1. Introduction
Shopiwrite, operated by Tran Consulting UG (haftungsbeschränkt) ("we", "our", or "us"), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Shopify application and related services (collectively, the "Service").
By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies, please do not use the Service.
2. Information We Collect
2.1 Information from Shopify
When you install our app, we access the following information from your Shopify store:
- Store Information: Shop name, domain, email, currency, timezone, and Shopify plan
- Product Data: Product titles, descriptions, prices, and images (read-only access for content generation)
- Blog Content: Existing blog posts and articles for internal linking analysis
We do NOT access or store:
- Customer personal information or order data
- Payment or financial information
- Shipping addresses or contact details of your customers
2.2 Account Information
We collect information you provide during account creation:
- Email address (from Shopify OAuth)
- Username (chosen by you)
- Display preferences (theme, language)
2.3 Usage Data
We automatically collect:
- Articles generated and published through the Service
- Feature usage patterns to improve the Service
- Error logs for debugging and service reliability
2.4 Cookies and Tracking
We use essential cookies for:
- Authentication and session management
- Security (CSRF protection)
- User preferences
We do NOT use third-party advertising cookies or cross-site tracking.
3. How We Use Your Information
We use collected information to:
- Provide, maintain, and improve the Service
- Generate SEO-optimized content for your store
- Analyze your store for content recommendations
- Publish articles directly to your Shopify blog
- Process billing through Shopify's billing system
- Send important service updates and notifications
- Respond to support requests
- Detect, prevent, and address technical issues
4. Data Sharing and Disclosure
4.1 Third-Party Service Providers
We share data with trusted third parties that help us operate the Service:
- Shopify: OAuth authentication, billing, and API access
- AI Providers (Anthropic, Google): Content generation (your store data may be processed to generate articles)
- Neon: Database hosting (encrypted at rest)
- Vercel: Application hosting
- Cloudflare: Image storage and CDN
- Trigger.dev: Background job processing
- Sentry: Error monitoring
4.2 Legal Requirements
We may disclose your information if required by law, legal process, or government request.
4.3 Business Transfers
In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity.
4.4 We Never Sell Your Data
We do NOT sell, rent, or trade your personal information to third parties for marketing purposes.
5. Data Security
We implement industry-standard security measures:
- All data transmitted over HTTPS/TLS encryption
- Database encryption at rest
- Shopify access tokens secured via database encryption at rest (AES-256)
- HMAC-SHA256 webhook signature validation
- Secure OAuth 2.0 authentication flow
- Regular security audits and updates
While we strive to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.
6. Data Retention
- Active accounts: Data retained while your account is active
- After uninstall: Data deleted within 48 hours of receiving Shopify's shop/redact webhook
- Billing records: Retained for 7 years for legal compliance
- Aggregated analytics: May be retained indefinitely in anonymized form
7. Your Rights Under GDPR (European Users)
If you are in the European Economic Area (EEA), you have the right to:
- Access: Request a copy of your personal data
- Rectification: Request correction of inaccurate data
- Erasure: Request deletion of your data ("right to be forgotten")
- Restriction: Request limitation of processing
- Data Portability: Receive your data in a machine-readable format
- Object: Object to processing based on legitimate interests
- Withdraw Consent: Withdraw consent at any time
To exercise these rights, contact us at shopiwrite@gmail.com. We will respond within 30 days.
Legal Basis for Processing: We process your data based on:
- Contract performance (providing the Service)
- Legitimate interests (improving the Service, security)
- Legal obligations (tax records, compliance)
8. Your Rights Under CCPA (California Users)
If you are a California resident, you have the right to:
- Know: Request disclosure of data collected about you
- Delete: Request deletion of your personal information
- Opt-out: Opt out of the sale of personal information (we do not sell data)
- Non-discrimination: Not be discriminated against for exercising your rights
Categories of personal information collected: Identifiers (email, username), commercial information (billing), and internet activity (usage data).
Do Not Sell My Personal Information: We do not sell your personal information.
9. International Data Transfers
Your data may be transferred to and processed in countries other than your own, including the United States. We ensure appropriate safeguards are in place, including standard contractual clauses where applicable.
10. Children's Privacy
The Service is not intended for children under 16 years of age. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service. Your continued use of the Service after changes constitutes acceptance of the updated policy.
12. Contact Us
For privacy-related questions or to exercise your rights, contact us at:
Email: shopiwrite@gmail.com
We aim to respond to all requests within 30 days.