Selofy

Privacy Policy for Max AI Alt Text Optimizer

Effective Date: January 10, 2025 Last Updated: October 12, 2025

Introduction

This Privacy Policy explains how Max AI Alt Text Optimizer ("the App", "we", "us", or "our") collects, uses, stores, and protects data when you use our Shopify application. We are committed to protecting your privacy and ensuring transparency about our data practices.

B2B Application Notice: Max AI Alt Text Optimizer is a Business-to-Business (B2B) application designed for Shopify merchants. We only collect and process data related to store owners and store operations, NOT end customer data.

By installing and using the App, you agree to the collection and use of information in accordance with this policy.

1. Data We Collect

1.1 Store Information

We collect the following information from your Shopify store:

  • Shop domain and name: To identify your store and provide app functionality
  • Product data: Product titles, descriptions, and image URLs
  • Collection data: Collection titles and image URLs
  • Blog data: Blog article titles and image URLs
  • Store language settings: To generate alt text in your store's language

1.2 Image Data

  • Image URLs: We access publicly available image URLs from your Shopify store
  • Existing alt text: We read existing alt text to determine optimization needs
  • Image metadata: To track optimization status and history

1.3 App Usage Data

  • Optimization operations: Records of when and how you use the app (AI optimize, auto format, manual edits)
  • Automation settings: Your preferences for automated optimization schedules
  • Usage statistics: Monthly quota usage for billing purposes

1.4 Authentication and Session Data

  • Shopify access tokens: Encrypted offline access tokens to perform operations on your behalf
  • Session data: We store merchant session information including:
    • User ID (Shopify merchant ID)
    • First name and last name (shop owner)
    • Email address (shop owner's email)
    • Locale and timestamps

Important: This is B2B (Business-to-Business) application data. We store merchant/shop owner information, NOT end customer data.

We do NOT collect: End customer personal data, customer order information, customer payment details, customer email addresses, or any customer purchase history. All data collected is related to the store owner (merchant) only.

2. How We Use Your Data

2.1 Primary Purposes

We use the collected data for the following purposes:

  • Alt text generation: To analyze images and generate SEO-optimized descriptions
  • App functionality: To scan, display, and update image alt text in your store
  • Automation: To perform scheduled optimization tasks based on your settings
  • Service improvement: To enhance app performance and user experience
  • Billing and quota management: To track usage and manage subscription plans

2.2 Data Processing Principles

  • We process only the minimum data required for app functionality
  • Data is used exclusively for stated purposes
  • We respect your control over automation and optimization settings
  • No data is sold to third parties for marketing purposes

3. AI Service Providers

3.1 Third-Party AI Services

To generate alt text descriptions, we send image URLs only to the following AI service providers:

  • Zhipu AI (GLM-4.5V) - Primary AI model
  • SiliconFlow (GLM-4.5V) - Backup AI model

3.2 Data Sent to AI Providers

  • Image URLs: Publicly accessible URLs from your Shopify store
  • Shop context: Store name and description to improve alt text relevance
  • No customer data: We do not send any customer personal information

3.3 AI Provider Data Policies

  • AI providers process image URLs to generate text descriptions
  • Image analysis is performed in real-time and not stored by AI providers
  • We recommend reviewing the privacy policies of Zhipu AI and SiliconFlow

4. Data Storage and Security

4.1 Data Storage

  • Database: We use PostgreSQL to store shop settings, optimization history, and usage statistics
  • Location: Data is stored on secure servers in [cloud infrastructure]
  • Retention: Active data is retained for the duration of your subscription

4.2 Security Measures

  • Encryption in transit: All data transmission uses HTTPS/TLS encryption
  • Encryption at rest: Database credentials and access tokens are encrypted
  • Access control: Limited staff access with authentication and logging
  • Separation: Test and production environments are strictly separated

4.3 Data Access

  • Only authorized personnel have access to backend systems
  • Access is logged and monitored for security purposes
  • We do not share your data with unauthorized third parties

5. Data Retention

5.1 Retention Periods

  • Active subscription data: Retained while your subscription is active
  • Optimization history: Kept for 12 months for analytics and support
  • Usage statistics: Retained for billing and quota tracking purposes
  • Inactive accounts: Data may be deleted 90 days after app uninstallation

5.2 Data Deletion

Upon app uninstallation or account closure, we automatically handle data deletion through Shopify's mandatory webhooks:

  • Customer Data Requests: We respond to GDPR data requests via customers/data_request webhook
  • Customer Data Redaction: We automatically delete merchant session data via customers/redact webhook
  • Shop Data Deletion: Complete shop data removal via shop/redact webhook upon app uninstallation

Manual Requests: You may also request complete data deletion at any time by contacting us at support@selofy.com.

