Privacy Policy

1. Introduction

Shott.ai (“we,” “our,” or “us”) is committed to protecting your privacy and complying with applicable data protection laws, including the General Data Protection Regulation (GDPR) and other regional privacy regulations. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Shopify application.

Our Commitment: We never sell your personal data to third parties. Your data is used solely to provide and improve our services.

2. Data Controller Information

Data Controller: Shott.ai
Contact Email: privacy@shott.ai
Data Protection Officer: dpo@shott.ai
Jurisdiction: Ireland

3. Information We Collect

3.1 Information from Shopify APIs

When you install our app, we access the following data through Shopify's APIs:

• Store information (name, domain, email, owner details)
• Product data (titles, descriptions, images, variants, prices, inventory)
• Customer information (only if explicitly granted permission)
• Order information (only if required for video generation features)

3.2 Information You Provide Directly

• Account registration information
• Video customization preferences and settings
• Support tickets and communication
• Billing information (processed by Shopify)
• Feedback and survey responses

3.3 Automatically Collected Information

• Usage data and analytics (features used, video generation statistics)
• Log data (IP addresses, browser type, access times)
• Device information (operating system, browser version)
• Performance metrics and error reports

4. Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds:

• Contract Performance: To provide our video generation services as agreed in our Terms of Service
• Legitimate Interests: To improve our services, ensure security, and prevent fraud
• Consent: For marketing communications and optional features
• Legal Obligations: To comply with applicable laws and regulations

5. How We Use Your Information

We use the collected information for the following purposes:

• Generate AI-powered product videos using your product data
• Provide, maintain, and improve our services
• Process transactions and manage your subscription
• Send service-related notifications and updates
• Respond to support requests and provide customer service
• Analyze usage patterns to enhance user experience
• Ensure security and prevent fraudulent activities
• Comply with legal obligations and Shopify requirements
• Send marketing communications (with your consent)

6. Data Sharing and Third-Party Services

We never sell your personal data. We only share your information with trusted service providers necessary for our operations:

• Google Cloud Platform: Infrastructure, data storage, and processing
• Firebase (Google): Authentication and real-time database
• AI Service Providers: Video generation and content creation
• Shopify: App integration, billing, and payment processing
• Analytics Providers: Usage tracking and performance monitoring
• Email Service Providers: Transactional and marketing emails

All third-party providers are bound by data processing agreements and are prohibited from using your data for their own purposes.

7. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place for international transfers, including:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions for countries with equivalent data protection laws
• Certification under approved frameworks (e.g., EU-US Data Privacy Framework)

8. Data Security

We implement comprehensive security measures to protect your data:

• Encryption in transit (TLS/SSL) and at rest (AES-256)
• Access controls and authentication mechanisms
• Regular security audits and vulnerability assessments
• Employee training on data protection best practices
• Incident response procedures for potential breaches
• Regular backups and disaster recovery plans

9. Data Retention

We retain your data for different periods based on the type of information and purpose:

• Active Account Data: Retained while your account is active
• Generated Videos: 90 days after creation (unless you save them)
• Usage Analytics: 24 months for performance analysis
• Support Communications: 3 years for quality assurance
• Financial Records: As required by tax laws (typically 7 years)

When you uninstall our app, we delete or anonymize your personal data within 30 days, except where retention is required by law.

10. Your Rights Under GDPR

If you are in the European Economic Area, you have the following rights:

• Right to Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your data (“right to be forgotten”)
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in a portable format
• Right to Object: Object to certain types of processing
• Right to Withdraw Consent: Withdraw consent at any time
• Right to Lodge a Complaint: File a complaint with your supervisory authority

To exercise these rights, contact us at privacy@shott.ai. We will respond within 30 days.

11. California Privacy Rights (CCPA/CPRA)

California residents have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to know what personal information we collect, use, and share
• Right to delete personal information
• Right to opt-out of the sale of personal information (we do not sell data)
• Right to non-discrimination for exercising privacy rights
• Right to correct inaccurate personal information
• Right to limit use of sensitive personal information

12. Shopify Compliance

We comply with Shopify's privacy requirements for app partners:

• We subscribe to mandatory GDPR webhooks for data subject requests
• We handle customer data request webhooks within 30 days
• We process customer redact and shop redact webhooks
• We maintain a Data Processing Agreement with Shopify
• We only request necessary API permissions for our functionality

13. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Maintain your session and authentication state
• Remember your preferences and settings
• Analyze usage patterns and improve our services
• Provide security and prevent fraud

You can control cookies through your browser settings. Disabling certain cookies may limit functionality.

14. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we discover we have collected information from a child under 18, we will promptly delete it.

15. Marketing Communications

We may send you marketing communications about our products and services with your consent. You can opt-out at any time by:

• Clicking the unsubscribe link in any marketing email
• Updating your communication preferences in your account
• Contacting us at privacy@shott.ai

16. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

• Notify relevant supervisory authorities within 72 hours
• Notify affected users without undue delay
• Provide information about the breach and mitigation steps
• Document the breach and our response actions

17. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify you of material changes by:

• Posting the updated policy on this page
• Updating the “Last updated” date
• Sending an email notification for significant changes
• Requesting renewed consent where required by law

18. Contact Information

For privacy-related questions, concerns, or to exercise your rights:

EU Representative: For GDPR matters, our EU representative can be contacted at eu-rep@shott.ai

Supervisory Authority: You have the right to lodge a complaint with the Irish Data Protection Commission (DPC) at www.dataprotection.ie