Legal
Privacy Policy
RaeJax Inc. · RecoverAIO · Effective March 17, 2026
Company: RaeJax Inc. ("RecoverAIO," "we," "us," "our")
Support: support@recoveraio.comWebsite: recoveraio.com
Effective Date: March 17, 2026
1. Information We Collect
When you install and use the App, we collect and process the following categories of information:
- Merchant / store information: Store domain, Shopify store identifiers, app configuration settings (workflow toggles, discount policy, brand voice)
- Customer and order information: Customer email (hashed as HMAC-SHA256 for our AI system), checkout data, subscription details, and order history — only as necessary to run recovery workflows
- Recovery action data: Queue status, send status, delivery metadata from Postmark (open events, click events, bounce events)
- CustomerBehaviorSignals: Email lifecycle events (opened, clicked, ignored, bounced, recovered) stored as hashed email fingerprints — never raw PII
- AgentDecision records: AI recovery scores, confidence ratings, reasoning strings, and feature snapshots associated with each recovery decision
- Privacy compliance requests: Shopify privacy webhook payloads for audit and compliance
2. How We Use Information
We use collected information to:
- Operate three recovery workflows — Cart Recovery, Subscription Save, Win-Back — via specialized AI agents
- Route recovery decisions through the IntentSense Factory (Claude Sonnet) with behavioral signal context
- Store and process CustomerBehaviorSignals to improve agent decision quality over time
- Send recovery emails on behalf of merchants via Postmark
- Generate personalized email copy using merchant-provided settings and order context
- Maintain decision logs and reasoning strings for merchant transparency
- Process and audit privacy compliance requests
3. Three Specialized Agents — Data Processing
RecoverAIO operates three specialized AI agents. Each agent processes a specific category of customer and order data:
- Cart Recovery Agent: Processes checkout token, cart value, item list, abandonment timestamp, customer order count
- Subscription Save Agent: Processes plan name, failed charge amount, retry count, failure reason, customer tenure
- Win-Back Agent: Processes days since last order, lifetime value, average order value, top product categories
In all cases, customer email addresses are hashed before storage in our behavioral signal system. Raw email addresses are used only for email delivery and are not stored in AI decision records.
4. Sharing of Information
We share data only as needed to operate the App:
- Anthropic (Claude Sonnet) — for AI inference. Only hashed identifiers and order context are transmitted.
- Postmark — for email delivery
- Shopify — for app functionality, authentication, and compliance
- Infrastructure providers — hosting, database, Railway deployment
- Authorities — if required by law
We do not sell personal information.
5. HITL Escalation and Merchant Control
When our AI agents have confidence below 70% on a recovery decision, the action is placed in the merchant's Queue for human review (HITL escalation) before any email is sent. Merchants retain full control to approve, modify, or dismiss any escalated action.
A Global Kill Switch is available in Settings to immediately suspend all agent actions.
6. Data Retention
We retain data only as long as necessary:
- RecoveryAction records and send logs — for troubleshooting and auditing
- CustomerBehaviorSignals (hashed) — to improve agent decisions; purged on shop redaction
- AgentDecision records — for merchant transparency and audit
- Privacy request records — as required by applicable law
7. Data Deletion and Privacy Requests
The App supports Shopify's required privacy compliance mechanisms. Upon receiving Shopify privacy webhooks (customer redaction, shop redaction), we delete all associated data including CustomerBehaviorSignals, AgentDecision records, RecoveryAction records, and RecoveryEvent records.
Contact support@recoveraio.com for manual deletion requests.
8. Security
Customer identifiers in our AI and behavioral signal systems are stored as HMAC-SHA256 hashes and cannot be reverse-engineered. We implement reasonable technical and administrative safeguards across all systems.
9. International Transfers
Data may be processed in countries where our service providers operate. We rely on appropriate transfer mechanisms where required by law.
10. Children's Privacy
The App is intended for merchants and is not directed at children under 13.
11. Changes to This Policy
We may update this policy from time to time. Updates will be posted with a revised effective date.