Back to Shotify AI
Shotify AI

Last updated: May 21, 2026

Privacy Policy

Shotify AI is a Shopify embedded application. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you install and use our application through the Shopify platform.

1. Overview

Shotify AI ("we," "our," or "us") is committed to protecting the privacy of Shopify merchants ("you" or "your") who install and use our application. This policy describes our data handling practices in compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR) where applicable.

By installing Shotify AI, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not install or use the application.

2. Information We Collect

2.1 Information from Shopify

When you install Shotify AI through the Shopify App Store, we receive access to certain data from your Shopify store via the Shopify API. This may include:

  • Store information: shop domain, store name, shop owner email, store timezone, currency, and primary locale.
  • Product data: product titles, descriptions, images, variants, inventory levels, and product metadata — as needed for AI photo generation, library display, and product linking within shoppable video widgets.
  • Shopify Files: access to read and write product media for applying generated images to your catalog.
  • Theme data: limited access for our theme app extension (Shoppable Videos block) to render widgets on your storefront.

2.2 Information You Provide Directly

  • Custom prompts: text prompts you enter for AI image generation.
  • Instagram account data: when you connect an Instagram Professional account via OAuth, we receive an access token, Instagram user ID, and account type — used solely for publishing posts from the app.
  • Widget content: titles, subtitles, product links, and media you upload for shoppable video widgets.
  • Support communications: any information you provide when contacting our support team.

2.3 Automatically Collected Information

  • Usage logs: generation job status, API request timestamps, feature usage patterns for analytics.
  • Storefront analytics: anonymized interaction data from shoppable video widgets (views, clicks, product link taps).
  • Technical data: IP address, browser type, and session information when you use the embedded app within Shopify admin.

3. How We Use Your Information

We use the collected information for the following purposes:

  • To provide and maintain our application's core functionality.
  • To process AI image generation requests and deliver results to your Shopify product media.
  • To sync shoppable video widgets to your storefront via Shopify metaobjects.
  • To publish content to your connected Instagram account at your direction.
  • To display generation history and usage analytics within the app.
  • To communicate with you about your account, updates, and support requests.
  • To improve our application, debug issues, and develop new features.
  • To comply with legal obligations and enforce our terms of service.

We do not use your data to train AI models. Your product images, custom prompts, and generated outputs remain your property and are not used for model improvement unless you explicitly opt into such a program (which does not currently exist).

4. AI Image Generation & Third-Party Services

Shotify AI relies on the following third-party services to deliver core functionality. Each sub-processor is bound by data processing agreements consistent with this policy:

  • Mantle (billing & AI credits): Handles subscription management, credit metering, and AI image generation processing. Mantle receives your shop identifier and generation requests for billing and processing purposes.
  • Shopify: As a Shopify embedded app, we operate within the Shopify platform. All store data we access is transmitted via the Shopify API and subject to Shopify's own privacy and data handling policies.
  • Meta / Instagram: When you connect Instagram, Meta'sGraph API is used for authentication and content publishing. Your Instagram access token is stored securely and only used for publishing at your direction.
  • Gadget (hosting platform): Shotify AI is built on the Gadget platform, which provides our application hosting, database, and infrastructure. Gadget processes data as our infrastructure provider under strict data protection terms.

We do not sell your data to third parties. We do not share your product images or generation data with any party not essential to delivering the service.

5. Data Retention

We retain your data according to the following schedule:

  • Product data, library images, and generation history: Retained for the duration of your app installation plus 30 days after uninstallation, after which it is permanently deleted.
  • Instagram tokens: Stored only while connected; deleted immediately upon disconnecting or uninstalling the app.
  • Shoppable video widgets: Retained while published; removed from Shopify metaobjects upon unpublishing or app uninstallation.
  • Analytics and usage logs: Retained in anonymized form for up to 24 months for business intelligence; identifiable logs deleted 90 days after uninstallation.
  • Billing records: Retained as required by applicable law for tax and accounting purposes (typically 7 years).

6. Data Security

We implement industry-standard security measures to protect your data:

  • All data transmission is encrypted using TLS (Transport Layer Security).
  • Instagram OAuth tokens are encrypted at rest and transmitted only over secure channels.
  • Shop-scoped data isolation ensures that your data is only accessible within the context of your Shopify store.
  • Access to production data is restricted to authorized personnel and protected by multi-factor authentication.
  • Regular security reviews and dependency updates are performed to address vulnerabilities.

While we strive to protect your information, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about your store.
  • Rectification: Request correction of inaccurate or incomplete data.
  • <strong>Erasure:</strong> Request deletion of your data ("right to be forgotten"). Uninstalling the app triggers automatic deletion per our retention schedule.
  • Restriction: Request limitation of processing under certain circumstances.
  • Portability: Request your data in a structured, machine-readable format.
  • Objection: Object to processing based on legitimate interests.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days as required by applicable law. You also have the right to lodge a complaint with your local data protection authority.

8. Cookies & Tracking

As an embedded Shopify application, Shotify AI operates within the Shopify admin iframe and relies on Shopify's session management. We do not set our own cookies for marketing or tracking purposes.

The shoppable video storefront component may collect anonymized interaction data (views, clicks) for analytics purposes. This data does not identify individual visitors and is only used to provide widget performance metrics within the app.

We do not use third-party advertising cookies, tracking pixels, or fingerprinting technologies.

9. Shopify GDPR Webhooks

As a Shopify app, we subscribe to mandatory GDPR webhooks as required by the Shopify platform:

  • Customers Data Request: We will provide any customer personal data we hold within the required timeframe, though we do not directly collect customer personal data.
  • Customers Redact: We will delete any customer data upon receiving this webhook.
  • Shop Redact: Upon app uninstallation, we receive a shop redact webhook and permanently delete all shop-scoped data per our retention policy within 48 hours.

10. Children's Privacy

Shotify AI is a business-to-business application designed for Shopify merchants. We do not knowingly collect personal information from children under the age of 16. If we become aware that we have inadvertently collected such information, we will delete it promptly.

11. International Data Transfers

Shotify AI is hosted on infrastructure that may process data in multiple regions. By using our application, you acknowledge that your data may be transferred to and processed in countries outside your jurisdiction. We ensure that any such transfers comply with applicable data protection laws through standard contractual clauses or equivalent safeguards.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the updated policy within the app.
  • Sending an email to the store owner email associated with your Shopify account.
  • Updating the "Last updated" date at the top of this page.

Continued use of Shotify AI after changes take effect constitutes acceptance of the revised policy.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Email:[email protected]
App:Shotify AI — Available on the Shopify App Store. Search for "Shotify AI" in your Shopify admin.

For data subject requests, please use the subject line "Data Subject Request" to ensure prompt routing to our compliance team.

Back to Shotify AI