← Legal center

Effective April 30, 2026

Privacy Policy

This Privacy Policy is drafted for a commerce AI SaaS product that may process merchant account data, store data, customer conversations, AI prompts, usage data, and support communications.

1. Scope and roles

This Privacy Policy explains how Laris handles personal information when people visit the website, request demos, join early access, contact us, use the service, or interact with Laris-powered merchant workflows.

For website visitors, prospects, account users, and direct business contacts, Laris generally acts as a controller or business. For merchant customer data processed through connected stores, messaging channels, support workflows, and dashboards, Laris generally acts as a processor or service provider on behalf of the merchant, subject to the merchant’s instructions and applicable agreements.

2. Information we may collect

  • Account and contact data: name, business email, phone number, company, role, country, billing contact, and login identifiers.
  • Store and commerce data: product catalog, variants, prices, inventory, orders, checkout links, policies, FAQs, product pages, and store content connected by the merchant.
  • Customer conversation data: messages, inquiries, support requests, order questions, returns, exchanges, product preferences, and conversation metadata from connected channels.
  • AI and visibility data: prompts, AI answer snapshots, competitor mentions, citations, content gaps, recommendations, model outputs, and monitoring results.
  • Usage and device data: IP address, browser, device, pages viewed, feature use, logs, cookies, diagnostics, and approximate location derived from technical data.
  • Support and communications: emails, demo requests, feedback, recordings where disclosed, survey responses, and other information you provide.

3. Sources of information

We may receive information directly from you, from your organization, from merchants that use Laris, from connected platforms and integrations, from service providers, from AI search or public web sources, from analytics tools, and from publicly available sources.

4. How we use information

  • Provide, operate, secure, troubleshoot, and improve Laris.
  • Connect commerce systems, messaging channels, dashboards, and AI discovery monitoring.
  • Generate AI responses, summaries, recommendations, visibility insights, content suggestions, and support workflows.
  • Respond to requests, provide demos, onboard users, deliver support, and communicate about the service.
  • Bill customers, manage accounts, prevent fraud, enforce terms, and comply with legal obligations.
  • Analyze aggregate usage, product performance, reliability, and feature adoption.
  • Send product, security, administrative, and marketing communications where permitted, with opt-out options for marketing.

5. Lawful bases for EEA and UK users

Where GDPR or UK GDPR applies, we rely on lawful bases such as performance of a contract, legitimate interests, consent, compliance with legal obligations, and, where necessary, establishment or defense of legal claims. Our legitimate interests include providing and improving a B2B SaaS product, securing the service, preventing abuse, communicating with business contacts, and understanding product performance.

6. How we share information

We do not sell personal information in the ordinary meaning of selling contact lists for money. We may share information with vendors and subprocessors that help provide hosting, storage, AI processing, analytics, email, payments, security, customer support, logging, and integrations; with connected platforms at your direction; with professional advisers; in business transfers; to comply with law; and to protect rights, safety, and security.

If Laris enables advertising, retargeting, or analytics technologies that may be considered a “sale,” “share,” or targeted advertising under some privacy laws, Laris will provide required choices where applicable.

7. AI processing

Laris may send prompts, context, conversation snippets, store data, and outputs to AI infrastructure providers to generate responses, insights, summaries, recommendations, or monitoring results. We use contractual, technical, and organizational controls designed to limit processing to service-related purposes, but merchants should avoid sending unnecessary sensitive information unless expressly agreed.

8. Cookies and similar technologies

We may use strictly necessary cookies, preference cookies, analytics cookies, and, if enabled, marketing cookies. See the Cookie Policy for more detail. Browser settings and consent tools may allow you to limit some cookies, but disabling necessary cookies may affect service functionality.

9. Retention

We retain personal information for as long as reasonably necessary for the purposes described in this Policy, including to provide the service, comply with legal obligations, resolve disputes, enforce agreements, maintain security, support backups, and preserve legitimate business records. Retention periods vary by data type, account settings, contractual terms, and legal requirements.

10. Privacy rights and choices

Depending on where you live, you may have rights to access, correct, delete, port, restrict, object to, or withdraw consent for certain personal information. California and other U.S. state privacy laws may provide rights to know, delete, correct, opt out of sale or sharing, limit sensitive personal information, and non-discrimination for exercising rights.

If your information is processed by Laris on behalf of a merchant, please contact the merchant first. We will assist the merchant as required by applicable law and agreements.

11. Security, international transfers, and children

We use safeguards designed to protect personal information, but no method of transmission or storage is completely secure. Information may be processed in the United States and other countries where Laris, vendors, or subprocessors operate. Where required, we use appropriate transfer mechanisms.

Laris is not directed to children under 13, and we do not knowingly collect personal information from children. Merchants must not use Laris for children’s data unless expressly authorized in writing and legally compliant.

12. Contact

Privacy requests and questions can be sent through the contact form on this website. We may need to verify your request and your authority to act for an organization or individual.