CommerceGov is a private software platform providing governance infrastructure for AI-assisted commerce operations. It is not affiliated with, endorsed by, or operated by any government entity.
CommerceGov stores limited shop data only for the purpose of operating the application and providing governance for product content updates.
Overview
CommerceGov provides a governance workflow that allows agencies to review, approve, and apply product content updates to Shopify stores before changes are written to production.
CommerceGov is an agency-managed Shopify application. Merchants do not log into this application directly; an authorized agency operates the control plane on the merchant's behalf.
Data We Store
CommerceGov stores the following information required for the operation of the service:
- Shop domain (used for tenancy and access control)
- OAuth access token for secure access to the Shopify Admin API
- Product mirror and metadata cache used for analysis and governance workflows
- AI-generated product content suggestions created within the application
- Webhook processing records used for reliability and idempotent processing
- Governance and audit records related to review, approval, and applied changes
CommerceGov does not store payment information or customer personal data.
Data Usage
CommerceGov reads product content and metadata from the Shopify Admin API in order to:
- analyze product content quality
- generate optimization suggestions
- enable review and approval workflows
- apply merchant-approved product updates
All write operations to Shopify occur only after explicit approval within the application workflow.
AI-generated suggestions are provided as informational recommendations only and require explicit human approval before any changes are applied to a Shopify store.
Customer Data
CommerceGov operators do not store customer PII or process customer personally identifiable information (PII).
Shopify customer data protection webhooks (customers/redact, customers/data_request)
are acknowledged for compliance. Because CommerceGov does not persist customer records,
these requests do not result in stored customer data deletion.
Data Deletion
When a merchant uninstalls the application, all shop-specific data is permanently deleted.
When the app is uninstalled (app/uninstalled webhook) or Shopify issues a shop redaction request
(shop/redact), CommerceGov deletes all shop-scoped data including:
- OAuth tokens
- Product metadata mirror
- AI-generated suggestions
- Webhook processing records
- Apply plans and job state
- Governance audit records
- Agency-shop membership mappings
Only anonymized operational metrics may be retained for system monitoring and service reliability.
Data Security
CommerceGov uses industry-standard security practices including encrypted HTTPS communication and restricted access to stored data. Access tokens are stored securely and used solely for communication with the Shopify Admin API.
Third-Party Services
CommerceGov may use external AI service providers to generate product content suggestions. Only product content required for generating suggestions is transmitted to such providers.
Support
For questions regarding this policy or data handling, please contact your agency or the CommerceGov support team. You may also reach us at contact your agency.