Privacy Policy
Last Updated: October 24, 2025
Grizzly AI ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Shopify application.
1. Information We Collect
1.1 Information from Shopify
When you install and use Grizzly AI, we collect the following information through Shopify's API:
- Store Information: Your Shopify store domain, store name, and billing address (to verify Canadian location)
- Product Data: Product titles, descriptions, types, and tags to generate relevant blog content
- Blog Data: Blog IDs and article information when creating and managing blog posts
- Subscription Data: Billing subscription status for premium tier features
1.2 Information You Provide
You may provide the following information when configuring the app:
- Amazon Associates affiliate tags (if using premium tier)
- Content preferences (brand voice, keywords, word count settings)
- Scheduling preferences (posting time, timezone, frequency)
1.3 Automatically Collected Information
We automatically collect:
- App usage data (when blog posts are generated and published)
- Error logs for debugging purposes
- OAuth access tokens (stored securely for API authentication)
2. How We Use Your Information
We use the collected information to:
- Provide Core Functionality: Generate AI-powered blog posts using your product catalog
- Content Creation: Use OpenAI's GPT-4 to create SEO-optimized articles based on your products
- Image Sourcing: Fetch stock images from Pexels API to enhance blog posts
- Affiliate Integration: Insert Amazon.ca affiliate links into generated content
- Scheduling: Automatically publish blog posts at your configured time and frequency
- Billing: Process premium subscription payments through Shopify Billing API
- App Improvement: Analyze usage patterns to improve features and performance
- Support: Respond to your support requests and troubleshoot issues
3. Data Sharing and Third-Party Services
3.1 Third-Party Service Providers
We share data with the following third-party services to provide our functionality:
3.2 No Sale of Data
We do NOT sell, rent, or trade your personal information or store data to third parties for marketing purposes.
4. Data Storage and Security
We implement appropriate technical and organizational security measures to protect your data:
- Encryption: Data transmission uses HTTPS/TLS encryption
- Access Controls: Access to your data is restricted to authorized personnel only
- Secure Storage: OAuth tokens and sensitive data are stored securely using industry-standard practices
- Database Security: PostgreSQL database with secure connection credentials
- Password Protection: Any passwords are hashed using scrypt algorithm
Data Location: Your data is stored on secure servers provided by Replit and Neon (PostgreSQL database provider).
5. Data Retention
We retain your data for as long as:
- Your Shopify store has Grizzly AI installed
- You maintain an active subscription (for premium features)
- Required by law or for legitimate business purposes
When you uninstall the app, your data will be deleted within 30 days, except for:
- Anonymized usage analytics
- Data we're required to retain by law
- Published blog posts on your Shopify store (under your control)
6. Your Rights (GDPR Compliance)
Under the General Data Protection Regulation (GDPR) and similar privacy laws, you have the following rights:
- Right to Access: Request a copy of the data we hold about you
- Right to Rectification: Request correction of inaccurate data
- Right to Erasure: Request deletion of your data ("right to be forgotten")
- Right to Restriction: Request limitation of processing your data
- Right to Data Portability: Receive your data in a machine-readable format
- Right to Object: Object to processing of your data
- Right to Withdraw Consent: Withdraw consent at any time
To exercise these rights, please contact us using the information below.
7. Cookies and Tracking
Grizzly AI uses minimal cookies and tracking:
- Session Cookies: For authentication and app functionality (essential)
- Local Storage: To store preview content temporarily in your browser
We do NOT use third-party tracking cookies or analytics tools that track your behavior across websites.
8. Canadian Privacy Compliance
As an application exclusively for Canadian Shopify stores, we comply with:
- PIPEDA (Personal Information Protection and Electronic Documents Act)
- Provincial Privacy Laws where applicable
9. Children's Privacy
Grizzly AI is intended for business use only and not directed to individuals under 18 years of age. We do not knowingly collect personal information from children.
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by:
- Updating the "Last Updated" date at the top of this policy
- Posting a notice in the app (for significant changes)
- Sending an email notification (for major changes affecting your rights)
Your continued use of Grizzly AI after changes are posted constitutes acceptance of the updated Privacy Policy.
11. Data Processing for AI Content Generation
Important Notice: When you use Grizzly AI to generate blog posts, your product information (titles, descriptions, types, tags) is sent to OpenAI's API for processing. This data is used solely to create relevant blog content and is subject to OpenAI's data processing terms. OpenAI does not use your data to train their models when using the API.
12. Shopify App Store Compliance
Grizzly AI complies with all Shopify App Store requirements including:
- Mandatory GDPR webhook subscriptions
- Data deletion and access request handling
- Secure storage of OAuth access tokens
- Use of Shopify Billing API for all payments
This Privacy Policy is effective as of October 24, 2025 and applies to all users of Grizzly AI.