Privacy Policy

Last updated: June 20, 2026

1. Who We Are

SeoQuill ("we", "us", "our") is a Shopify application that generates AI-powered product descriptions and SEO metadata for Shopify merchants. Our app is available at apps.shopify.com/seoquill . This policy explains what data we access, why, and how we protect it.

2. What Data We Access

When you install SeoQuill, we request access to your Shopify store through Shopify's official OAuth. We access only what is required to generate content:

  • Product data: titles, descriptions, images (for Vision AI), vendor, product type, and tags
  • Collection data: collection titles and descriptions
  • Shop metadata: store name and primary language

We do not access customer data, order history, payment information, or any other store data beyond what is listed above.

3. How We Use Your Data

  • To generate product descriptions and SEO metadata using AI (OpenAI GPT-4o)
  • To track your credit usage and enforce plan limits
  • To write approved content back to your Shopify store (only when you explicitly click Save)

We do not sell, rent, or share your store data with third parties beyond the AI provider (OpenAI) required to generate content.

4. Data Storage

We store the minimum necessary data in a secure PostgreSQL database hosted on Supabase (EU region). This includes your Shopify access token (encrypted), your plan and credit balance, and generation logs. Product content sent to OpenAI for generation is not retained by us beyond the request lifetime.

Access tokens are stored using Supabase Vault (encrypted at rest). We do not log or cache product descriptions on our servers after generation.

5. Third-Party Services

  • OpenAI: Product data (title, description, images) is sent to OpenAI's API to generate content. OpenAI's data usage policy applies. We use the API in a way that does not allow OpenAI to use your data for model training.
  • Shopify: We operate within Shopify's partner ecosystem and comply with the Shopify Partner Program Agreement.
  • Railway: Our application backend is hosted on Railway (US region).

6. GDPR & Your Rights

If you are based in the European Economic Area (EEA), you have the following rights under GDPR:

  • Access: Request a copy of the data we hold about your store
  • Erasure: Request deletion of your store data
  • Portability: Request your data in a structured, machine-readable format
  • Objection: Object to processing of your data

To exercise any of these rights, email us at mustafaalin41@gmail.com. We comply with Shopify's mandatory GDPR webhooks for customer data requests and shop data deletion.

7. Data Retention

We retain your store's access token and usage data for as long as your store has SeoQuill installed. When you uninstall the app, we receive a Shopify uninstall webhook and delete your access token within 24 hours. Generation logs are retained for 90 days for debugging purposes, then purged.

8. Security

We follow industry-standard security practices: HTTPS-only communication, encrypted credentials, HMAC verification for all Shopify webhooks, and rate limiting per store. No customer or order data is ever accessed or stored.

9. Changes to This Policy

We may update this policy as the app evolves. Material changes will be communicated via the Shopify Partner Dashboard. The "Last updated" date at the top of this page always reflects the current version.

10. Contact

Questions about this policy? Email us at mustafaalin41@gmail.com. We respond within one business day.