Legal

Privacy Policy

Effective Date: October 10, 2025Last Updated: June 15, 2026

Vizby AI is committed to protecting the privacy and security of our merchants and their customers. This policy explains how we collect, use, store, share, and protect your data.

1.Who We Are

  • App Name: Vizby AI
  • Data Controller: Vizby AI
  • Contact Email: partner@vizby.ai
  • Website: vizby.ai

2.Data We Collect

We collect only the minimum data necessary to provide our app's functionality.

2.1 Shop Information

  • Shop domain and name
  • Shopify access tokens
  • Shop owner email address
  • Shop owner first and last name
  • Shopify user ID
  • Locale and account settings

2.2 Product Data (Temporary Processing Only)

  • Product titles, descriptions, types, vendors, tags, prices, and images
  • Purpose: Generate relevant blog content about your products
  • Retention: Not stored; processed in real-time only

2.3 Usage and Subscription Data

  • Subscription plan and billing status
  • Token usage counts (number of blog posts generated)
  • Payment and billing records (processed by Shopify)
  • Feature usage patterns (anonymous aggregated data only)

2.4 Technical Data

  • Session data (authentication state, session expiration)
  • Error logs and app performance metrics
  • API request logs (IP addresses, timestamps)

2.5 Generated Content

  • Blog post headlines and content created by the AI
  • Blog post metadata (creation dates, publishing status)
  • Images selected for blog posts

2.6 Data We Do NOT Collect

  • Customer personal information
  • Customer purchase history
  • Payment card details
  • Browsing behavior or analytics tracking
  • Social media data
  • Biometric or sensitive personal data

2.7 AI Training Data

We do not use your shop data, product information, or generated content to train or improve our AI models. All AI processing is performed on-demand for your specific use case only.

3.How We Collect Your Data

3.1 Directly From You

  • When you install the app and grant permissions
  • When you input blog topics, keywords, and select products
  • When you subscribe to a paid plan
  • When you contact our support team

3.2 Automatically From Shopify

  • Via Shopify Admin API during installation (scopes: read_products, write_blog_posts, read_shop)
  • Through OAuth authentication
  • From your Shopify store's product catalog (on-demand only)

3.3 From Your Use of the App

  • Session data while logged in
  • Usage statistics
  • Error logs for troubleshooting

3.4 What We Don't Collect

We minimize tracking and use only the tools necessary to provide and improve our service. We do not use browser fingerprinting, biometric or sensitive personal data, unnecessary cookies, or third-party ad networks unrelated to our app. We do use Google Analytics (to measure app performance) and Meta Pixel (to measure marketing performance and conversions).

4.Legal Basis for Data Processing (GDPR)

We process data under the following legal bases:

  • Contractual Necessity: When we provide our app's services and process billing through Shopify
  • Legitimate Interest: When we improve the app, ensure security, and prevent fraud
  • Legal Obligation: When we comply with tax, accounting, or regulatory laws
  • Consent: Marketing communications are based on your consent, which you can withdraw at any time

5.How We Use Your Data

We use your data to:

  • Authenticate your shop and secure your account
  • Generate AI-powered blog posts based on your products
  • Publish content to your Shopify store
  • Manage your subscription and process billing
  • Provide customer support
  • Send service notifications and updates
  • Troubleshoot technical issues
  • Prevent fraud and ensure security
  • Comply with legal and tax requirements
  • Improve app performance based on aggregated analytics

We never sell your data, share it without authorization, or process it for unrelated marketing purposes.

6.Cookies and Tracking Technologies

We use cookies and tracking technologies to make the app work correctly and to help us understand how it is used.

Essential Cookies

Required to maintain your login state and authenticate with Shopify. These cookies are strictly necessary for the app to function and cannot be disabled.

Analytics and Marketing Cookies

Google Analytics (Google LLC) helps us analyze traffic, understand feature usage, and improve performance. Meta Pixel (Meta Platforms, Inc.) helps us measure conversions and ad performance on Facebook and Instagram.

Cookie Consent

When you first install the app, we display a cookie consent notice. You may accept all cookies or customize your preferences to reject non-essential tracking cookies. Essential cookies cannot be disabled as they are required for app functionality.

7.Data Sharing and Third Parties

We share data only with essential service providers that enable our app to function.

Service Providers

We share information with:

  • Google Gemini AI (Google LLC) – to generate blog content using AI
  • Pexels API (Can Pty Ltd) – to provide stock images for your blog posts
  • Google Analytics (Google LLC) – to analyze traffic and app performance
  • Meta Pixel (Meta Platforms, Inc.) – to measure marketing conversions
  • Netlify (Netlify Inc.) – to host and run the app infrastructure
  • PostgreSQL Database Hosting – to store encrypted usage and subscription data

Sub-processors and Changes

We integrate with Shopify as part of the ecosystem, and Shopify's privacy policy applies to all data shared through its platform. We notify merchants of any changes to sub-processors and provide an opportunity to object. You will be notified via email and in-app message of any material changes.

