RE:CATALOG — Privacy Policy
Last updated: 15 July 2026 Effective: TODO: effective date
This policy explains what RE:CATALOG (“the app”, “we”, “us”) collects when you install it on your Shopify store, what we do with it, who else receives it, and how long we keep it.
RE:CATALOG is operated by TODO: registered company name, TODO: registered address. Privacy contact: TODO: privacy@….
1. In one paragraph
RE:CATALOG turns product photos into a draft Shopify product. To do that, it sends your product photos and a small amount of shop context to an AI provider, writes the result back into your own Shopify store, and keeps a record of the generation in our database so you can see your history and so we can bill correctly. We do not collect, receive, or store any data about your customers. We do not store your product photos on our servers. We do not sell or share your data for advertising.
2. What we collect
2.1 Data you enter in the app
| Data | Why |
|---|---|
| Brand voice (free text) | Injected into the AI prompt so generated copy matches your tone. |
| AI provider and model selection | Determines which AI provider processes your photos, where this option is enabled for your plan. |
| Your own AI API key (BYOK plans only) | Lets the app call your AI provider account on your behalf instead of ours. See §6. |
| Target languages | Which of your published Shopify locales the app translates into. |
| App interface language | Persisted so the app UI stays in your chosen language across navigations. |
2.2 Data we receive from Shopify
When you install the app, Shopify grants it the following access scopes: write_products, write_files, read_locales, write_translations, write_metaobjects, write_metaobject_definitions.
Using those scopes, the app accesses:
- Your shop domain and shop ID — to identify your store and to check your subscription.
- A Shopify access token — stored so the app can act on your store. The app requests offline access only; it does not store the name, email, or user ID of individual staff members.
- Your shop’s currency and the country of your billing address — used only to ground the AI’s price suggestion in your market. We do not store your billing address.
- Your shop’s primary and published locales — to decide which languages to generate and translate into.
- Product photos you upload through the app — see §2.3, which explains the important detail that we do not store them.
- Products the app creates or updates — the app writes drafts, media, metafields, and translations back to your store.
We request no access to customer data. The app holds no read_customers, read_orders, or equivalent scope, and therefore never receives protected customer data of any kind.
2.3 Product photos — how they are handled
This is the part most merchants ask about, so it is spelled out in full:
- When you add photos in the app, your browser uploads them directly to Shopify’s own storage, using Shopify staged uploads. The bytes do not pass through our servers on the way up.
- The photos become files in your own Shopify Files library, under your control, served from Shopify’s CDN.
- When you press Generate, our server asks Shopify for a resized copy of each photo (maximum 1568 pixels on the long edge), holds it in memory only for the duration of that single request, and sends it to the AI provider.
- The resized copy is discarded when the request ends. The app never writes your photos to our database or to any storage we control.
What our database records about a photo is only its Shopify file identifier (gid://shopify/MediaImage/…) — a reference to a file that lives in your store, not the image itself.
2.4 Data the app generates
For each generation, we store a job record containing: your shop domain, the job status, the Shopify file identifiers of the input photos, the AI-generated catalog content (title, description, category, attributes, tags, SEO texts, suggested price, image alt texts), the identifier of the product created, the AI provider and model used, token counts and an estimated cost, and any error message if the job failed.
The token counts and cost estimate are used only for our own service monitoring. They are not used for billing you — Shopify handles that (§7).
We also store per-language translation records: the target language, its status, token counts, and any error. The translated text itself is not stored by us (§5).
2.5 Automated logs
Our hosting provider generates standard server logs (request time, path, status code, errors). Application logs may record your shop domain alongside webhook receipts and error diagnostics. These logs are used for debugging and abuse prevention, are not used to profile you, and are retained per our hosting provider’s standard retention.
3. What we do not collect
- No customer personal data. Not names, emails, addresses, orders, or payment details. The app has no scope to read any of it.
- No product photos at rest. See §2.3.
- No translated content at rest. See §5.
- No payment card data. Billing runs entirely through Shopify (§7).
- No tracking or advertising data. We run no third-party analytics or advertising tags inside the app.
4. Who else receives your data (sub-processors)
4.1 AI providers
Generating a catalog entry requires sending your data to an AI provider. Depending on your plan and settings, that provider is one of:
| Provider | Operator | Endpoint |
|---|---|---|
| Claude | Anthropic PBC (USA) | api.anthropic.com |
| GPT | OpenAI, L.L.C. (USA) | api.openai.com |
| Gemini | Google LLC (USA) | generativelanguage.googleapis.com |
| Mistral | Mistral AI SAS (France) | api.mistral.ai |
| Grok | xAI Corp. (USA) | api.x.ai |
Which provider is used: on standard plans, we choose the provider using our own API keys, and the choice is shown in the app. On plans where model selection or BYOK is enabled, you choose the provider in Settings. If a provider fails mid-request, the app may retry with a fallback provider from the same list; the provider that actually produced your result is recorded on the job and shown in the app.
What is sent to the provider:
- For photo analysis: the resized copies of your product photos, your shop’s primary language, your shop’s country and currency, your brand voice text (if you set one), and the list of top-level Shopify taxonomy categories.
- For translation: the product title, description HTML, SEO title and description, and image alt texts, plus the target language and your brand voice text.
- For attribute mapping (on plans with standard category metafields): the product title, description, the extracted attributes, and the list of allowed values for each target field.
What is never sent: your access token, your customers’ data (we hold none), your billing details, or your BYOK key for any provider other than the one it belongs to.
