This Privacy Policy explains how Solidmatics Inc. ("Solidmatics", "we", "us", or "our") collects, uses, discloses, and protects data when you install and use the AI Product Description & Title application ("the App"), a Shopify embedded app available through the Shopify App Store. This policy applies to Shopify merchants ("you" or "merchant") who install the App on their stores.
This App-specific Privacy Policy supplements the Solidmatics Privacy Policy. Where there is any conflict between this policy and the general Privacy Policy regarding the App, this policy prevails. Terms not defined here have the meanings given in the general Privacy Policy or the Solidmatics Terms of Service.
1. What the App Does
The App generates and edits four fields on each Shopify product: title, body description (HTML), SEO meta title, and SEO meta description. The App operates in two modes:
- Enrich mode: a background agent reads product data and images, drafts the four fields using AI, and writes the results back to Shopify.
- Chat mode: the merchant types instructions in a chat interface and the agent streams edits to those same fields in real time.
Every change creates an immutable version row in the database. Merchants can roll back any field to a previous version or reset the product to its original Shopify state at the time of installation.
2. Data We Collect
2.1. Data received from Shopify
When you install and use the App, we receive and store the following data from Shopify:
- Session data: Shopify session tokens, scoped to your shop domain, used to authenticate API requests on your behalf.
- Product data: product title, body description, SEO title, SEO description, product images, vendor, product type, and tags -- read via the Shopify Admin GraphQL API.
- Webhook deliveries: we receive webhook notifications for product updates, product deletions, app uninstallation, scope changes, and the three mandatory GDPR webhooks (customers/data_request, customers/redact, shop/redact).
- Billing events: purchase confirmations via the Shopify app_purchases_one_time/update webhook, used to reconcile your credit balance.
The App requests only two Shopify scopes: write_products and read_locales. The App does not access customer personal data, order data, or payment data.
2.2. Data you provide inside the App
- Brand voice settings: tone, formality, sentence rhythm, emoji policy, calls-to-action, reading level, and audience persona preferences.
- Word lists: "always mention" and "never use" custom word lists.
- Field permissions: your per-shop configuration of which Shopify fields the agent may write to.
- Chat conversations: the text you enter in the chat interface when directing the agent in Chat mode.
- Research toggles: your preference on whether YouTube research is enabled (off by default).
2.3. Data received from third parties during agent runs
When the App generates or refines product content, it may retrieve data from external sources:
- Web research results: search results and scraped content from publicly accessible product pages, retrieved via Firecrawl, SerpAPI, and Crawlbase.
- Video research results: YouTube video metadata and transcripts (public data), retrieved via the YouTube Data API (Google), only when you have enabled YouTube research.
- AI-generated content: responses from large language model (LLM) providers accessed through OpenRouter, which routes requests to downstream providers including Anthropic (Claude) and Google (Gemini).
2.4. Data collected automatically
- Analytics data: we collect product usage events, error tracking data, and session-level identifiers (scoped by shop domain) via PostHog. This data helps us understand how the App is used, diagnose issues, and improve the service.
3. How We Use Your Data
We use the data we collect for the following purposes:
- To provide, operate, and maintain the App and its features, including generating, editing, and versioning product content.
- To authenticate your Shopify session and make API calls to your store on your behalf.
- To process billing and maintain your credit balance.
- To conduct web and video research to produce more relevant and accurate product content.
- To send product data to LLM providers for AI-generated content.
- To provide customer support, including via our in-app support messenger.
- To send a one-time welcome email sequence to new installers.
- To analyze usage patterns, diagnose errors, and improve the App.
- To comply with legal obligations, including Shopify's GDPR requirements and our Usage Policy.
We do not use your product data or merchant data to train AI models. Product data is sent to LLM providers solely for the purpose of generating content for your store in response to your request.
4. Subprocessors
We use the following third-party services to operate the App. Each subprocessor receives only the data necessary to perform its function.
| Service | Role | Data Received |
|---|---|---|
| Shopify | Host platform, billing API, product data source | Product data, billing events, session tokens |
| Convex | Primary database | Sessions, products, versions, agent events, credits, settings (all scoped by shop domain) |
| Vercel | Web hosting | HTTP request data |
| Inngest | Background job orchestration | Product data and agent task payloads for enrich runs |
| n8n | Workflow automation | Shop and product payloads for support and feedback workflows |
| OpenRouter | LLM gateway (routes to Anthropic Claude and Google Gemini) | Product content sent for generation |
| Firecrawl | Web search and page scraping | Product identifiers and search queries |
| SerpAPI | Web search | Product-related search queries |
| Crawlbase | Web crawling | Product-related URLs and search queries |
| YouTube Data API (Google) | Video metadata and transcripts | Product-related search queries (only when enabled by merchant) |
| PostHog | Product analytics and error tracking | Usage events, error data, session identifiers (scoped by shop) |
| Intercom | Customer support messenger | Shop domain identifier and support conversation content |
| Reply.io | Email outreach | Shop owner email address (one-time welcome sequence) |
Downstream LLM providers accessed through OpenRouter (including Anthropic and Google) process product content solely to generate responses. We do not permit these providers to use your data for model training. Refer to each provider's data processing terms for additional details.
