Privacy Policy | Twyk AI

This Privacy Policy explains how Twyk AI ("the Service", "we", "us") collects, uses, stores, and protects your information. The Service is operated by Twyk AI from Hungary.

1. Information We Collect

1.1 Account Information

When you install the app, we collect:

Shopify store domain and store name
Shopify OAuth access token (for API access)
Email address (if you sign in via Google)
Name and profile image (if provided by Google OAuth)

1.2 Product and Collection Data

To generate AI content, we access and temporarily cache:

Product titles, descriptions, prices, images, vendors, types, and tags
Collection titles, descriptions, and images
Product images used as references for AI generation

This data is fetched from Shopify using the OAuth scopes you approve during installation: read_products, read_product_listings, write_products, write_files.

1.3 Generated Content

We store all AI-generated content including:

Generated text (summaries, benefits, SEO metadata, collection descriptions)
Generated images (product photos, badges, social ads, collection images)
Image alt text
Credit usage, token counts, and AI model information per generation
Your feedback ratings on generated content

1.4 Billing Information

We store your subscription plan, credit balance, transaction history, and Shopify charge references. We do not collect or store payment card information. All payments are processed by Shopify.

1.5 Cookies

We use a single session cookie (sppo_session) containing your user ID and shop domain, signed with HMAC-SHA256. It expires after 7 days. We do not use tracking cookies, advertising cookies, or third-party cookie-based analytics.

1.6 Analytics

We may use Vercel Analytics and Speed Insights to collect anonymized performance metrics (page load times, web vitals). These do not track individual users or use cookies.

2. How We Use Your Information

To provide the Service: Generate AI content based on your product and collection data
To manage billing: Track credit usage, process subscriptions, and handle purchases through Shopify
To improve the Service: Analyze aggregate usage patterns, generation quality, and performance metrics
To communicate: Send service-related notifications through the Shopify admin interface

We do not sell your data. We do not use your data for advertising.

3. Data Shared with Third Parties

Provider	Data Shared	Purpose
OpenRouter / Vercel AI Gateway	Product titles, descriptions, prices, tags, and reference images	AI content generation
Shopify	Billing charges, generated images (when uploaded to your store)	Payment processing and file storage
Cloud infrastructure (Vercel, Supabase/Cloudflare R2)	All application data	Hosting, database, and image storage
Vercel Analytics (optional)	Anonymized page views and performance metrics	Service performance monitoring

4. Data Storage and Security

Data is stored in PostgreSQL databases hosted on cloud infrastructure with encryption at rest
Generated images are stored in private S3-compatible storage (not publicly accessible)
Shopify access tokens are stored securely in the database
Session cookies are cryptographically signed (HMAC-SHA256)
All connections use HTTPS/TLS encryption in transit
We do not store payment card or banking information

5. Data Retention

Active accounts: Data is retained as long as the app is installed on your store
After uninstall: Billing state is cleared immediately. All remaining data (user records, products, collections, generations, credits) is deleted within 48 hours per Shopify's GDPR requirements
Credit expiry: Credit buckets expire 6 months after purchase
Generated images: Deleted when your account data is deleted

6. Your Rights (GDPR)

If you are in the European Economic Area, you have the right to:

Access your personal data
Rectify inaccurate data
Erase your data (right to be forgotten)
Restrict processing
Data portability
Object to processing

To exercise these rights, contact us at privacy@twyk.app. Alternatively, uninstalling the app from Shopify triggers automatic data deletion within 48 hours.

7. Customer Data

We do not access, collect, or store any data about your store's customers (shoppers). The app only accesses product catalog and collection data. Shopify's mandatory GDPR customer data requests are acknowledged but result in no action since we hold no customer data.

8. Children's Privacy

The Service is not directed to individuals under 18. We do not knowingly collect personal information from children.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated date. Continued use of the Service constitutes acceptance.

10. Contact

For privacy-related questions or requests, contact us at privacy@twyk.app.

Data Controller: Twyk AI, Hungary