Privacy Policy

1. Introduction

Welcome to ContentPilot AI. This Privacy Policy explains how Gubler - Multimedia und Print ("we", "us", or "our") collects, uses, and protects your information when you use our Shopify application.

By installing and using ContentPilot AI, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Store Information

When you install ContentPilot AI, we collect:

• Store name and Shopify domain
• Store owner email address
• Store URL and basic store settings
• OAuth access tokens (securely stored and encrypted)

2.2 Content Data

To provide our AI-powered content services, we access and temporarily process:

• Product descriptions, titles, and metadata
• Collection information
• Blog articles and pages
• Store policies
• Theme content and translations
• Navigation menus

2.3 Usage Data

We collect information about how you use the app:

• Features used and actions performed
• Translation and content generation requests
• API usage and performance metrics
• Error logs and debugging information

2.4 Subscription Information

If you subscribe to a paid plan:

• Subscription plan and billing cycle
• Payment status (processed by Shopify)
• Usage limits and current usage

3. How We Use Your Information

We use the collected information for:

• Service Delivery: To generate and translate the specific store content you request
• Content Processing: To send the content you select to the AI provider you configured, using your own API key, solely to produce the requested output
• Technical Support: To troubleshoot issues and provide customer support
• Billing Management: To process subscriptions and manage plan limits
• Security: To detect and prevent fraud, abuse, and security issues
• Compliance: To comply with legal obligations and enforce our terms

4. Third-Party Services

4.1 AI Service Providers

ContentPilot AI sends store content to a third-party AI provider only when you explicitly trigger an AI generation or translation action, and onlyusing your own API key that you configure in the app's settings.ContentPilot AI does not provide a shared or operator-owned API key: without your own key, no content is ever sent to any AI provider. Depending on the provider you choose, the content you submit (e.g. product titles, descriptions, SEO fields, store policies, image URLs) is sent to one of the following providers:

• Hugging Face: Text generation and translation
• Google Gemini: Text generation and translation
• Anthropic Claude: Text generation and translation
• OpenAI: Text generation and translation
• Grok (X.AI): Text generation and translation
• DeepSeek: Text generation and translation

Content is sent solely to produce the output you requested. It is processed transiently by the provider to generate a response and is not used byContentPilot AI to train any machine-learning or AI models. The handling of your content by each provider is governed by that provider's own terms and privacy policy. Most of these providers process data on infrastructure located outside the European Union (for example, in the United States); by selecting a provider and submitting content you consent to this international transfer (see also Section 9). Please review the respective privacy policies:

• Hugging Face: https://huggingface.co/privacy
• Google: https://policies.google.com/privacy
• Anthropic: https://www.anthropic.com/privacy
• OpenAI: https://openai.com/privacy
• Grok (X.AI): https://x.ai/legal/privacy-policy
• DeepSeek: https://cdn.deepseek.com/policies/en-US/deepseek-privacy-policy.html

4.2 Shopify Platform

ContentPilot AI is built on the Shopify platform. Your store data is stored in accordance with Shopify's Privacy Policy.

4.3 Hosting & Infrastructure

Our application is hosted on Railway.app, which provides secure cloud infrastructure. Data is stored in encrypted databases within the EU region.

5. Data Storage and Security

5.1 Data Storage

We store the following data in our secure database:

• Store credentials (encrypted)
• AI provider API keys (encrypted with AES-256)
• Cached content for performance optimization
• Subscription and billing information
• Usage statistics and logs

5.2 Security Measures

We implement industry-standard security practices:

• SSL/TLS encryption for all data in transit
• AES-256 encryption for sensitive data at rest
• Secure OAuth 2.0 authentication
• Regular security audits and updates
• Access controls and authentication
• Automated backups

5.3 Data Retention

• While Installed: Your store data is retained for as long as the app is installed
• On Uninstall (immediate): Authentication/session data is deleted immediately when you uninstall the app
• On Uninstall (remaining data): All remaining store data is deleted in response to Shopify's shop/redact request (typically about 48 hours after uninstall) and, as a guaranteed fallback, no later than 30 days after uninstall by an automated cleanup job
• Operational Data: Transient data such as background jobs, webhook logs and performance caches is pruned within days by routine maintenance
• Legal Requirements: GDPR compliance audit logs are retained for 3 years (Art. 5(2) GDPR accountability); other legally required data may be retained longer

6. Data Sharing and Disclosure

We do NOT sell, rent, or trade your data. We only share data in the following circumstances:

• With AI Providers: Only the content necessary for processing
• With Shopify: As required by the Shopify platform
• Legal Requirements: If required by law or legal process
• Business Transfer: In the event of a merger or acquisition
• With Your Consent: Any other sharing only with your explicit permission

7. Your Rights (GDPR & Privacy)

You have the following rights regarding your data:

• Access: Request a copy of your data
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your data (uninstall the app)
• Export: Request a machine-readable export of your data
• Restriction: Request limitation of data processing
• Objection: Object to certain types of processing
• Portability: Transfer your data to another service

To exercise these rights, please contact us at gublerra@gmail.com

8. Cookies and Tracking

ContentPilot AI uses minimal cookies and tracking:

• Session Cookies: Required for authentication and app functionality
• Shopify Cookies: Set by the Shopify platform
• No Third-Party Tracking: We do not use third-party analytics or advertising cookies

9. International Data Transfers

Your data is primarily stored in EU data centers. If you are located outside the EU, your data may be transferred to and processed in the EU. We ensure appropriate safeguards are in place for such transfers.

10. Children's Privacy

ContentPilot AI is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Updating the "Last Updated" date at the top
• Sending a notification within the app
• Sending an email to your store's email address

Continued use of the app after changes constitutes acceptance of the updated policy.

12. Contact Information

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

13. Shopify App Store Requirements

This app complies with Shopify's App Store Requirements and Shopify API Terms.