5. Data Sharing and Disclosure
We do not sell or rent your data. We share data only with the subprocessors listed in Section 4 and only as necessary to operate the App. We may also disclose data:
- To comply with applicable law, regulation, or legal process.
- To enforce our Terms of Service or protect the rights, safety, or property of Solidmatics, our merchants, or third parties.
- In connection with a merger, acquisition, or sale of assets, in which case you will be notified of any change in ownership or data processing practices.
There is no cross-shop data sharing. Every database read and write is scoped by your Shopify shop domain.
6. Data Retention and Deletion
We retain your data for as long as the App is installed on your store and your account remains active. Specifically:
- Product versions: all version history is retained while the App is installed, enabling you to roll back to any prior version.
- Chat conversations: retained while the App is installed.
- Brand voice settings and word lists: retained while the App is installed.
- Session tokens: retained while the App is installed and refreshed as needed by Shopify.
- Analytics data: retained in PostHog in accordance with their data retention policy.
- Welcome email data: your shop owner email address is retained in Reply.io for the duration of the welcome sequence and then removed.
On uninstallation: when you uninstall the App or when we receive a shop/redact webhook from Shopify, we perform a hard delete of all shop-scoped data, including sessions, products, version history, agent events, credits, and settings. We also remove the installer contact from Reply.io.
7. GDPR Compliance
The App is designed to comply with the General Data Protection Regulation (GDPR) and Shopify's mandatory privacy requirements. All three Shopify GDPR webhooks are implemented:
- customers/data_request: the App stores no customer personal data, so there is nothing to export. We acknowledge receipt and respond accordingly.
- customers/redact: the App stores no customer personal data, so there is nothing to delete. We acknowledge receipt and respond accordingly.
- shop/redact: we hard-delete all shop-scoped data (sessions, products, versions, agent events, credits, settings) and remove the installer from the Reply.io contact list.
Data minimization: the App requests only the minimum Shopify scopes required (write_products, read_locales). We do not access customer personal data, orders, or payment information.
Tenancy: every database read and write is scoped by Shopify shop domain. There is no cross-shop data sharing and no user accounts outside of the Shopify session.
Legal basis for processing: we process your data on the basis of contractual necessity (to provide the App you installed), legitimate interest (analytics and improvement), and consent (optional research features such as YouTube research, which is off by default).
8. Your Rights and Choices
Depending on your jurisdiction, you may have the following rights regarding your data:
- Access: you may request a copy of the data we hold about your shop.
- Correction: you may request that we correct inaccurate data.
- Deletion: you may request deletion of your data at any time by uninstalling the App (which triggers automatic hard deletion) or by contacting us.
- Restriction and objection: you may request that we restrict or cease certain processing of your data.
- Data portability: you may request your data in a machine-readable format.
To exercise any of these rights, please contact us at support@solidmatics.com.
Merchant controls within the App:
- You control which product fields the agent may write to via the writable fields setting.
- You control whether YouTube research is enabled (off by default).
- You can roll back any product field to a previous version or reset to the original Shopify state.
9. Data Security
We implement appropriate technical and organizational measures to protect your data, including:
- All data in transit is encrypted via TLS.
- All data at rest is encrypted.
- Database access is scoped by shop domain with no cross-tenant access.
- Session tokens are stored securely and scoped per shop.
- Subprocessors are selected based on their security practices and compliance posture.
10. Children
The App is intended for use by Shopify merchants, who are businesses. The App is not directed at children under the age of 18, and we do not knowingly collect data from children.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by updating the effective date at the top of this page. Continued use of the App after any changes constitutes acceptance of the updated policy.
12. Contact Information
If you have any questions about this Privacy Policy or how the App handles your data, please contact us:
- Email: support@solidmatics.com
- Company: Solidmatics Inc., 1111B South Governors Ave STE 25028, Dover, DE 19904, USA
You may also contact us at support@solidmatics.com for data protection inquiries.