Privacy policy.

When you connect your Shopify store, OptAEO accesses your product data — titles, descriptions, images, prices, variants, metafields — through the Shopify Admin API. We also collect your email address and store domain during signup. We do not access customer data, orders, or payment information.

Product data is used solely to scan for quality issues, generate AI-powered fixes, compute AEO scores, and run compliance checks. We do not sell, rent, or share your product data with third parties.

AI processing is performed via API calls to language-model providers — Anthropic (Claude), OpenAI (GPT-4o-mini), Google (Gemini), and Perplexity. Your data is sent as input, processed to generate the requested fix, and not stored by these providers beyond the request lifecycle. None of the providers we use train models on your data under their default API contracts.

Your data is stored in Supabase (PostgreSQL) with row-level security enabled. Data is encrypted at rest and in transit. Our infrastructure is hosted on Vercel (serverless) and Supabase (AWS, eu-central-1).

We retain your product data for as long as your account is active. When you uninstall the app or delete your account, all associated product data is permanently deleted within 30 days.

OptAEO requests two Shopify API scopes: read_products (to read your catalog) and write_products (to apply fixes). These are the minimum permissions needed to operate. You can revoke access at any time by uninstalling the app from your Shopify admin.

We use essential cookies only — to maintain your session. We do not use advertising cookies or third-party trackers, and we do not inject any tracking onto your storefront.

If you connect GA4 analytics (optional, Business plan and above), this is your own Google Analytics property — we read aggregate metrics only.

You can request a copy of your data, correction of inaccurate data, or deletion of your data at any time by emailing support@optaeo.ai.

If you are in the EU/EEA, you have rights under the GDPR including data portability and the right to lodge a complaint with a supervisory authority. If you are in California, you have rights under the CCPA including the right to know what personal information we collect.

OptAEO acts as a data processor on behalf of the merchant (the data controller) for product data. We process data based on the contractual necessity of providing the service.

For AI processing, data is transmitted to model providers via encrypted API calls and is not used to train models. Sub-processors include Supabase (data hosting), Vercel (application hosting), Anthropic, OpenAI, Google, and Perplexity (AI inference).

We may update this policy to reflect changes in our practices or legal requirements. Material changes will be notified by email. Continued use of OptAEO after changes constitutes acceptance of the updated policy.

For any inquiry — privacy, support, or legal — email support@optaeo.ai.