Shopify App Store Compliance Addendum

This Shopify App Store Compliance Addendum ("Addendum") supplements the Master Subscription Agreement (the "Agreement") between Social4Commerce Inc. ("Company," "we," "us," or "our") and the Customer ("You" or "Your") and applies when You install and use the Sell & Tell application (the "App") through the Shopify App Store. This Addendum governs the relationship between the Company, You, and Shopify Inc. ("Shopify") with respect to the distribution and use of the App within the Shopify ecosystem.

In the event of any conflict between this Addendum and the Agreement, this Addendum shall control with respect to the subject matter herein. Capitalized terms not defined in this Addendum have the meanings assigned to them in the Agreement.

1. Shopify Platform Relationship

1.1 Shopify as Distribution Channel

The App is distributed through the Shopify App Store as a third-party application built on the Shopify platform using Shopify's APIs, SDKs, and developer tools. Shopify is not a party to the Agreement or this Addendum. Shopify does not endorse, warrant, guarantee, or assume any responsibility for the App or the Services. The Company is solely responsible for the App, its content, and all claims relating thereto.

1.2 Shopify Partner Program Compliance

The Company is a participant in the Shopify Partner Program and is bound by the Shopify Partner Program Agreement, the Shopify API License and Terms of Use, and all applicable Shopify policies (collectively, "Shopify Partner Terms"). The Company represents and warrants that the App complies with the Shopify Partner Terms, including Shopify's requirements for app functionality, user experience, API usage, data handling, and security. In the event that Shopify modifies the Shopify Partner Terms in a manner that requires changes to the App or the Services, the Company will implement such changes within the timeframes required by Shopify.

1.3 Shopify Billing Integration

If You install the App through the Shopify App Store, Your Subscription Fees may be processed through the Shopify Billing API and will appear on Your Shopify invoice. In this case:

Shopify acts as the payment processor for Subscription Fees collected through the Shopify Billing API;
Subscription Fees are subject to Shopify's payment terms and billing cycles;
The Company may not have access to Your payment card information, as payment is processed entirely through Shopify;
Refunds for Subscription Fees processed through Shopify will be issued as Shopify App Credits in accordance with Shopify's refund policies, unless the Company and Shopify agree to process refunds directly to Your payment method;
Shopify charges the Company a revenue share commission on Subscription Fees collected through the Shopify Billing API, which does not affect the Subscription Fee amount charged to You.

If You elect to subscribe directly through sellandtell.ai rather than through the Shopify App Store, the billing terms in the Agreement apply without modification.

2. App Installation and Permissions

2.1 OAuth Scopes and Permissions

When You install the App, You will be asked to authorize specific access permissions ("OAuth Scopes") that the App requires to function. The following table describes the Shopify OAuth Scopes requested by the App and the purpose of each:

The App requests only the minimum OAuth Scopes necessary to provide the Services. If Shopify introduces more granular permission scopes in the future, the Company will update the App to request the most limited scopes possible. The Company does not request or store Shopify API keys, secret keys, or access tokens beyond what is necessary for the authenticated connection.

2.2 Installation and Uninstallation

Upon installation, the App will: (a) authenticate via Shopify's OAuth 2.0 flow; (b) install the SELL agent Widget script on Your storefront using the Script Tags API or the App Embed block; (c) begin indexing Your product catalog to train the SELL agent's conversational context; and (d) configure the TELL dashboard to begin receiving Shopper Interaction Data.

Upon uninstallation of the App through the Shopify Admin: (a) the Widget script will be automatically removed from Your storefront; (b) the Company will receive the Shopify app/uninstalled webhook and will cease processing new Shopper Interaction Data from Your store; (c) Your existing data will be handled in accordance with the data retention provisions in the Agreement and the Data Processing Agreement; and (d) any active Subscription billed through the Shopify Billing API will be cancelled in accordance with Shopify's cancellation procedures.

