Preferd← Back to home
Legal

Privacy Policy

Last updated: June 26, 2026

This policy explains what data Preferd (“we”, “us”) collects when you install and use the app, how we use it, who we share it with, and your rights. We only collect what we need to score and optimize your catalog. We never sell your data.

Who we are

Preferd is a Shopify app operated by Ander Pascal Ciaurri. You can reach us about privacy at [email protected].

What we store

When you install Preferd you authorize it (via Shopify OAuth) to read and write your products. We request the minimum scopes needed (read_products, write_products). We store:

  • Your Shopify store domain and the app's access token (encrypted at rest).
  • Product data we read to score and optimize: titles, descriptions, tags, image alt text, SEO metadata, product type/category, vendor/brand, GTIN/barcodes and metafields.
  • Computed GEO scores, the optimizations you generate and apply, and before/after snapshots used for the lift and one-click revert.
  • Your subscription plan and usage counters (to enforce plan limits).
  • AI-visibility check results and the competitors you choose to track.

We do not access or store your customers’ personal data, orders, or payment details. We do not place cookies or trackers beyond what Shopify’s embedded-app framework requires to keep you signed in.

How we use your data

  • To compute a deterministic GEO score for each product and show you what to improve.
  • To generate AI content suggestions when you request an optimization, and to apply them to your store when you approve.
  • To measure whether AI assistants recommend your store (AI-visibility checks) and to compare you against your sector.
  • To enforce your plan’s limits and process billing via Shopify.
  • To provide support and keep the service secure and reliable.

We do not use your data to train AI models, and we do not sell, rent or share it for advertising.

Who we share it with (subprocessors)

We rely on a small number of trusted providers to run Preferd. Each only receives the data needed for its function:

  • Shopify

    Hosts your store, authorizes the app (OAuth), provides the product data we read/write, and processes all billing.

    Data shared: Store domain, app session, billing status.

  • Railway

    Application hosting and our PostgreSQL database (data at rest).

    Data shared: All data the app stores about your store (see “What we store”).

  • DeepSeek

    Generates AI content suggestions when you request an optimization (server-side only, on demand).

    Data shared: The specific product fields you choose to optimize (title, description, tags, alt text, SEO meta).

  • Perplexity

    Powers AI-visibility checks — queries an AI assistant to see whether your store is recommended.

    Data shared: Your store/brand name, product category and the buyer-style search queries used for the check.

We may also disclose data if required by law, or to protect our rights and the safety of users.

Data retention & deletion

We keep your data only while the app is installed. When you uninstall Preferd, we permanently delete your store’s data (cascade delete of all records tied to your shop), and we honor Shopify’s mandatory GDPR webhooks:

  • customers/data_request — we hold no customer personal data, so there is nothing to return.
  • customers/redact — no customer data is stored to redact.
  • shop/redact — we erase all data associated with your store.

Security

Data is transmitted over HTTPS and stored in a managed PostgreSQL database. Access tokens and API keys are kept as server-side secrets, never exposed to the browser. All calls to Shopify and third-party AI providers happen server-side. We apply least-privilege scopes and server-side checks on every action.

Your rights

Depending on your location (e.g. the EU/EEA under GDPR), you may have the right to access, correct, export or delete your data, and to object to certain processing. You can exercise these rights at any time by uninstalling the app (which deletes your data) or by contacting us at [email protected].

International transfers

Our providers may process data in countries outside your own. Where required, transfers rely on appropriate safeguards such as the providers’ Standard Contractual Clauses.

Changes to this policy

We may update this policy as the app evolves. We will revise the “Last updated” date above and, for material changes, notify you in-app. Continued use after changes means you accept the updated policy.