Privacy Policy

Last updated: May 25, 2026

Who we are

superAEO ("we", "us") is a Shopify app operated by Ashi Digital LLP that tracks how AI search engines (ChatGPT, Gemini, Perplexity, Claude, DeepSeek) cite your store. This policy explains what data we collect, why, and how long we keep it.

What we collect from your Shopify store

• Store metadata: store name, primary domain, shop handle (e.g. yourstore.myshopify.com).
• Products: titles, types, tags, vendor names. Used to auto-generate tracking prompts and build your llms.txt file.
• Collections: titles and handles. Used as the organizational unit in your dashboard.
• Online store pages and content: read-only, used to score AI readiness.
• Themes: read-only, used to check structured-data and crawlability signals.

We do not request access to customer data, orders, or payment information. Our scopes are: read_products, read_content, read_themes, read_online_store_pages.

What we send to third-party AI providers

To produce visibility tracking, we send the prompts you configure (e.g. "best winter boots 2026") to the following AI APIs:

• OpenAI (ChatGPT / GPT-4o)
• Google (Gemini)
• Perplexity (sonar-pro)
• Anthropic (Claude Sonnet for generation; Claude Haiku for response analysis)
• DeepSeek

The full text of the AI response is then analyzed by Anthropic Claude to extract whether your brand was cited, by which competitors, with what sentiment, and which sources were referenced. None of these providers receive your customer data, only the public prompt text and the resulting public response.

What we store

• Your configured prompts and their tracking history (visibility scores, citations, competitor mentions).
• Aggregated weekly gap reports and improvement plans we generate for your store.
• Authentication session tokens issued by Shopify (required to function as an embedded app).
• Subscription state (plan tier, trial dates, Shopify subscription ID).

Data is stored on managed infrastructure: Neon (PostgreSQL, AWS us-east-2) for the database, Fly.io for application hosting. Both providers offer encryption at rest and in transit.

How long we keep data

• While your store is installed: we retain all tracking data so you can review historical trends.
• After uninstall: Shopify fires a shop/redact webhook 48 hours after uninstall. Within 30 days of that signal, we delete all data associated with your store. You can request immediate deletion by emailing the address below.

GDPR mandatory webhooks

We implement Shopify's three compliance webhooks:

• customers/data_request: superAEO does not collect customer-level data; we acknowledge the request and confirm none is stored.
• customers/redact: same, nothing to delete because nothing is stored.
• shop/redact: triggers full deletion of all store-related rows in our database.

Cookies and tracking

superAEO is an embedded Shopify app and does not set marketing or analytics cookies. The only cookies in use are the session cookies required by Shopify App Bridge for authentication inside Shopify Admin.

Children

superAEO is a B2B tool for Shopify merchants. We do not knowingly collect or process personal data from anyone under the age of 16.

Changes to this policy

If we materially change what we collect or how we use it, we'll update the "Last updated" date above and notify active subscribers by email at least 30 days before the change takes effect.

Contact

Privacy questions, data requests, or deletion requests: privacy@superaeo.app