GDPR / CCPA
How elNudge supports GDPR and CCPA compliance for merchants and their visitors.
GDPR
Data Processing Agreement (DPA)
If you are a merchant operating in the European Union or handling EU visitor data, you may need a Data Processing Agreement with elNudge. A DPA is available on request — email [email protected] with the subject line "DPA request" and we will send a countersigned copy within 2 business days.
Data storage
By default, all elNudge data is stored in the EU region (Frankfurt). No visitor data collected on your site is transferred outside the EU except as described below:
- Conversation transcripts are sent to the Anthropic Claude API (US-based) for AI processing. Anthropic processes data under a commercial data processing agreement and does not use this data for training.
- Voice transcription is handled by Deepgram (US-based) under a commercial DPA.
Data retention
| Plan | Session data | Conversation transcripts |
|---|---|---|
| Starter | 90 days | 12 months |
| Growth | 90 days | 12 months |
| Scale | 12 months | 12 months |
| Enterprise | Custom | Custom |
Data is automatically purged after the applicable retention period.
Visitor data deletion
To delete all elNudge data for a specific visitor:
DELETE https://api.elnudge.com/v1/visitors/:visitor_id
Authorization: Bearer sk_live_XXXXXXXXYou can also submit a deletion request via [email protected] if you do not have the visitor ID.
Deletions are processed within 30 days and are irreversible.
Your privacy policy
As a merchant using elNudge, you are the data controller. You are responsible for disclosing your use of elNudge in your privacy policy. You can copy and adapt the template paragraph below.
Template privacy policy disclosure
We use elNudge, an AI-powered sales assistant service provided by elSapiens Technologies. elNudge collects anonymised behavioral data from visitors to our site — including page views, scroll depth, and cart interactions — to personalise sales nudges and chat responses. elNudge does not use cookies, does not track visitors across other websites, and does not collect personal information such as names or email addresses unless you engage with the chat feature. Data is stored in the EU. For more information, see the elNudge Privacy Policy.
CCPA
elNudge does not sell personal information
Under the California Consumer Privacy Act (CCPA), "selling" personal information has a broad definition. elNudge does not sell personal information as defined by CCPA. Visitor data collected on your site is used solely to provide the elNudge service to you. It is not disclosed to third parties for monetary or other valuable consideration.
Deleting a California resident's data
If a California resident exercises their right to deletion, you can fulfil the request by calling:
DELETE https://api.elnudge.com/v1/visitors/:visitor_id
Authorization: Bearer sk_live_XXXXXXXXThis permanently removes all behavioral events, conversation transcripts, and profile data elNudge holds for that visitor.
If you do not have the visitor ID, submit the request to [email protected] with the visitor's email address (if provided via the identify call) or the approximate date range of their visit. We will locate and delete the record within 30 days.
Opt-out
elNudge does not participate in targeted advertising and does not share data with advertising networks. There is no opt-out mechanism required for elNudge beyond the visitor data deletion API described above.
Shopify GDPR webhooks
If you installed elNudge through the Shopify App Store, Shopify requires you to handle three mandatory GDPR webhook endpoints. See the GDPR Webhook Endpoints guide for details on payload format and your obligations.