6. Your Rights and Choices

6.1 Data Control

You have the following rights regarding your data:

  • Access: Request a copy of your stored data
  • Correction: Update inaccurate information through the app settings
  • Deletion: Request complete data deletion after uninstalling the app
  • Opt-out: Disable automation features at any time through settings
  • Portability: Export your optimization history and settings
  • Automation features are disabled by default
  • You explicitly enable automation through app settings
  • You can modify or disable automation schedules at any time
  • Automation respects your quota limits and will not proceed if limits are exceeded

7. Compliance with Privacy Regulations

7.1 GDPR Compliance (European Union)

For users in the EU, we comply with GDPR requirements:

  • Lawful basis for processing: Legitimate interest and contractual necessity
  • Right to access, rectification, erasure, and data portability
  • Data processing agreements with third-party services
  • Notification of data breaches within 72 hours

7.2 CCPA Compliance (California)

For California residents:

  • Right to know what data is collected and how it's used
  • Right to request deletion of personal information
  • Right to opt-out of data "sales" (we do not sell data)

7.3 Other Jurisdictions

We strive to comply with applicable privacy laws in all jurisdictions where the App is used.

8. Cookies and Tracking

8.1 Session Management

  • We use session cookies for authentication within the Shopify embedded app
  • Cookies are essential for app functionality and are not used for tracking

8.2 Analytics

  • We may use anonymized analytics to improve app performance
  • No personal identifiers are included in analytics data

9. Data Sharing and Disclosure

9.1 We Do NOT Sell Your Data

We do not sell, rent, or trade your data to third parties for marketing purposes.

9.2 Limited Disclosure

We may share data only in the following circumstances:

  • With your consent: When you explicitly authorize data sharing
  • Service providers: With trusted third parties that help us operate the app (e.g., hosting, AI services)
  • Legal obligations: To comply with legal requirements, court orders, or government requests
  • Business transfers: In the event of a merger, acquisition, or sale of assets (you will be notified)

10. Security Incident Response

10.1 Incident Detection

We monitor systems for security incidents and unauthorized access attempts.

10.2 Response Protocol

In the event of a data breach:

  • We will investigate and contain the incident immediately
  • Affected users will be notified within 72 hours
  • We will provide details about the breach and mitigation steps
  • Incidents will be reported to relevant authorities as required by law

11. Children's Privacy

The App is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements.

  • Notification: We will notify you of significant changes via email or in-app notification
  • Effective date: Updated policies take effect 30 days after notification
  • Review: We recommend reviewing this policy periodically

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your data:

14. Shopify App Store Requirements

This Privacy Policy is designed to comply with Shopify's App Store requirements and best practices for handling merchant data. For more information about Shopify's privacy standards, visit the Shopify Partner Program Agreement.

Thank you for trusting Max AI Alt Text Optimizer with your store's image optimization needs.

Frequently Asked Questions

Common questions about Max AI Alt Text Optimizer

On this page

Privacy Policy for Max AI Alt Text OptimizerIntroduction1. Data We Collect1.1 Store Information1.2 Image Data1.3 App Usage Data1.4 Authentication and Session Data2. How We Use Your Data2.1 Primary Purposes2.2 Data Processing Principles3. AI Service Providers3.1 Third-Party AI Services3.2 Data Sent to AI Providers3.3 AI Provider Data Policies4. Data Storage and Security4.1 Data Storage4.2 Security Measures4.3 Data Access5. Data Retention5.1 Retention Periods5.2 Data Deletion6. Your Rights and Choices6.1 Data Control6.2 Automation Consent7. Compliance with Privacy Regulations7.1 GDPR Compliance (European Union)7.2 CCPA Compliance (California)7.3 Other Jurisdictions8. Cookies and Tracking8.1 Session Management8.2 Analytics9. Data Sharing and Disclosure9.1 We Do NOT Sell Your Data9.2 Limited Disclosure10. Security Incident Response10.1 Incident Detection10.2 Response Protocol11. Children's Privacy12. Changes to This Privacy Policy13. Contact Us14. Shopify App Store Requirements