Install on ShopifyLast updated: March 21, 2026
This Privacy Policy explains how ONDUTYOPS LLC operates Tacey: AI Order Agent and how information is collected, used, and handled when the application is installed on a Shopify store. Tacey functions at the order processing level and is designed to help merchants identify and resolve problematic shipping addresses before fulfillment. It does not inject any interface into the Shopify checkout and does not directly interact with customers except when sending fix notifications or escalation messages.
This policy applies to two categories of individuals. The first is merchants, who are Shopify store owners that install and configure Tacey. The second is end customers, who are individuals placing orders on those merchants' stores. The policy describes how data from both groups is processed within the context of Tacey's functionality.
By installing and using Tacey, merchants acknowledge the practices described in this policy. This includes how order-related data is processed, how third-party services are used to support functionality, and how data is retained and deleted in accordance with Shopify requirements.
Tacey: AI Order Agent is a Shopify application developed and operated by ONDUTYOPS LLC. The application is accessible through the website tacey.app and integrates directly with Shopify stores using official Shopify APIs and webhooks. Its core purpose is to analyze incoming orders, identify address issues, and assist merchants in preventing fulfillment errors.
ONDUTYOPS LLC acts as a data processor in relation to merchant store data and customer order data. Merchants remain the data controllers of their customer information and determine how that data is originally collected through their storefronts. Tacey processes this data strictly to provide its defined service of order validation, correction workflows, and merchant notifications.
All data handling practices described in this policy are aligned with Shopify's API terms and data usage requirements. Tacey operates within Shopify's ecosystem and relies on Shopify's infrastructure for secure data access and event delivery.
Tacey collects and stores specific operational data required to perform its core functions. For merchants, this includes store-level configuration such as the Shopify store domain, subscription plan, AI sensitivity settings, alert email address, and internal feature flags. This information is necessary to configure how Tacey behaves for each store and how alerts are delivered.
For each order processed, Tacey creates an internal record that includes the Shopify order ID, order number, customer email address, AI decision outcome, reasoning for that decision, a confidence score, shipping address details including any corrected version, and processing timestamps. These records enable Tacey to track decisions, support merchant visibility, and maintain operational consistency.
Tacey also maintains a transparency log that records which data fields were accessed during processing, along with timestamps, methods, and purposes. This log stores only the names of fields accessed, not the underlying values. In addition, limited inventory-related identifiers such as variant IDs and inventory item IDs are stored temporarily for specific operational use and are removed after fulfillment or uninstall.
The information collected is used strictly to operate the Tacey application and deliver its intended functionality. Order data is analyzed to determine whether a shipping address is valid, requires correction, or should be flagged for merchant review. Based on this analysis, Tacey may hold orders, trigger customer notifications with correction links, or notify merchants through configured alert channels.
Customer contact details such as email addresses and phone numbers are used only for transactional communication directly related to resolving order issues. These communications include fix emails, SMS alerts, or voice call escalations depending on the merchant's configuration. No customer data is used for marketing, profiling, or any purpose outside of order resolution.
Operational data is also used to maintain system reliability, track decision outcomes, and provide merchants with transparency into how and why certain actions were taken. The transparency log ensures that access to data fields is recorded without exposing sensitive values.
Tacey relies on a defined set of third-party services to deliver its functionality. For AI reasoning, relevant order attributes such as addresses, order value, customer order count, tags, fraud signals, and merchant-defined rules are sent to Anthropic's Claude Haiku model. Customer names, email addresses, and phone numbers are never included in these AI inputs. Anthropic retains API inputs for a limited period of 30 days for trust and safety purposes and does not use this data for model training.
Address validation is performed using Geocodio, which receives structured address components to verify and geocode locations. For customer-facing address correction, PlaceKit processes partial address input in real time to provide autocomplete suggestions without storing personally identifiable information. Email delivery is handled by Resend, which processes recipient details and message metadata for delivery tracking, while SMS and voice communications are handled by Telnyx, which stores communication records for billing and compliance purposes without recording call audio.