Uninstallation of the App does not automatically terminate the Agreement. If You wish to terminate the Agreement, You must follow the termination procedures described in the Agreement.

2.3 Mandatory Webhooks

In compliance with Shopify's mandatory webhook requirements, the App processes the following webhooks:

customers/data_request: When Shopify forwards a data subject access request, the Company will compile and return the requested personal data within thirty (30) days, in accordance with applicable privacy laws.
customers/redact: When Shopify forwards a customer data erasure request, the Company will delete or anonymize the specified customer's personal data within thirty (30) days, except where retention is required by law or for the establishment, exercise, or defense of legal claims.
shop/redact: Within forty-eight (48) hours after receiving a shop data erasure webhook (which Shopify sends forty-eight hours after uninstallation), the Company will initiate the deletion of all store-specific data, completing the process within thirty (30) days.

3. Data Handling and Shopify API Compliance

3.1 Shopify API Terms Compliance

The Company represents and warrants that its use of Shopify's APIs complies with the Shopify API License and Terms of Use, including the following requirements:

The App does not access Shopify APIs in ways that exceed the rate limits established by Shopify or that could degrade the performance of Shopify's platform;
The App does not store Shopify data beyond what is necessary to provide the Services, and deletes Shopify data within the timeframes required by Shopify's data retention requirements;
The App does not use Shopify data for purposes other than providing the Services to the Customer whose store the data originated from, except for the creation of Aggregate Data as described in the Agreement;
The App does not sell, rent, lease, or otherwise commercially exploit Shopify merchant or customer data;
The App complies with Shopify's requirements for data encryption in transit and at rest.

3.2 Data Flow Architecture

The following describes the flow of data between Your Shopify store, the App, and the Sell & Tell platform:

Shopify to Sell & Tell: Product catalog data, order data, and customer data are accessed via authenticated Shopify REST and GraphQL APIs using the OAuth Scopes described in Section 2.1. This data is used to power the SELL agent's product knowledge and the TELL dashboard's conversion analytics.
Shopper Browsers to Sell & Tell: Shopper Interaction Data (responses to polls, reactions, taps, quick questions, and other micro-interactions with the SELL agent Widget) is transmitted directly from the Shopper's browser to the Sell & Tell platform via encrypted HTTPS connections. This data does not pass through Shopify's servers.
Sell & Tell to Shopify: The App writes only the Widget script tag (or App Embed block configuration) to Your Shopify store. The App does not write customer data, order data, product data, or any other data back to Your Shopify store, except where explicitly enabled by You through integration features (such as customer tagging or metafield updates) and authorized by the applicable OAuth Scopes.

3.3 Shopify Protected Customer Data

The Company acknowledges that certain customer data accessed through Shopify's APIs is classified as "Protected Customer Data" under the Shopify Partner Terms. The Company agrees to handle all Protected Customer Data in accordance with Shopify's requirements, including: (a) obtaining customer consent before using Protected Customer Data for marketing purposes; (b) providing customers with the ability to request deletion of their data; (c) not using Protected Customer Data to build competitive products or to contact customers for any purpose unrelated to the Services; and (d) implementing Shopify's required security measures for the storage and processing of Protected Customer Data.

3.4 Shopify Customer Privacy API

The App integrates with Shopify's Customer Privacy API to respect customer consent preferences set through Shopify's native consent management tools. When a Shopper has not provided consent for data collection (as indicated by the Customer Privacy API), the SELL agent Widget will operate in a limited mode that does not collect or store personal data. The specific behavior in limited mode includes:

No persistent cookies or identifiers are set on the Shopper's device;
Conversation data is processed in-session only and is not stored after the session ends;
The Widget will still display and function, but Shopper Interaction Data will not be attributed to an identifiable visitor.

