Privacy Policy

Effective date: 3 May 2026 · Last updated: 3 May 2026

This privacy policy explains what data the Catalog Cleanup AI Shopify app ("the app", "we", "our") processes, why, and how. It applies to merchants worldwide who install the app on their Shopify store.

Where applicable under the EU General Data Protection Regulation (GDPR, if you are an EU/EEA resident), the UK Data Protection Act 2018, Moldovan Law 133/2011 on personal data protection (which applies to us as the data controller), or comparable laws in your jurisdiction, Catalog Cleanup complies with the data-protection obligations outlined below.

Shopify relationship. Catalog Cleanup is an independent third-party app provider. Shopify is not a party to this privacy policy and is not responsible for Catalog Cleanup's data practices. Shopify's own privacy policy governs the data Shopify itself processes.

Data controller Petru Virtos, Antreprenor Independent
Cod fiscal: 1026023032469
Chișinău, Republic of Moldova
Contact: support@catalogcleanup.app

Summary in one paragraph

Catalog Cleanup AI processes shop-level catalog metadata only — product titles, descriptions, SEO fields, and image alt text. We do not store customer personal data, order history, or any data scoped to individual shoppers. When Shopify forwards a customer-data request or redaction request to our app, we acknowledge the webhook and log it for audit purposes; there is no customer-scoped data on our side to return or scrub. When a shop uninstalls our app, all shop-scoped data is permanently deleted within Shopify's 48-hour shop-redaction window.

What data we process

When you install Catalog Cleanup on your Shopify store, we access and store:

Shop metadata: shop domain (e.g. your-store.myshopify.com), Shopify session tokens, your installed app preferences and subscription status.
Product catalog data, on demand: product titles, descriptions, SEO meta fields, and image alt text — only for products you select for rewriting. We read this from Shopify's Admin API, generate AI rewrite proposals, and store both the original and proposed values so you can review the diff and undo within 90 days.
Run history: records of which rewrite batches you generated, approved, applied, and reverted. Used to power the in-app dashboard and the 90-day undo window.
Operational logs: server-side logs of API requests, errors, and webhook deliveries. Retained for debugging and abuse prevention for 30 days, then permanently deleted.

If you use the public AI demo on catalogcleanup.app/demo (no Shopify install required), we also process:

Demo input you submit: the product title, description, and voice preset you paste into the form. Sent to Anthropic (see "Sub-processors") for the rewrite, then stored only as an opaque counter — we do not retain the text you submitted after the response is returned to your browser.
Your email address, if you choose to provide one: stored to enforce a per-email cap on demo rewrites and to send a one-time verification link. Used only for the demo gate; never added to marketing lists, never shared.
A one-way SHA-256 hash of your IP address (not the IP itself), used to enforce the per-visitor free-try cap. The hash cannot be reversed to identify you.
A Cloudflare Turnstile captcha verification token, processed by Cloudflare per their privacy policy and not stored on our side.

What we do not process

Customer personal data (names, emails, addresses, phone numbers).
Order history or payment information.
Any data scoped to individual shoppers visiting your store.
Data from any other Shopify app or external service you use.

Why we process this data

To provide the service: read your selected products, generate AI rewrites, present diffs, apply approved changes, and support 90-day undo.
To bill correctly: Shopify handles all payment processing through its Billing API. We track your usage (number of products rewritten) to enforce subscription quotas; we never see your card details.
To send operational emails: trial-end reminder, quota warnings. Sent via Resend (see "Sub-processors" below) to your Shopify-listed shop owner email.
For security and compliance: webhook deduplication, rate limiting, abuse detection.

Legal basis

Where applicable under the EU General Data Protection Regulation (GDPR) or comparable laws (Moldovan Law 133/2011 on personal data protection), we rely on the following legal bases:

Contract performance — to provide the service you've subscribed to.
Legitimate interest — for security, abuse prevention, and operational logging. Operational logs we retain are aggregated and non-sensitive (request paths, status codes, timing), do not profile merchant behavior, and access is restricted to the data controller; we have determined that this interest does not override merchant rights.
Legal obligation — to respond to Shopify's GDPR webhooks and other lawful requests.

Sub-processors

Catalog Cleanup uses the following third-party services to operate. Each is a sub-processor under GDPR; data shared is limited to what's necessary for that service.

Anthropic, PBC (San Francisco, USA) — AI rewrite generation via the Claude API. We send the product fields you've selected for rewriting. Anthropic processes the request, returns the rewrite, and does not retain, train on, or use the data for any purpose other than fulfilling the request. Anthropic's privacy policy.
Railway Corp. (USA) — application hosting and database. Railway's privacy policy.
Resend, Inc. (USA) — operational email delivery. Resend's privacy policy.
Cloudflare, Inc. (USA) — DNS, edge proxy, email routing for the support inbox, and Turnstile captcha verification on the public AI demo at catalogcleanup.app/demo. Cloudflare's privacy policy.
Shopify Inc. (Canada) — the platform Catalog Cleanup runs on. Shopify is the data processor for everything you do inside the Shopify Admin. Shopify's privacy policy.
Functional Software, Inc. (Sentry) (USA) — error tracking and exception monitoring. We send error events from the app to Sentry to diagnose bugs. Events are scrubbed of personal data, request payloads, cookies, and headers before transmission; cost and model identifiers never reach Sentry. Sentry's privacy policy.

Shop-scoped data may be transferred outside Moldova and the EU/EEA in the course of using these sub-processors. Where applicable, transfers rely on Standard Contractual Clauses or equivalent safeguards.