Legal Disclosures

We may disclose data when required by law, in legal processes, or during mergers and acquisitions, with proper notice provided.

8.Image Sources and Copyright Responsibility

Our app integrates with the Pexels API to automatically provide free stock images for generated blog posts. All images supplied by Pexels are licensed under the Pexels License, which allows free use for commercial and personal purposes without requiring attribution. We do not own or control the images provided by Pexels and cannot guarantee that all images are free from third-party rights. By using images provided by our app, you acknowledge that you are responsible for how those images are used. Vizby AI is not liable for any claims, disputes, or copyright issues raised by third parties.

9.Automated Content Posting (Autopilot) and Merchant Responsibility

The App includes an optional automated background agent feature (Autopilot) that generates and publishes blog posts directly to your live Shopify store based on your customized configuration. Our AI system does not make binding decisions about your account or store — it only executes the rules and parameters you configure. Because the background agent acts strictly according to your rules, you assume absolute responsibility for all text and media added to your store. We do not manually screen or approve automatically posted content and are not liable for any damages or issues arising from unreviewed content published by the App.

10.International Data Transfers

Your data may be processed outside your country of residence, primarily in the United States and Australia. We implement safeguards such as Standard Contractual Clauses (SCCs), adequacy decisions, encryption, and strict access controls to ensure compliance with international privacy standards.

11.Your Rights and Consent

You have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your data (right to be forgotten)
  • Restrict the processing of your data
  • Request a copy of your data
  • Object to certain processing activities
  • Withdraw consent for marketing communications

How to Exercise Your Rights

To exercise your rights, email partner@vizby.ai with the subject line "Data Privacy Request – [Your Shop Domain]." We respond within 10 business days as required by law.

Marketing Communications

If you receive marketing emails from us, you can unsubscribe by clicking the unsubscribe link in the email or contacting us directly at partner@vizby.ai. You will be removed from our mailing list within 10 business days.

12.Data Retention

We keep your data only as long as necessary for the purposes described.

  • Active subscription data: Retained for the duration of your plan plus 30 days
  • Session data: Stored for up to 7 days
  • Usage logs: Retained for 90 days
  • Token usage records: Retained for one year
  • Billing data: Retained for seven years as required by law

When you uninstall the app, we immediately revoke API access tokens and permanently delete your data within 30 days, except for billing records retained as required by law.

13.Data Security

We apply strict security measures to protect your data:

  • Encryption in transit: TLS 1.3
  • Encryption at rest: AES-256
  • Access controls: Role-based access, least-privilege principle
  • Secure APIs: OAuth 2.0 authentication
  • Multi-factor authentication: For team access
  • Regular security audits and penetration tests
  • Infrastructure protection: Firewalls, DDoS protection, intrusion detection, continuous monitoring

14.Data Breach Notification

If a data breach occurs, we will notify affected merchants and regulatory authorities within 72 hours, as required by law. We will provide details about the nature and scope of the breach, potential risks, steps we are taking to address it, and recommended protective measures.

15.Data Protection Roles and Responsibilities

You (the merchant) act as the Data Controller for your Shopify store data. We (Vizby AI) act as a Data Processor on your behalf. As your processor, we: process data only according to your instructions, maintain confidentiality and security of all data, assist with compliance with privacy laws, delete or return data when no longer needed, and maintain detailed records of processing activities.

16.Children's Privacy

Our app is intended for business use only and is not designed for individuals under 16 years old. We do not knowingly collect any data from minors. If such data is found, it will be deleted immediately.

17.Compliance with Privacy Laws

We comply with all major international privacy regulations, including:

  • GDPR (European Union)
  • CCPA/CPRA (California)
  • PIPEDA (Canada)
  • UK GDPR (United Kingdom)
  • LGPD (Brazil)

Residents in these regions have rights to access, delete, or limit data processing. You can contact your local data protection authority if you believe your rights have been violated.

18.Changes to This Privacy Policy

We may update this policy from time to time to reflect legal changes, new features, or improved privacy practices. When changes are material, we will update the Last Updated date, notify you by email, show an in-app message, and post a notice on vizby.ai. Continued use of the app after updates means you accept the revised policy.

19.Data Processing Agreement (DPA)

If you require a formal Data Processing Agreement, contact partner@vizby.ai. A standard DPA template is available for download in your account settings, or we can work with your legal team to customize terms.

20.Contact Us

For any privacy-related questions or requests, contact us at:

  • Email: partner@vizby.ai
  • Subject Line: "Privacy Inquiry – [Your Shop Domain]"
  • Response Time: Within 10 business days
  • Website: vizby.ai

21.Supervisory Authorities

If you are not satisfied with our response to your privacy inquiry, you may contact your regional privacy authority:

  • EU/EEA residents: edpb.europa.eu
  • UK residents: ico.org.uk
  • California residents: oag.ca.gov/privacy
  • Canadian residents: priv.gc.ca

Questions about your privacy?

We respond within 10 business days.

Contact Us at partner@vizby.ai