4. Widget Embedding and Storefront Compliance

4.1 Storefront Performance

The Company is committed to ensuring that the SELL agent Widget does not materially degrade the performance of Your Shopify storefront. The Company adheres to the following performance standards:

Script Size: The initial Widget loader script is less than 50 KB (gzipped). The full Widget application is loaded asynchronously and does not block page rendering.
Load Impact: The Widget is designed to add no more than 100 milliseconds to the page's Time to Interactive (TTI) metric under normal network conditions.
Core Web Vitals: The Widget is designed and tested to not cause a material negative impact on Your store's Core Web Vitals scores (Largest Contentful Paint, First Input Delay / Interaction to Next Paint, and Cumulative Layout Shift).
Error Isolation: The Widget runs in an isolated execution context. JavaScript errors within the Widget do not propagate to or affect Your storefront's other scripts, theme code, or functionality.

4.2 Theme Compatibility

The App is designed to be compatible with all published Shopify themes, including both Shopify Online Store 2.0 themes (which support App Embed blocks) and legacy themes (which use Script Tags). The Company tests the Widget against Shopify's most popular free and paid themes. If You experience a compatibility issue with Your specific theme, the Company will use commercially reasonable efforts to resolve the issue within the standard support SLA timeframes.

4.3 Shopify App Store Listing

The App's listing in the Shopify App Store includes: (a) an accurate description of the App's functionality; (b) a clear statement of the data the App accesses and the purposes for which it is used; (c) a link to this Addendum and the Agreement; (d) a link to the Company's Privacy Notice; (e) contact information for Customer support; and (f) representative screenshots and demonstration materials. The Company will keep the App Store listing accurate and up to date.

5. Shopify-Specific Privacy Obligations

5.1 GDPR and Shopify

For Customers whose stores serve Shoppers in the European Economic Area, the United Kingdom, or Switzerland, the Company's data processing activities are governed by the Data Processing Agreement, which incorporates Standard Contractual Clauses for international data transfers. The Company's GDPR compliance extends to all data accessed through Shopify's APIs, including Protected Customer Data.

5.2 CCPA/CPRA and Shopify

For Customers whose stores serve Shoppers who are California residents, the Company acts as a "service provider" under the California Consumer Privacy Act and the California Privacy Rights Act. The Company does not "sell" or "share" (as those terms are defined under CCPA/CPRA) any personal information obtained from Shoppers through the Widget or from Shopify through the APIs. The Company's CCPA/CPRA obligations are further described in the Data Processing Agreement.

5.3 Shopify's Data Protection Addendum

To the extent that Shopify's Data Protection Addendum ("Shopify DPA") imposes obligations on app developers that are more restrictive than those in the Company's Data Processing Agreement, the Company will comply with the more restrictive requirements with respect to data accessed through Shopify's APIs. The Company regularly reviews updates to the Shopify DPA and will modify its data handling practices as necessary to maintain compliance.

6. App Updates and Shopify Platform Changes

6.1 App Updates

The Company will maintain and update the App to remain compatible with Shopify's platform, APIs, and requirements. Updates may include: (a) compatibility fixes for Shopify platform updates; (b) compliance with new or modified Shopify Partner Terms; (c) security patches and vulnerability fixes; (d) feature enhancements and performance improvements; and (e) updates to OAuth Scopes (which may require re-authorization). Material changes to the App's functionality or data access requirements will be communicated to Customers in advance through in-app notifications, email, or the TELL dashboard.

6.2 Shopify API Versioning

Shopify uses date-based API versioning and periodically deprecates older API versions. The Company commits to: (a) adopting new stable Shopify API versions within ninety (90) days of their release; (b) migrating off deprecated API versions before their end-of-support date; and (c) testing the App against release candidate versions of upcoming Shopify APIs to identify and resolve compatibility issues before they affect Customers.

6.3 Shopify Platform Changes

If Shopify makes changes to its platform, APIs, or policies that materially affect the functionality of the App or the Services, the Company will: (a) notify affected Customers within ten (10) business days of becoming aware of the change; (b) provide a timeline for implementing necessary updates; and (c) use commercially reasonable efforts to minimize disruption to the Services. If a Shopify platform change renders the App materially non-functional and the Company is unable to restore functionality within sixty (60) days, Customer may terminate the Agreement and receive a pro-rata refund of any prepaid Subscription Fees.

