI service providers to generate product content suggestions. Only product content required for generating suggestions is transmitted to such providers.
Support
For questions regarding this policy or data handling, contact support@commercegov.io.