Tacey also uses Shopify APIs and webhooks to access and process order and customer data as required for its operation. All application infrastructure, including servers and database storage, is hosted on Render. Phone number validation is performed locally within Tacey's environment using a server-side library and does not involve any external data transfer.
Tacey retains data only for as long as a merchant actively uses the application. All stored information, including shop settings, order records, transparency logs, and related operational data, exists solely to support ongoing functionality while the app remains installed on a Shopify store.
When a merchant uninstalls Tacey, Shopify sends a data deletion request through a standardized webhook. Upon receiving this request, Tacey automatically deletes all associated data within 48 hours. This process is fully automated and does not require any manual action from the merchant.
For individual customer data deletion requests, Shopify provides a separate webhook mechanism. Tacey responds to these requests by removing all relevant records associated with the specified customer within the same 48-hour timeframe. There is no minimum retention period, and data is not retained beyond what is necessary for active operation.
Tacey implements appropriate technical and organizational measures to protect the data it processes. All data is handled within a secure server environment hosted by Render, and access to systems is restricted to authorized processes required for application functionality. Data transmission between services is conducted using secure protocols.
Sensitive data is minimized wherever possible. For example, AI processing excludes direct identifiers such as names, email addresses, and phone numbers. Transparency logging records only field names rather than actual values, reducing exposure while maintaining accountability.
While no system can guarantee absolute security, Tacey is designed with a principle of data minimization and controlled access. The combination of limited data scope, defined processing purposes, and secure infrastructure reduces the risk of unauthorized access or misuse.
Merchants who install Tacey remain responsible for their own compliance with applicable data protection and privacy laws. This includes providing appropriate disclosures to their customers about how order data is processed and ensuring that their use of Tacey aligns with their legal obligations.
Tacey operates as a processor of data that merchants collect through their Shopify stores. Merchants determine what data is collected at checkout and how it is initially obtained. Tacey processes that data only within the scope of its defined functionality and does not alter the merchant's underlying responsibilities.
Merchants should review their privacy policies and ensure they accurately describe the use of third-party applications like Tacey. They should also ensure that they have a lawful basis for processing customer data and for initiating communications such as email, SMS, or voice notifications triggered by the app.
End customers have rights over their personal data as defined by applicable laws in their jurisdiction. These rights may include access to their data, correction of inaccurate information, and deletion of their personal information. Tacey supports these rights through Shopify's established data request mechanisms.
When a customer requests deletion of their data from a merchant's store, Shopify issues a standardized request that is passed to Tacey. Upon receiving this request, Tacey deletes all associated records within 48 hours. This ensures that customer data is not retained beyond the merchant's active use or beyond a valid request.
Merchants also have control over their data by choosing to uninstall the application at any time. This action triggers a full deletion of all stored data related to their store within the same defined timeframe.
Tacey is not designed for use by children and does not knowingly process personal data from individuals under the age of 13. The application operates within the context of Shopify stores, which are responsible for their own customer interactions and data collection practices.
Any data processed by Tacey originates from merchant stores and is limited to order-related information necessary for fulfillment and validation. Tacey does not independently collect data from users or provide interfaces intended for children.
If a merchant becomes aware that data related to a child has been processed in a way that requires action, they should follow Shopify's data deletion procedures, which will automatically propagate to Tacey.
This Privacy Policy may be updated from time to time to reflect changes in the application, legal requirements, or operational practices. Updates will be published on the Tacey website and will include a revised effective date to indicate when changes take effect.
When changes are made, they will accurately describe current data practices and will not retroactively alter how data was handled before the update. Merchants are encouraged to review this policy periodically to stay informed about how data is processed.
Continued use of Tacey after an update indicates acceptance of the revised policy. If a merchant does not agree with the changes, they may uninstall the application, which will trigger the deletion of all associated data.
If you have questions about this Privacy Policy or how Tacey handles data, you may contact ONDUTYOPS LLC through the details provided below. We aim to provide clear and transparent answers regarding our data practices and processing activities.
For legal inquiries, data protection concerns, or clarification about this policy, please use the designated contact email. This ensures that your request is directed to the appropriate team for review and response.
Legal Contact: legal@tacey.app
Start Free Trial