WunderAgent.ai Data Privacy & AI Use Declaration

Last Updated: February 2025

WunderAgent.ai is a Shopify app provided by Liquify GmbH that segments customers using Large Language Models (LLMs). This declaration explains how we collect, use, and protect personal data in compliance with the European Union’s General Data Protection Regulation (GDPR), the European AI Act, and relevant international data protection laws. Our goal is to maintain transparency, safeguard individuals’ rights, and adhere to responsible AI practices in all our operations.

Liquify GmbH is the responsible entity for WunderAgent.ai and operates as the data processor on behalf of merchants who install the app. Merchants (Shopify store owners) act as the data controllers for any customer data obtained via Shopify.

‍

1. Scope of Data Collection

When you (as a merchant) use WunderAgent.ai, the app accesses and processes certain data from your Shopify store solely for the purpose of customer segmentation and analytics. The types of personal and store data we collect may include:

• Customer Information: Basic profile details of your customers (e.g. name, email, location, Shopify customer ID).
• Order History: Purchase records and transaction details (e.g. products purchased, order dates, order values) used to understand customer behavior.
• Product Data: Information about products in your store (e.g. product categories, tags, descriptions) to help tailor the segmentation insights.

No sensitive personal data (such as payment details or passwords) is collected by WunderAgent.ai. The data accessed is limited to what is necessary to categorize customers and generate segment insights using our LLM-based algorithms. We do not use this data for any purposes other than providing the segmentation service requested by the merchant.

‍

2. Legal Basis for Processing

All personal data processing performed by WunderAgent.ai is conducted under a lawful basis as required by Article 6 of the GDPR:

• Legitimate Interests (Art. 6(1)(f) GDPR): Liquify GmbH processes customer data to fulfill the legitimate interests of the merchant in understanding customer segments and improving marketing or service offerings.
• Consent (Art. 6(1)(a) GDPR): In cases where explicit consent is required (e.g., for certain marketing or analytics use), the merchant must ensure they have obtained proper consent from customers before using WunderAgent.ai.

Merchant Responsibilities: As the data controller, the merchant is responsible for complying with all applicable data protection laws when using WunderAgent.ai. This includes providing a GDPR-compliant privacy notice on their Shopify store, obtaining the necessary consents, and honoring opt-out preferences. Liquify GmbH acts as a data processor under the merchant’s instructions.

‍

3. Data Retention

Customer data is retained for 12 months from the time of collection, unless a shorter period is required by law or directed by the merchant. After 12 months, the data is deleted or anonymized. We may retain aggregated, non-identifiable insights for statistical purposes or to improve our algorithms, but such information does not contain personal data.

If you uninstall the app, we remove or anonymize all personal data within our systems, in accordance with Shopify’s mandatory data deletion guidelines, unless we must retain it to comply with a specific legal obligation.

‍

4. Data Subject Rights

In accordance with GDPR and Shopify’s data management frameworks, individuals whose data is processed via WunderAgent.ai have the following rights:

• Right of Access (Art. 15 GDPR): Request information about personal data processed and obtain a copy.
• Right to Rectification (Art. 16 GDPR): Correct or update inaccurate personal data.
• Right to Erasure (Art. 17 GDPR): Request deletion of personal data under certain circumstances.
• Right to Object (Art. 21 GDPR): Object to processing for specific purposes, such as profiling or direct marketing.

Data subjects (end-customers) should contact the relevant merchant (store owner) to exercise these rights. We will assist merchants in fulfilling valid data requests, typically via Shopify’s built-in GDPR-compliance tools.

‍

5. Security Measures

We maintain technical and organizational measures (Art. 32 GDPR) to protect personal data:

• Encryption: Data is encrypted in transit (TLS/HTTPS) and at rest.
• Access Controls: Strict role-based access ensures only authorized personnel can access personal data.
• Monitoring & Audits: We conduct periodic internal audits and monitoring to detect any unauthorized access or anomalies.
• Confidentiality: All staff with access to personal data have signed confidentiality agreements and receive ongoing data protection and security training.

In the event of a data breach that affects personal data, we will promptly notify the impacted merchant(s) and relevant authorities, following GDPR’s breach notification requirements.

‍

6. No Third-Party Data Sharing

WunderAgent.ai does not sell, rent, or share your customers’ personal data with external third parties outside of Shopify. Any third-party services we use (e.g., cloud hosting providers) are considered subprocessors, with whom we have proper Data Protection Agreements to ensure GDPR compliance. No data is disclosed for unrelated purposes.

‍

7. Compliance with the European AI Act

Under the European AI Act, WunderAgent.ai is classified as an AI system providing customer segmentation and profiling functionalities. We fulfill our legal and ethical obligations by:

1. Risk Management & Mitigation: We have implemented a risk management system to assess potential hazards and bias in our segmentation algorithms. This system is regularly reviewed and updated in compliance with the AI Act’s risk classification framework.
2. Ethical Check for Prompts: For every prompt (segmentation request) the merchant sends, WunderAgent.ai performs an ethical check that identifies potential biases or sensitive attributes (e.g., religion, ethnicity, gender). If we detect prompts that could lead to unlawful discrimination or harm, we may flag or block them as appropriate.
3. Transparency & Traceability: We provide information to merchants about how our AI functions and highlight any limitations or potential risks. Where required, we record and store audit logs that enable merchants or regulators to trace AI-related decisions.
4. Human Oversight: Despite the advanced automation, merchants bear ultimate responsibility for reviewing segmentation recommendations and ensuring they comply with all relevant laws. We encourage merchants to maintain human oversight when making final decisions impacting customers.
5. Ongoing Monitoring: We continuously monitor the performance of our AI system to detect bias or adverse outcomes. We apply remedial measures if our analysis indicates a potential violation of human rights or unfair treatment of certain customer groups.
6. Merchant Responsibility: Merchants must ensure that their use of WunderAgent.ai aligns with the AI Act and other applicable laws, especially when using automated data processing for decision-making (e.g., profiling). Merchants should not rely solely on our platform for ethically sensitive decisions or where explicit legal compliance is required for data processing involving protected attributes.

‍

8. Contact Information

Liquify GmbH is not required to appoint a formal Data Protection Officer (DPO) given the nature and scale of processing; however, we remain committed to addressing any data protection or AI-related inquiries. For further questions, to exercise your data rights, or to report concerns:

Liquify GmbH
Attn: Data Privacy Inquiry – WunderAgent.ai
Neckarstraße 122, 70190 Stuttgart, Germany
Email: privacy@wunderagent.ai
Phone: +49 (0) 711 50455717

If you are a customer of a specific Shopify store, please contact the store owner first, as they are the data controller.

9. Policy Updates

We may update this declaration in response to changes in our services, legal requirements, or industry best practices. The most current version is available at https://www.wunderagent.ai. If significant changes are made, we will notify our merchants accordingly. Continued use of our app after changes to this policy indicates your acceptance of the revised terms.

Thank you for reading our Data Privacy & AI Use Declaration. By responsibly leveraging AI technologies, we aim to help merchants gain insights while safeguarding data privacy, human rights, and compliance with EU and international regulations.