Privacy Policy

OptimaFlow builds apps for Shopify merchants, including OptimaFlow SEO & AI Search. This policy explains what data our apps access, why, and what happens to it. It applies to all OptimaFlow apps installed from the Shopify App Store.

When you install one of our apps, we collect and store:

• Store information — your myshopify.com domain and the API access token Shopify issues to the app.
• Store content — product, collection, page, and blog data (titles, descriptions, images, meta tags, handles) needed to run SEO scans and apply the changes you request.
• Google Search Console data — only if you explicitly connect your Google account: search analytics (impressions, clicks, queries) and index coverage data for your store's domain.
• App usage data — plan selection, feature settings, and scan results, so the app remembers your configuration.

• We do not collect, store, or process your customers' personal data (names, emails, addresses, orders, or payment details).
• We do not place tracking scripts on your storefront.
• We do not sell or rent any data to third parties. Ever.

• To run SEO audits and show you prioritized fixes.
• To apply the edits you approve (meta tags, alt text, redirects, schema, llms.txt).
• To display your Google Search Console metrics inside the app.
• To provide support and improve app reliability.

When you use AI features (such as AI bulk optimization), the relevant store content — product titles and descriptions — is sent to Anthropic's Claude API to generate suggestions. Per Anthropic's commercial API terms, this data is not used to train AI models. AI suggestions are only applied to your store after you review and approve them.

If you connect Google Search Console, our use of data received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We only read search analytics and index data for your own verified property, never modify anything in your Google account, and never transfer this data to anyone else. You can revoke access at any time from the app's settings or from your Google account permissions page.

Data is stored in encrypted PostgreSQL databases and transmitted exclusively over HTTPS. Access tokens are stored server-side and are never exposed to your storefront or to other merchants. Our infrastructure providers (subprocessors) are: Shopify (platform), Neon (database), Fly.io (hosting), Upstash (cache), Cloudflare (file storage), Google (Search Console API, only if connected), and Anthropic (AI processing, only when AI features are used).

• When you uninstall an app, Shopify sends us a deletion request and all data associated with your store is permanently deleted within 48 hours — including cached content, settings, subscriptions, and session data.
• We honor all Shopify GDPR webhooks (customers/data_request, customers/redact, shop/redact) automatically.
• You may also request immediate deletion at any time by contacting us.

Depending on your location (including under GDPR and CCPA), you have the right to access, correct, export, or delete the data we hold about your store, and to object to or restrict processing. Contact us using the email below and we will respond within 30 days.

If we make material changes to this policy, we will update this page and note the new effective date below. Continued use of the apps after changes take effect constitutes acceptance of the revised policy.

Questions or data requests: hello@optimaflow.id