Provider data handling: these providers are bound by their own API terms. Anthropic, OpenAI, Google, Mistral, and xAI each state that data submitted through their paid APIs is not used to train their models by default. We rely on those API terms and do not opt into any training programme. You should review the terms of whichever provider you select, and this is a specific reason to consider a BYOK plan (§6) if you want the provider relationship to be directly yours.
4.2 Infrastructure
| Sub-processor | Role | Location |
|---|---|---|
| Vercel Inc. | Application hosting and serverless execution | TODO: Vercel region |
| Neon Inc. | Managed PostgreSQL database | TODO: Neon region |
| Shopify Inc. | Your store, file storage, translations, billing | Per Shopify’s own terms |
4.3 Shopify APIs we call
- Shopify Partner API (
partners.shopify.com) — we send your shop ID to check that you have an active subscription before each generation. - Shopify App Events API (
api.shopify.com) — we send your shop ID, an event name (product_generated), and a count of 1 for each delivered analysis, so Shopify can bill you correctly (§7).
4.4 Nobody else
We do not sell your data. We do not share it for advertising or profiling. We do not disclose it to any party other than those listed above, except where we are legally required to.
5. Translations stay in Shopify
When the app translates your product, the translated title, description, and SEO texts are written directly into Shopify’s native translation store and are never saved in our database. You own and edit them in Shopify’s Translate & Adapt, exactly as if you had typed them yourself. If you uninstall the app, your translations remain in your store.
6. Bring your own key (BYOK)
On plans that enable it, you can supply your own AI provider API key.
- The key is encrypted with AES-256-GCM before it is written to our database. It is never stored in plaintext.
- It is decrypted in memory only, at the moment a generation runs, and is used solely to call the provider you selected.
- It is never logged, never shown back to you in full, and never sent anywhere except that provider.
- It is destroyed when you uninstall the app, as part of deleting your settings.
- When you use BYOK, your generations are billed by your AI provider directly to you, and we do not meter them to Shopify.
You can remove your key at any time in Settings.
7. Billing data
RE:CATALOG uses Shopify’s usage-based billing. We never see or handle your payment details.
For each analysis the app delivers to you, we queue and send one usage event to Shopify containing your shop ID, the event name product_generated, and a value of 1. Shopify applies your plan’s included units and bills the remainder on your Shopify invoice. We keep the queued event record so a failed send can be retried safely.
Exceptions: generations on BYOK plans and on the free plan are not metered to Shopify. On the free plan, the app counts your completed analyses per calendar month itself, in order to enforce the plan’s monthly allowance.
8. Retention and deletion
| Event | What happens |
|---|---|
| While installed | Settings, generation history, translation records, and usage events are retained so you can see your history and so billing stays correct. |
| You uninstall the app | Shopify sends an uninstall webhook. Any pending usage events are sent to Shopify first (Shopify accepts them for 24 hours after uninstall), then your session and all your settings — including your encrypted BYOK key — are deleted immediately. |
| 48 hours after uninstall | Shopify sends a shop/redact webhook. We then purge everything remaining: your generation history, all translation records, and all usage event records. Nothing about your shop remains in our database. |
customers/data_request, customers/redact |
We respond to Shopify’s mandatory webhooks, but we hold no customer data, so there is nothing to return or erase. |
You can also ask us to delete your data at any time by writing to TODO: privacy@…. Note that data you asked the app to write into your own store — draft products, files, translations — belongs to your store and is not ours to delete; you remove it in Shopify.
9. Security
- All traffic runs over HTTPS/TLS.
- BYOK API keys are encrypted at rest with AES-256-GCM.
- Every request from the app’s interface is authenticated with a Shopify session token; every webhook is verified against Shopify’s HMAC signature.
- Database credentials and API keys are held as environment secrets, not in source code.
- The app enforces a per-shop rate limit on generation requests to limit abuse.
No system is perfectly secure, but we take these measures to protect your data and will notify you and the relevant authorities of a personal data breach where the law requires it.
10. International transfers
Depending on the AI provider used, your product photos and shop context may be processed in the United States (Anthropic, OpenAI, Google, xAI) or the European Union (Mistral). Where data leaves the EEA/UK, transfers rely on the relevant provider’s Standard Contractual Clauses and supplementary measures.
If you need EU-only processing, select an EU-based provider where model selection is available to you, or use a BYOK plan with a provider and region of your choosing.
11. Legal basis (GDPR)
Where GDPR applies, we process this data on the basis of:
- Contract (Art. 6(1)(b)) — to provide the service you installed and to bill for it.
- Legitimate interests (Art. 6(1)(f)) — service monitoring, abuse prevention, and debugging.
You are the data controller for your store’s data; we act as data processor for the data you send through the app. Note that in practice the data we process on your behalf is business data about your products, not personal data about individuals.
12. Your rights
Where GDPR, UK GDPR, CCPA/CPRA, or a comparable law applies, you may request access to, correction of, export of, or deletion of your data, and may object to or restrict certain processing. Write to TODO: privacy@… and we will respond within the period the applicable law requires (30 days under GDPR). You may also lodge a complaint with your supervisory authority; ours is TODO: supervisory authority.
We do not sell personal information, and we do not share it for cross-context behavioural advertising, as those terms are defined under California law.
13. Children
RE:CATALOG is a business tool sold to merchants. It is not directed at children and we do not knowingly collect data from anyone under 16.
14. Changes
We may update this policy as the app changes. Material changes will be announced in the app or by email to the address on your Shopify account before they take effect. The “Last updated” date at the top always reflects the current version.
15. Contact
TODO: registered company name TODO: registered address Privacy: TODO: privacy@… Support: TODO: support@…
