Privacy Policy - AI Feed Compliance (Agentic Data Feed Validator)
This app validates your Shopify product data against the OpenAI Commerce feed specification to help improve product compliance and visibility. Review with your legal counsel before publishing.
Data We Collect and Process
- Shopify store data (via Admin API): product IDs, titles, descriptions, images, variants, pricing, inventory/availability, product type/vendor, and relevant metafields used for validation.
- Validation outputs (cached): per-product validation results (score, errors, warnings, suggestions), last validated timestamp, and minimal product display data (title, featured image, variants).
- Webhooks: product create/update payloads (transformed to a validation shape) to auto-validate.
- Session data: Shopify session identifiers for authentication and ShopReviewStatus timestamps to track "new results since last review."
- Billing/plan data: subscription status and plan handle/name to enforce plan limits/features.
Purpose of Processing
- Validate products against OpenAI Commerce feed requirements.
- Display compliance dashboards, per-product details, and change tracking.
- Cache validation results for faster loading and staleness detection.
- Enforce plan limits/features and support upgrade flows.
- Maintain app security and prevent abuse.
Data Sharing
- We do not sell your data.
- We do not share product or validation data with third parties.
- For required functionality, data is processed by:
- Shopify (as required for app functionality, billing, and authentication).
- Service providers we use for hosting/logging (if any), bound by confidentiality and data protection obligations.
- We do not send your product data to OpenAI; validation logic runs within the app against the OpenAI spec.
Data Retention
- Validation results are cached and refreshed on re-validation; staleness is flagged after 24 hours.
- Webhook-derived data is stored only as needed to update validation results.
- Session and review-tracking timestamps are retained as long as needed for app functionality or as required by law.
Security
- Uses Shopify OAuth and session storage via Prisma.
- Access is limited to the Shopify scopes granted.
- Follows least-privilege access to product data; errors are logged with minimal context.
Your Controls
- Re-validate products anytime to refresh cached results.
- Uninstalling the app revokes access tokens; upon uninstall, we delete associated session data and purge cached validation results where feasible.
- For data access or deletion requests, contact us (see Contact).
International Transfers
- We host app in USA data centers.
Children's Data
- Not directed to or intended for children under applicable age thresholds.
Changes to This Policy
- We may update this policy; material changes will be communicated via the app or your Shopify contact email.
Contact
- Email: hello@agenticlab.ca
Legal Basis (if applicable)
- Contractual necessity (providing the app's functionality).
- Legitimate interests (security, service improvement), balanced with your rights.