New: give your agents governed data they can query and write to, no warehouse to run.Get started
Nightshift

Nightshift for Retail

Ask your commerce data anything. Your team and your agents.

Orders, inventory, pricing, and customers live in dozens of systems. Connect them once and Nightshift gives your merchandising, supply, and support teams and their agents warehouse-grade reads across all of it, with no warehouse to stand up and customer PII masked before it leaves. Agents draft refunds, fraud flags, and ticket updates back into Nightshift for a human to approve, and nothing they write ever touches checkout or payments.

Commerce catalog4 sources
SHshopify.orders4.2M rows6.1kGoverned
CRcrm.customersPII2.3kGoverned
INinventory.snowflake12M rows4.4kGoverned
PRpricing.apipolicy510Governed
Governed catalog · customer PII masked before it leaves

One catalog, three agents

Each agent gets its own slice.

Merchandising agent

Catalog + inventory

Pricing, stock, and trends across stores. No customer PII.

Support agent

Orders

Order lookups with email and phone hashed. Drafts refunds for your team to approve, never against payments.

Supply agent

Inventory

Stock levels and supplier lead times, region by region.

Cross-source root cause

Find the margin leak, down to the SKU.

An agent connects Nightshift over MCP and attributes a 2.7-point gross-margin drop across Shopify, SAP, Salesforce, and the warehouse, down to the SKU and cause. No single system holds this answer: the catalog composes all four into one governed query.

Q3 gross-margin droptotal-2.7 pt
SKUShopifyDiscount depthSalesforceLanded costSAPMargin ΔWarehouse
SKU-402128%+6%-0.9 pt
SKU-883015%+3%-0.7 pt
SKU-11749%+11%-0.5 pt
SKU-665022%+2%-0.4 pt
SKU-339012%+4%-0.2 pt
Composed across Shopify, Salesforce, SAP, and the warehouse in one governed query · no single system holds this join

The boundary

Reads cross. Writes land in Nightshift, never in checkout.

An agent reads commerce, CRM, and inventory through the catalog, and writes its work, a drafted refund, a fraud flag, a ticket update, into Nightshift’s own tables, where your team approves it before anything executes. Nothing an agent writes touches checkout or the payment system until a person signs off.

support-agentreadsCatalogCommerce / CRMallowed
support-agentwritesNightshift tablesheld for approval
support-agentwritesCheckout / paymentsblocked

Customer PII

Enough to help. Not enough to leak.

A support agent needs the order, not the shopper. Contact and payment fields are hashed or dropped in the view, so they never reach the agent or its model.

At the sourcecrm.customers
NameAlex Morgan
Emailalex@email.com
Phone(415) 555-0199
Address24 Powell St, SF
Order total$182.40
Loyalty tierGold
Cardvisa ••4821
What the agent receivescrm.customers
NameAlex Morgan
Email•••• masked
Phone•••• masked
Address•••• masked
Order total$182.40
Loyalty tierGold
Carddenied

What agents do

Agents on commerce data, not customers.

Help the shopper

A support agent that looks up orders with email, phone, and address masked, and drafts the refund or ticket update into Nightshift for your team to approve, never against checkout or payments.

Tune the assortment

Read pricing, stock, and trends across stores to suggest merchandising, with no customer PII in scope.

Watch the supply

Read inventory and supplier lead times region by region to flag a stockout before it happens.

Omnichannel

Every channel, one governed catalog.

Web, stores, marketplace, app, and the call center all land in one governed view. Agents read the whole picture, with customer PII masked the same way no matter where the data came from.

Web storeRetail POSMarketplaceMobile appCall center
Governed catalogPII masked everywhere
Any agentover MCP

Governance in plain SQL

Mask the customer, grant read.

A governed view scopes an agent to its store region and hashes email, phone, and address. Grant the agent read on the view, and it is the only data the agent can reach.

  • Scope rows and columns with a governed view
  • Hash or drop contact and payment fields
  • Agents write to governed Nightshift tables, never to checkout or payments
views/orders_safe.sqlview
-- orders_safe: NA orders, customer contact hashed
create view orders_safe as
select order_id, sku, amount, store_region,
hmac(email, :pii_key) as email_token, -- keyed hash: joinable, not reversible
hmac(phone, :pii_key) as phone_token
from orders
where store_region = 'NA'; -- address and card not selected
grantsupport-agent → orders_safe · read

Questions the team asks

What store ops wants to know.

Will an agent leak customer data?
Contact fields are hashed or dropped in a governed view, so a support agent reads the order without the shopper behind it.
Can agents change prices or issue refunds?
An agent can draft a refund, a price change, or a fraud flag, and it lands in a governed Nightshift table where your team approves it. Nothing executes against checkout, pricing, or payments until a person signs off, so the agent does the work and control stays with you.
Does this touch our checkout?
No. Nightshift serves a governed read of commerce, CRM, and inventory data. Your storefront and checkout are untouched.

Put an agent on your commerce data.

Start free, connect your store or warehouse, and watch governed reads reach your agent in minutes, with customer PII masked from the first request.

Want to look first? Take the product tour