Preferd← Back to home
Legal

Data Processing Addendum

Last updated: July 5, 2026

This Data Processing Addendum ("DPA") forms part of our Terms of Service and applies whenever Preferd processes data from your store on your behalf. It reflects the requirements of Article 28 GDPR. Using the app is acceptance of this DPA — no signature needed. If you need a countersigned copy for your records, email us.

Roles

For store data processed through the app, you (the merchant) are the controller and Ander Pascal Ciaurri (operating Preferd) is the processor. Shopify acts as a separate processor/controller under its own terms with you.

Subject matter, duration, nature and purpose

Processing covers the operation of Preferd: auditing and scoring your product catalog, generating and applying content optimizations you request, measuring AI visibility and AI-sourced traffic, and enforcing plan limits. It lasts while the app is installed on your store and ends with deletion on uninstall (see section 6).

Categories of data and data subjects

The app is deliberately scoped to catalog data, not people. We do not read customers, orders or payment details, and the storefront pixel stores no personal data, IP addresses or customer identifiers. Data processed:

  • Your Shopify store domain and the app's access token (encrypted at rest).
  • Product data we read to score and optimize: titles, descriptions, tags, image alt text, SEO metadata, product type/category, vendor/brand, GTIN/barcodes and metafields.
  • Computed GEO scores, the optimizations you generate and apply, and before/after snapshots used for the lift and one-click revert.
  • Your subscription plan and usage counters (to enforce plan limits).
  • AI-visibility check results and the competitors you choose to track.
  • Aggregate AI-traffic analytics: when a storefront visit or order arrives from an AI assistant (e.g. ChatGPT, Perplexity, Gemini), we record the AI source, the landing page path and the order value — in aggregate daily totals, with consent, and with no personal data, IP address or customer identifiers. Raw events are pruned after 90 days; the anonymous aggregates are kept to show your AI-traffic trend.

Data subjects are limited to you and your staff (store domain, app session) — not your customers.

Our obligations as processor

  • Process store data only to provide the service and on your documented instructions (given through the app's controls), never for our own purposes. We do not sell data or use it to train AI models.
  • Ensure persons authorized to process the data are bound by confidentiality.
  • Apply appropriate technical and organizational measures: HTTPS in transit, managed PostgreSQL at rest, server-side secrets, OAuth with least-privilege scopes, server-side authorization checks on every action.
  • Assist you with data-subject requests and with your GDPR obligations (Articles 32–36), including breach notification without undue delay after becoming aware of a personal data breach.
  • Make available the information necessary to demonstrate compliance and allow audits, which for a service of this scale we satisfy through this documentation and written answers to reasonable security questionnaires.

Subprocessors

You authorize the following subprocessors. Each receives only the data needed for its function:

  • Shopify

    Hosts your store, authorizes the app (OAuth), provides the product data we read/write, and processes all billing.

    Data shared: Store domain, app session, billing status.

  • Railway

    Application hosting and our PostgreSQL database (data at rest).

    Data shared: All data the app stores about your store (see “What we store”).

  • OpenAI

    Generates AI content suggestions when you request an optimization (server-side only, on demand, via an OpenAI-compatible API).

    Data shared: The specific product fields you choose to optimize (title, description, tags, alt text, SEO meta).

  • Perplexity

    Powers AI-visibility checks — queries an AI assistant to see whether your store is recommended.

    Data shared: Your store/brand name, product category and the buyer-style search queries used for the check.

We will update this list before adding or replacing a subprocessor. If you object to a change on reasonable data-protection grounds, your remedy is to uninstall the app, which deletes your data.

Deletion and return

Uninstalling the app permanently deletes all data tied to your store (cascade delete), and we honor Shopify's mandatory shop/redact webhook as a backstop. Because the app holds no customer personal data, customers/data_request and customers/redact return empty by design. You can export your product scores as CSV at any time before uninstalling.

International transfers

Subprocessors may process data outside the EU/EEA (e.g. in the United States). Where they do, transfers rely on appropriate safeguards — the providers' Standard Contractual Clauses and, where applicable, the EU–US Data Privacy Framework.

Contact

Privacy questions and data-protection requests: [email protected]. See also the Privacy Policy.