Privacy Policy

Last updated: June 16, 2026

This Privacy Policy describes how AEO FAQ Generator ("the App", "we", "us", or "our") collects, uses, and shares information when you use our Shopify application.

1. Information We Collect

When you install and use the App, we collect:

• Shop information: Your Shopify store domain, install date, plan tier, and billing status.
• Product data: Product titles, descriptions, tags, variants, and metafields from your store — used solely to generate FAQs.
• Generated FAQ content: Question and answer pairs created for your products and stored as Shopify metaobjects.
• Usage counters: Number of products with active FAQs, used for plan enforcement.
• Generation logs: Timestamps, product counts, and error codes for debugging and analytics.

We do not collect or store any customer (shopper) personal information. The App operates entirely on shop-level and product-level data.

2. How We Use Your Information

• To generate AEO-optimized FAQs for your products using Google Gemini AI.
• To store and display FAQs on your storefront via Shopify metaobjects.
• To enforce plan limits (number of products with active FAQs).
• To provide support and improve the App.

3. Third-Party Services

We use the following third-party services to operate the App:

• Google Gemini AI (Google LLC): Product data is sent to Google's Gemini API to generate FAQ content. Google's Privacy Policy applies.
• Shopify: The App operates within the Shopify platform. Shopify's Privacy Policy governs platform-level data handling.
• Railway (deployment host): Our servers are hosted on Railway.app. Data is stored in a PostgreSQL database within our Railway project.

4. Data Retention

We retain your shop data for as long as the App is installed. When you uninstall the App:

• Your session data is deleted immediately.
• Your shop record, FAQ cache, and generation logs are deleted within 48 hours via Shopify's GDPR shop/redact webhook.

5. Your Rights (GDPR / CCPA)

You may request access to, correction of, or deletion of your data at any time by contacting us at [email protected]. Because we store no customer PII, GDPR data subject requests are no-ops — we will confirm this in writing within 30 days.

6. Security

We implement industry-standard security practices including encrypted connections (HTTPS/TLS), environment-variable secret management, and access-controlled databases.

7. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via the App or email. Continued use of the App after changes constitutes acceptance of the updated policy.

8. Contact

Questions about this Privacy Policy? Contact us at [email protected].