SHOPIFY APP
Privacy Policy — Shopify App
1. Introduction
This Privacy Policy describes how the Descripio Shopify app (“the App”), operated by softwaresupport RAAB GmbH (“we”, “us”, “our”), collects, uses, stores, and protects data when you install and use the App in your Shopify store.
This policy applies specifically to the Descripio Shopify app and supplements the general privacy policy at descripio.com/en/data-protection.
2. Data We Collect
2.1 Shopify Store Data
When you install the App, we access the following data through Shopify's API:
| Data | Purpose | Stored? |
|---|---|---|
| Store domain (e.g., your-store.myshopify.com) | Identify your account, associate analysis data | Yes |
| Product titles | Display product list in the App | Yes |
| Product descriptions (body HTML) | Analyze content gaps | Yes |
| Product images (URL reference only) | Display in the App | Yes (URL only) |
| Product IDs | Link analysis results to products | Yes |
| Staff user name & email | Shopify session authentication (managed by Shopify) | Yes (session table) |
| OAuth access token | Authenticate API requests to Shopify | Yes (session table) |
API Scopes: read_products, write_products
We do not access or store: customer data, order data, payment information, shipping addresses, or browsing behavior of your store's customers.
2.2 Data You Provide
| Data | Purpose | Stored? |
|---|---|---|
| Amazon product URLs | Fetch competitor reviews for analysis | Yes (URL and extracted ASIN) |
| Language preference | Generate content in your chosen language | Yes (per analysis job) |
2.3 Data from Third-Party Sources
| Source | Data | Purpose |
|---|---|---|
| Amazon (via Descripio API) | Publicly available product reviews (title, text, date, country) | Feature extraction and content gap analysis |
Review text is processed in real time and not stored permanently in the App's database. Only extracted feature summaries (interpretive codes, descriptive codes, and brief citations) are retained.
3. How We Use Your Data
We use the collected data exclusively to provide the App's functionality:
- Product Analysis: Analyze Amazon reviews to identify positive and negative product characteristics.
- Content Gap Analysis: Compare identified characteristics against your existing Shopify product description to find missing selling points.
- Content Generation: Generate improved product descriptions based on the gap analysis.
- Usage Metering: Track token consumption to enforce plan limits (Starter / Professional).
- Billing: Manage your subscription through Shopify's built-in billing system.
We do not use your data for advertising, profiling, or selling to third parties.
4. Third-Party Data Processors
We share data with the following third-party services to provide the App's functionality:
4.1 OpenAI (Content Analysis & Generation)
| Detail | Value |
|---|---|
| Service | OpenAI API (GPT-4o-mini) |
| Data sent | Amazon review text (public data), product descriptions, extracted feature codes |
| Purpose | Feature extraction, clustering, gap analysis, content generation |
| Retention by OpenAI | 30 days (for abuse prevention, per OpenAI’s data usage policy) |
| OpenAI Privacy Policy | openai.com/policies/privacy-policy |
OpenAI does not use data submitted via API to train its models.
4.2 Descripio API
| Detail | Value |
|---|---|
| Service | Descripio Review API (app.descripio.com) |
| Data sent | Amazon ASIN, marketplace region |
| Data received | Publicly available Amazon review data |
| Purpose | Fetch product reviews for analysis |
| Operated by | softwaresupport RAAB GmbH (same entity) |
4.3 Fly.io (Hosting)
| Detail | Value |
|---|---|
| Service | Fly.io application hosting |
| Data stored | Application database (SQLite on encrypted volume) |
| Region | Frankfurt, Germany (EU) |
| Fly.io Privacy Policy | fly.io/legal/privacy-policy |
4.4 Shopify
| Detail | Value |
|---|---|
| Service | Shopify platform (authentication, billing, API) |
| Data exchanged | OAuth tokens, billing subscriptions, product data |
| Shopify Privacy Policy | shopify.com/legal/privacy |
5. Data Storage & Security
- Database: SQLite on an encrypted persistent volume hosted by Fly.io in Frankfurt, Germany (EU).
- Transmission: All data is transmitted over HTTPS/TLS encryption.
- Authentication: OAuth 2.0 via Shopify's App Bridge. Access tokens are stored securely in the database.
- Cookies: We do not set custom tracking cookies. Session management is handled by Shopify's App Bridge framework.
- Analytics: We do not use third-party analytics, tracking pixels, or user behavior tracking within the App.
6. Data Retention & Deletion
6.1 During Active Use
| Data | Retention |
|---|---|
| Store & session data | For the duration of the App installation |
| Product analysis results | Until you delete the product or uninstall the App |
| Token usage records | For the duration of the App installation (billing audit trail) |
| Amazon review text | Not stored — processed in real time only |
6.2 On App Uninstall
When you uninstall the App, all your data is permanently and irrecoverably deleted immediately, including:
- All session and authentication data
- Your store record and plan information
- All product records and analysis results
- All characteristics and feature data
- All token usage records
Shopify also sends a shop/redact webhook 48 hours after uninstall as a failsafe, which triggers a second deletion pass.
6.3 Data at Third Parties After Uninstall
| Service | Post-Uninstall Retention |
|---|---|
| OpenAI | Up to 30 days (automatic expiry, per OpenAI policy) |
| Descripio API | Amazon review data is public data, not linked to your store |
| Shopify | Per Shopify's data retention policies |
7. GDPR Compliance
7.1 Customer Data
The App does not collect, store, or process personal data of your store's customers. We have no access to customer names, emails, addresses, orders, or browsing behavior.
7.2 Merchant Data Rights (GDPR Art. 15–22)
As a merchant, you have the right to:
- Access your data (visible in-app at all times)
- Rectify your data (update Amazon URLs, re-run analyses)
- Delete your data (uninstall the App for complete deletion)
- Port your data (copy generated content via the App's interface)
- Object to processing (uninstall the App)
For data access or deletion requests, contact us at support@descripio.com.
7.3 GDPR Webhooks
We implement all three mandatory Shopify GDPR webhooks:
| Webhook | Behavior |
|---|---|
customers/data_request | Acknowledged. No customer data stored. |
customers/redact | Acknowledged. No customer data to delete. |
shop/redact | All shop data permanently deleted. |
7.4 Legal Basis for Processing
| Processing Activity | Legal Basis (GDPR Art. 6) |
|---|---|
| Store data & authentication | Performance of contract (Art. 6(1)(b)) |
| Product analysis & content generation | Performance of contract (Art. 6(1)(b)) |
| Usage metering & billing | Legitimate interest (Art. 6(1)(f)) |
8. Children's Privacy
The App is a B2B service for Shopify merchants. We do not knowingly collect data from children under 16.
9. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated through the App or via the email associated with your Shopify account. The “Last Updated” date at the top indicates the most recent revision.
10. Contact
For questions, data requests, or concerns regarding this Privacy Policy:
softwaresupport RAAB GmbH
Email: support@descripio.com
Website: descripio.com
This privacy policy applies to the Descripio Shopify app. For the general Descripio website privacy policy, see descripio.com/en/data-protection.