Privacy Policy

Last updated: 16 March 2026

Who we are

Nexology Ltd is a company registered in England and Wales. We build AI-powered product discovery tools for Shopify fashion brands.

This policy explains what personal data we collect, why we collect it, and what rights you have. It covers three groups of people: visitors to our website, merchants who use our Shopify app, and shoppers who visit stores using our app.

Information for website visitors

What happens when you visit nexology.co.uk

Our website does not set cookies, run analytics, or load resources from third-party services. All fonts, scripts, and stylesheets are served from nexology.co.uk.

Standard web server logs may record your IP address, the pages you visit, and your browser type. We use these logs solely for security monitoring. They are retained for 90 days and then deleted automatically.

If you contact us

Our contact form collects your name, email address, company name (optional), and message. This information is sent to our team via Amazon Web Services Simple Email Service (AWS SES) in the UK. You can also email us directly at hello@nexology.co.uk.

We use the information you provide to respond to your enquiry. We process it on the basis of legitimate interest — specifically, our interest in responding to people who contact us. We keep enquiry data for the duration of any resulting relationship. If no relationship forms, we delete it after responding.

Information for merchants

This section applies to you if you install and use the Nexology Aesthetic AI Shopify app.

What we collect

  • Your Shopify shop domain and shop identifier.
  • A Shopify access token, which we store encrypted using AWS Key Management Service.
  • Your configuration choices in the Nexology admin (product visibility rules, synonym settings).
  • IP addresses that appear incidentally in infrastructure logs when you use the admin interface.

Why we collect it

  • To connect to your Shopify store and provide search, recommendation, and analytics services. This is necessary to perform our contract with you.
  • To operate and secure our infrastructure. This is based on our legitimate interest in running a reliable and secure service. We have conducted a Legitimate Interests Assessment, which is available on request.

How long we keep it

  • Account data: Duration of your subscription, plus 30 days as a grace period.
  • Access tokens: Deleted immediately when you uninstall the app.
  • Configuration and product data (product visibility rules, embeddings): Retained for 48 hours after uninstall to allow fast reinstall, then permanently deleted.
  • Infrastructure logs: Retained for 90 days, then deleted automatically.

When you uninstall the app, we begin deleting your data. Your access tokens are removed immediately. Remaining data (configuration, product embeddings, interaction data) is permanently deleted within 48 hours via Shopify's data erasure process. Our Data Processing Agreement sets out the full deletion schedule.

Who we share it with

We use the following service providers to deliver the app:

  • Amazon Web Services (London, UK) — infrastructure, compute, and storage.
  • Qdrant Cloud (EU) — vector database for product search.
  • Shopify — platform services, authentication, and billing.

We do not sell personal data. We do not share your data with any other third party. A full sub-processor list is available on request.

International transfers

The vast majority of the personal data we process is stored securely within the United Kingdom (AWS London) and the European Economic Area (Qdrant Cloud).

Occasionally, our trusted sub-processors may need to transfer limited operational data outside the UK or EEA, such as to the United States. Where this happens, we ensure your data remains fully protected under UK data protection law. We only allow these transfers where there is a legally recognised adequacy decision in place (such as the UK Extension to the EU-US Data Privacy Framework) or where appropriate safeguards, like Standard Contractual Clauses, are strictly enforced.

Your rights

Under UK data protection law, you have the right to:

  • Access the personal data we hold about you.
  • Have inaccurate data corrected.
  • Have your data deleted.
  • Receive your data in a portable format.
  • Object to processing based on legitimate interests.

To exercise any of these rights, contact us at data@nexology.co.uk. We will respond within one month.

If you are not satisfied with our response, you can complain to the Information Commissioner's Office: ico.org.uk, telephone 0303 123 1113.

For full contractual detail on how we process data as part of the app service, refer to our Data Processing Agreement, which is provided to all merchants before installation.

Information for shoppers

This section applies to you if you visit a Shopify store that uses Nexology's search and recommendation features. The store owner (the merchant) is the data controller for your experience. Nexology acts as a data processor on their behalf.

What happens when you use a store with Nexology

A small JavaScript widget provides search and recommendation features on the store. When you search for a product or click on a recommendation, an interaction event is recorded. This event contains the search text or product identifier, plus a timestamp.

What we do not collect

  • We do not collect your name, email address, account information, or any other identifying details.
  • We do not set cookies on the store.
  • We do not use persistent identifiers to track you across visits or sessions.
  • We do not process your IP address. Your requests pass through Shopify's App Proxy, which replaces your IP address with a Shopify infrastructure address before the request reaches us.

How the widget works

Nexology returns only product identifiers to the store. Your browser then loads product details (images, prices, descriptions) directly from Shopify. Nexology never sees, transmits, or stores the product content shown to you.

Your rights

Because the merchant is the data controller for your store experience, please contact the merchant directly to exercise your data rights. The merchant will work with us to respond. If you are unsure how to contact the merchant, look for a privacy policy link in their store footer.

Changes to this policy

We may update this policy from time to time. Material changes will be published on this page with an updated date. If you are a merchant with an active subscription, we will notify you of material changes by email.

Contact

For any questions about this policy or your personal data: