Copyly

Privacy Policy

Last updated: December 4, 2024

1. Information We Collect

We collect information you provide directly (email, name, payment info), usage data, and technical information. When you connect your Shopify store, we access product data (titles, descriptions, images) to provide our AI generation service.

2. How We Use Information

We use your information to: provide our AI description generation service, process payments via Stripe or Shopify Billing, communicate service updates, and improve our platform. We do NOT use your product data to train AI models.

3. Shopify Integration

When you install our Shopify app, we access: product information (titles, descriptions, images, prices), store information (name, domain). We use this data solely to generate product descriptions. We do NOT access customer data, orders, or financial information beyond what Shopify Billing provides.

4. Information Sharing

We do not sell your personal information. We share data with: OpenAI (for AI generation - product data only), Stripe/Shopify (payment processing), Supabase (database hosting). All providers are GDPR compliant.

5. Data Security

We implement industry-standard security measures including encryption in transit (TLS 1.3), encryption at rest, and secure authentication via OAuth 2.0 for Shopify integration.

6. Data Retention & Deletion

We retain your information while your account is active. When you uninstall our Shopify app or delete your account, we delete your data within 30 days. Generated descriptions stored in your Shopify store are not affected by deletion.

7. Your Rights (GDPR/CCPA)

You may: access your data, request correction, request deletion, export your data, opt-out of marketing. Contact privacy@copyly.ai to exercise these rights. We respond within 30 days.

8. Cookies

We use essential cookies for authentication and session management. We do not use third-party tracking cookies without consent.

9. Third-Party Services

  • OpenAI - AI generation (US-based, DPA available)
  • Stripe - Payment processing (PCI-DSS compliant)
  • Supabase - Database (SOC 2 Type II certified)
  • Vercel - Hosting (SOC 2 Type II certified)

10. Changes to This Policy

We may update this policy. Significant changes will be notified via email or in-app notice 30 days before taking effect.

11. Contact Us

For privacy questions: privacy@copyly.ai
Data Protection Officer: dpo@copyly.ai