Data & Trust

One data pipeline. Two promises kept.

Optonomous runs your store's operations and, with your opt-in, turns the resulting work into de-identified research datasets. This page explains exactly how that data is sourced, protected, and shared — for the merchants who generate it and the AI labs who license it.

First-party origin

Data is generated on our own platform as our agents operate real stores — never scraped, never bought from brokered panels.

Consent + revenue share

Nothing enters a dataset unless a merchant opts in. Participating merchants share in the revenue their operational data generates.

Payment data excluded

We don't store cardholder data, and no PCI / payment data ever enters the sellable pipeline. It's excluded at source.

PII de-identified

PII is redacted before data leaves its source system, and re-identification risk is scored against k-anonymity thresholds.

Aggregated where it matters

Cohort-level products are k-anonymous aggregates — grouped segments above a minimum threshold, with no household-level tracking.

Opt-out & deletion

Merchants can opt out at any time, which halts collection. Deletion requests propagate to derived datasets per our retention policy.

What we share — and what we never do

The line is simple: operational signal can be licensed once it's de-identified; identity and payment data never leave your store.

DataUsed in datasets?Detail
Agent actions & outcomes (de-identified)YesContext, tool calls, results, and verified outcomes — with identifiers removed.
Support conversationsYes — PII-scrubbedMulti-turn transcripts with names, emails, addresses, and order identifiers redacted.
Basket / catalog signalYes — de-identifiedItemized purchase and product data with consumer identity removed; aggregated where appropriate.
Customer names, emails, addresses (PII)NeverRedacted before data leaves the source system.
Card numbers / payment credentials (PCI)NeverWe don't store cardholder data; it's excluded at source and never enters the pipeline.
Anything from a merchant who hasn't opted inNeverParticipation is explicit opt-in only.

Built for both sides of the table

For merchants

  • Enrolling in the data program is optional and reversible.
  • You share in the revenue from datasets derived from your operations — offsetting (or exceeding) your subscription.
  • Only de-identified operational data is ever shared. Your customers' PII and payment data stay in your store.
  • You can review what's shared, opt out, or request deletion at any time.
See the rev-share program

For AI labs & data buyers

  • First-party provenance: we operate the platform the data comes from and can attest to its origin.
  • Documented de-identification: PII redaction, k-anonymity risk scoring, hard PCI exclusion.
  • Consent basis: merchant opt-in + revenue share, recorded at enrollment.
  • We can share our methodology, sample data, and diligence materials on request.
Explore Optonomous Research

Compliance posture

Bracketed items below are being finalized — see our Privacy Policy, Terms, and DPA for the binding detail.

Shopify Protected Customer Data

We follow Shopify's Protected Customer Data requirements and data-minimization expectations for apps that access customer data. Current status: [ Level — TBD / under review ].

Payments & PCI

Optonomous does not store cardholder data; payment processing is handled by [ processor — TBD ]. PCI / payment data is excluded from all datasets at source.

GDPR / UK GDPR

For EU/UK data, processing relies on a documented legal basis recorded per region; cross-border transfers use [ SCCs / mechanism — TBD ]. Coverage is scoped to regions we can defend.

US state privacy (CCPA/CPRA & others)

We honor consumer rights requests routed through merchants and provide deletion propagation to derived datasets. Details in the [ Privacy Policy — pending counsel ].