Changes to the sub-processor list. If we add a new sub-processor, we will notify installed merchants by email at least 30 days before the change takes effect. Merchants may object to a new sub-processor by emailing support@catalogcleanup.app within that window; if a reasonable objection cannot be resolved, the merchant may terminate the service by uninstalling without penalty.

Retention and deletion

While installed: we retain your shop's run history, including original and proposed catalog values, to power the 90-day undo window and the acceptance-rate dashboard.
Diffs that are never approved: if you generate a rewrite proposal but never approve, reject, or apply it, the original and proposed values are automatically deleted 90 days after generation.
Applied runs: after the 90-day undo window closes, we remove the original-value snapshots that powered undo and retain only summary metadata (run id, timestamps, counts) for the acceptance-rate dashboard. The applied catalog content lives in your Shopify store, not in our database.
CSV export: you can export your run history as CSV at any time while the app is installed via the in-app /app/export/history route. After uninstall, the export is available during Shopify's 48-hour shop-redaction grace window; after permanent deletion, no export is possible.
After uninstall: we keep your shop's data during Shopify's 48-hour shop-redaction grace window, in case you reinstall.
On shop/redact webhook (fires 48 hours after uninstall): we permanently delete all shop-scoped data — run history, diffs, subscription record, usage events, email logs, and webhook records.
Anti-abuse trial ledger: to prevent abuse of our 14-day free trial, we retain a one-way hash of your store domain after data redaction. This hash cannot be reversed to identify your store and carries no personal information. We use it solely to determine whether a returning install has previously used our trial. No other data is retained beyond the shop/redact webhook described above.
Refund-dispute evidence: we also retain an anonymized billing summary on uninstall (hashed shop domain, aggregate usage and charge totals) to defend against fraudulent refund or chargeback claims. No personal data is retained — the row contains only the same one-way hash and numeric counters.
Public AI demo (no install): the hashed IP and the rewrite counter are retained for 90 days after your last demo rewrite, then deleted, so the per-visitor and per-email caps can do their job. If you provided an email, it is deleted on the same schedule. To request earlier deletion, email support@catalogcleanup.app from the address you used in the demo.

Shopify GDPR webhooks

Shopify forwards three privacy-related webhooks to all installed apps. Here is exactly how Catalog Cleanup handles each:

customers/data_request — Shopify forwards a customer's request for the data you hold about them. Because Catalog Cleanup never processes customer personal data, we have nothing to return. We acknowledge the webhook, log it for audit purposes, and respond 200 OK. We do not contact your customer, do not transmit data to any third party, and do not initiate any further action based on this webhook.
customers/redact — Shopify forwards a request to delete a specific customer's data. Because Catalog Cleanup never stores customer-scoped data, there is nothing to delete. We acknowledge the webhook, log it for audit purposes, and respond 200 OK. We do not contact your customer.
shop/redact — Shopify forwards a request to delete the shop's data 48 hours after uninstall. We delete all shop-scoped records as described under "Retention and deletion" above.

Your rights

If you are a merchant in the EU/EEA or another jurisdiction with comparable data protection laws, you have the following rights regarding the data we hold about your shop:

Access — view your run history at any time inside the app, or export it as CSV via the in-app history export route.
Rectification — your catalog data is yours to edit in Shopify; we mirror what you have there. Request changes to non-catalog records (e.g. operational logs) by emailing support.
Deletion — uninstall the app. Your shop-scoped data is permanently deleted within Shopify's 48-hour redaction window. No further action required.
Portability — export your run history as CSV via the in-app export route.
Objection / restriction — email support@catalogcleanup.app to request that we stop a specific processing activity.
Lodge a complaint — with your local data protection authority. In Moldova, the National Center for Personal Data Protection (CNPDCP) at https://datepersonale.md. In the EU, your national supervisory authority.

Cookies and tracking

Catalog Cleanup is an embedded Shopify app. We use only essential cookies set by the Shopify SDK to maintain your authenticated session inside the Shopify Admin. We do not use analytics, advertising, or tracking cookies.

Security

We follow standard practices for protecting the data we hold:

All traffic is encrypted in transit (TLS).
Data at rest is encrypted by our hosting provider.
Webhook payloads are verified with HMAC signatures before any processing.
All inbound data is validated before being written to the database.
API keys for sub-processors are stored as environment secrets, never in source code.
Access to production systems is restricted to the data controller.

If you believe you have found a security issue, please email support@catalogcleanup.app. We aim to acknowledge reports within two business days.

Breach notification. If we become aware of a security breach affecting shop-scoped data we hold, we will notify affected merchants by email without undue delay and, where required by GDPR, no later than 72 hours after becoming aware of the breach. The notification will describe the nature of the breach, the categories and approximate volume of data affected, the likely consequences, and the measures we are taking to address it. We will also cooperate with Shopify's incident-response procedures and with the competent supervisory authority where required.

Children

Catalog Cleanup is a B2B tool sold exclusively to Shopify merchants and is not directed at children. We rely on Shopify's age and account verification at install time and do not collect age data ourselves. If we are notified that a minor has accessed the service, we will delete any associated records on receipt of a credible report.

Changes to this policy

If we materially change how we process data, we will update this policy and notify installed merchants by email at least 30 days before the change takes effect. Minor clarifications will be reflected here with an updated "Last updated" date.

Contact

For privacy questions or to exercise your rights, email support@catalogcleanup.app.