7. App Store Reviews and Compliance

7.1 Shopify App Review

The App is subject to Shopify's app review process, including initial review for App Store listing and periodic re-reviews for continued compliance. The Company will cooperate fully with Shopify's review process and promptly address any issues identified by Shopify's review team. If Shopify requires changes to the App as a condition of continued listing in the App Store, the Company will implement such changes within the timeframes specified by Shopify.

7.2 App Suspension or Removal

In the event that Shopify suspends or removes the App from the Shopify App Store:

Temporary Suspension: If the App is temporarily suspended, the Company will: (a) notify affected Customers within twenty-four (24) hours; (b) work with Shopify to resolve the underlying issue as quickly as possible; and (c) provide status updates to Customers at least every forty-eight (48) hours until the suspension is resolved. During a temporary suspension, the App will continue to function for existing installations unless Shopify disables the App's API access.
Permanent Removal: If the App is permanently removed from the Shopify App Store, the Company will: (a) notify all affected Customers within forty-eight (48) hours; (b) provide Customers with instructions for exporting their data; (c) continue to provide the Services through direct subscription (outside the Shopify App Store) for the remainder of the then-current Subscription Term; and (d) provide a transition period of not less than ninety (90) days during which Customer can migrate to alternative solutions.

8. Customer Responsibilities

When using the App within the Shopify ecosystem, You are responsible for:

Maintaining Your Shopify store in good standing and complying with Shopify's terms of service;
Ensuring that Your use of the App does not violate any Shopify policies, including Shopify's Acceptable Use Policy;
Providing any required disclosures to Shoppers about the SELL agent Widget, as described in the Acceptable Use Policy and the Data Processing Agreement;
Keeping Your Shopify store's theme and third-party apps updated to maintain compatibility with the App;
Promptly re-authorizing the App if Shopify or the Company requests updated OAuth permissions;
Reviewing and understanding the Shopify Partner Terms as they relate to Your obligations as a merchant using third-party apps;
Notifying the Company if You receive any communication from Shopify regarding the App, including compliance requests, data subject requests, or security notices.

9. Intellectual Property and Shopify

The Company's intellectual property rights in the App, including the SELL and TELL AI agents, Widget code, algorithms, and all associated technology, are not affected by the distribution of the App through the Shopify App Store. Shopify does not acquire any ownership interest in the App or its components. The Company grants Shopify only those rights necessary for Shopify to host, distribute, and facilitate the installation of the App, as specified in the Shopify Partner Terms.

Customer acknowledges that certain elements of the App's functionality depend on Shopify's platform, APIs, and infrastructure, which are the property of Shopify and subject to Shopify's terms. The Company does not grant any rights to Shopify's intellectual property, and Customer's use of Shopify's platform is governed by Customer's separate agreement with Shopify.

10. Limitation of Liability Regarding Shopify

The Company shall not be liable for: (a) any loss or damage arising from Shopify's suspension, modification, or discontinuation of the Shopify App Store, Shopify's APIs, or Shopify's platform; (b) any changes to Shopify's pricing, billing, or revenue share that affect the cost of the Services; (c) any data loss resulting from Shopify's handling of data that is outside the Company's control; (d) any failure of Shopify's infrastructure that affects the availability of the App; or (e) any actions taken by Shopify against Customer's store that affect the App's ability to function.

The overall limitations of liability in the Agreement apply to this Addendum. Nothing in this Addendum creates any liability of the Company to Shopify or of Shopify to Customer beyond what is established in each party's respective agreements.

11. Contact Information

For questions about this Addendum or the App's Shopify integration: Technical Support: support@sellandtell.ai Privacy Inquiries: privacy@sellandtell.ai General Legal: legal@sellandtell.ai Social4Commerce Inc.