← Back to GEO Optimizer
Privacy Policy
Last updated: April 6, 2026
This Privacy Policy describes how GEO Optimizer ("the App," "we," "us") collects, uses, and protects data when you install and use our Shopify application. We are committed to protecting your privacy and complying with all applicable data protection regulations.
1. Data We Collect
Store Data (via Shopify Admin API)
When you install the App, we access the following store data through Shopify's authorized API scopes:
- Product catalog: titles, descriptions, product types, tags, images, and variants
- Page and blog content (for content optimization analysis)
- Store domain and basic shop information
App-Generated Data
- GEO audit results and visibility scores
- Generated Schema.org structured data markup
- Generated llms.txt file content
- Optimization suggestions and historical trend data
2. Data We Do NOT Collect
The App does not access, collect, or store:
- Customer personal information (names, emails, phone numbers, addresses)
- Order data or purchase history
- Payment or financial information
- Customer browsing behavior or analytics
- Shipping or fulfillment data
3. How We Use Your Data
| Data | Purpose |
| Product titles and types | Included in AI search queries to measure visibility |
| Product descriptions | Analyzed for optimization suggestions and Schema.org generation |
| Product tags and images | Used for content depth scoring and metadata analysis |
| Page/blog content | Analyzed for E-E-A-T signals and FAQ extraction |
| Store domain | Identify your store in audit results; track subscription status |
4. Third-Party Services
To perform AI visibility audits, we send product-related queries (containing product titles and types, but never customer data) to the following third-party AI services:
All API requests to these services use their standard commercial API terms. Your product data is not used to train their models.
5. Data Storage and Retention
- Storage location: App data is stored in an encrypted database on our servers
- Retention period: Audit results and scores are retained for the duration of your active subscription
- Post-uninstallation: All shop data (audit results, scores, generated schemas, trend history) is permanently deleted within 30 days of app uninstallation
- Backups: Encrypted backups are retained for up to 7 additional days after deletion, then permanently purged
6. Data Security
We implement the following security measures:
- All data transmitted over HTTPS/TLS
- Shopify API access tokens stored encrypted at rest
- Application deployed in isolated containers with least-privilege access
- Regular security updates and dependency auditing
- No plaintext storage of credentials or tokens in logs
7. GDPR Compliance
For merchants and customers in the European Economic Area (EEA):
- Legal basis: Legitimate interest (providing the service you installed) and contractual necessity
- Data minimization: We only access product catalog data required for GEO auditing
- Right to access: You can request a copy of all data we store about your shop
- Right to erasure: You can request deletion at any time by contacting us or uninstalling the app
- Right to portability: We can export your audit data in a machine-readable format upon request
- Data Processing Agreement: Available upon request for Enterprise plan customers
8. Shopify Mandatory GDPR Webhooks
We implement all three GDPR webhooks required by Shopify:
- Customer Data Request (
/webhooks/customers/data_request): Since we do not store customer personal data, these requests return confirmation that no customer data is held
- Customer Data Erasure (
/webhooks/customers/redact): Acknowledged and logged; no customer data to erase
- Shop Data Erasure (
/webhooks/shop/redact): All shop-related data (audit results, scores, schemas, subscriptions) is permanently deleted
9. CCPA Compliance
For merchants in California: We do not sell personal information. We do not share personal information for cross-context behavioral advertising. You may request disclosure of data collected or request deletion at any time.
10. Children's Privacy
The App is a B2B tool for Shopify merchants. We do not knowingly collect data from individuals under 16 years of age.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via the App dashboard and/or email. Continued use of the App after changes constitutes acceptance of the updated policy.
12. Contact
For privacy questions, data requests, or concerns:
- Privacy contact is not enabled during the Cloudflare preview.
- Response time: within 30 days for GDPR/CCPA requests