Privacy Policy

Last updated: April 2026

Who we are

Geopad is operated by Apex Orbis Ltd. We provide SEO and Generative Engine Optimization tools for Shopify merchants. This policy explains what data we collect, how we use it, the third parties we share it with, the lawful basis for each processing activity, and your rights.

What data we collect

From the Shopify Admin API (merchant-facing app)

When you install Geopad, we access:

  • Product data — titles, descriptions, HTML descriptions, meta titles, meta descriptions, images (URLs, widths, heights, alt text), tags, handles, vendor, product type, variants, and pricing. Used for SEO analysis, image quality auditing, and AI optimization.
  • Collection data — titles, descriptions, handles, and product associations. Used for structured data generation and content audits.
  • Blog and article data — blog titles, article titles, bodies, and publish state. Used for content-depth scoring and AI article publishing.
  • Theme data — active theme name, role, and settings (read-only). Used to audit theme health and detect missing structured-data blocks.
  • Store metadata — shop name, domain, plan, currency, and primary locale. Used for app functionality and billing enforcement.
  • Shopify staff session metadata — provided by Shopify OAuth: first name, last name, email, user ID, account owner flag, email-verified flag, access token, refresh token. This is stored by the standard @shopify/shopify-app-session-storage-prisma session handler and is used only to authenticate embedded admin requests.

Data you provide directly inside the app

  • Brand description and target keywords (for AI prompt context)
  • Tone of voice preferences
  • Automation settings (score thresholds, auto-apply preferences)

From the public audit tool on geopad.ai

The free audit tool at https://geopad.ai/audit collects the email address and storefront URL you voluntarily submit. This form is separate from the installed Shopify app and is used to return an SEO report and contact you about the product.

What we do NOT collect

  • Your customers' personal information (names, emails, addresses)
  • Customer payment or financial data
  • Browsing behaviour or analytics from your storefront visitors
  • Order or transaction details (unless you opt in to the optional read_orders scope)

How we use your data

  • SEO analysis — Product content is analysed locally against 13 SEO checks to produce per-product and per-store scores.
  • GEO auditing — Store data is evaluated for AI search readiness across 5 checks (robots.txt, llms.txt, structured data, FAQ schema, AI crawler coverage).
  • AI content generation — Product titles, HTML descriptions, meta titles, meta descriptions, image URLs, image alt text, tags, vendor, product type, and collection data are sent to the Anthropic Claude API to generate optimised alternatives. Anthropic does not use Commercial API data for training. See Anthropic's privacy policy.
  • llms.txt generation — Product catalogue data is used to generate AI-readable files served from your storefront domain.
  • Billing — Plan and usage data is used to enforce subscription limits and track AI optimisation quotas.
  • Benchmarking — Aggregated, anonymised scores across stores are used to build vertical benchmarks (VerticalBenchmark). No identifying shop data is exposed in benchmarks — only aggregate percentiles per vertical.
  • Churn analytics — When an app is uninstalled we record days active, plan, last score, and total improvements so we can understand why merchants leave and improve the product.

Lawful basis for processing (GDPR Art. 6)

For merchants located in the EU, UK, or other jurisdictions with GDPR-equivalent regimes, we rely on the following lawful bases:

  • Contract (Art. 6(1)(b)) — processing product, collection, blog, theme, and session data is necessary to provide the services you installed the app for: scanning, scoring, AI optimisation, content publishing, and billing.
  • Legitimate interest (Art. 6(1)(f)) — we aggregate anonymised scores across stores to build vertical benchmarks, and we record uninstall events to understand churn and improve the product. Shop identifiers are removed or hashed after redaction.
  • Consent (Art. 6(1)(a)) — for the public audit tool at /audit, the Google Analytics script on marketing pages, and any follow-up emails we send to audit-tool leads, we rely on your consent as expressed by submitting the form or using the marketing site.
  • Legal obligation (Art. 6(1)(c)) — we process and retain records as required to respond to Shopify GDPR webhooks (customers/data_request, customers/redact, shop/redact) and to meet our accounting obligations.

Subprocessors

We use the following subprocessors to deliver the service. Each is bound to appropriate confidentiality and data-protection obligations. EU/UK merchants may contact us at info@geopad.ai to request the applicable Data Processing Addendum or Standard Contractual Clauses.

  • Anthropic, PBC (US) — Claude API for AI content generation. Receives: product data (titles, descriptions, images, alt text, tags, vendor, product type, collection data). Commercial Terms confirm training is not performed on inputs. Privacy policy.
  • Railway (US) — application hosting and managed PostgreSQL database. Receives: all merchant-facing app data described above. Encrypted at rest; TLS in transit. Privacy policy.
  • Google Analytics (US) — page-view analytics on the public marketing site at geopad.ai. Receives: anonymised visitor IP, referrer, page URL, user-agent. Not loaded inside the Shopify admin. Privacy policy.
  • n8n (self-hosted at n8n.apexorbis.com, EU) — automation workflow that routes free-audit-tool submissions to CRM. Receives: email and storefront URL submitted via /audit.
  • HubSpot (US, EU options available) — CRM. Receives: email and storefront URL from audit-tool submissions, plus install/uninstall event metadata. Privacy policy.
  • Notion (US) — internal logging of audit-lead and install events. Receives: email, shop domain, score, plan. Privacy policy.
  • Google (Gmail, US) — email delivery for support and audit-report emails. Privacy policy.

Shopify webhooks we subscribe to

To keep your data in sync and to comply with Shopify's mandatory GDPR obligations, we subscribe to the following webhooks:

  • customers/data_request — mandatory GDPR endpoint. Triggered when a merchant's customer requests the data we hold about them. Because we store no customer personal data, we acknowledge receipt and log the event.
  • customers/redact — mandatory GDPR endpoint. Triggered 10 days after a customer redaction request. We acknowledge receipt; no customer data exists to delete.
  • shop/redact — mandatory GDPR endpoint. Triggered 48 hours after app uninstall. We delete the Store row, which cascades to all associated scans, suggestions, GEO reports, audits, content generations, topic suggestions, credit purchases, and automation runs, and we remove all sessions for the shop.
  • app/uninstalled — nulls the plan and records a churn snapshot so we can reinstall your data if you return within 48 hours.
  • app/scopes_update — recalculates permission state if Shopify changes our scope grant.
  • products/create — ingests newly-created products into the scanned-products table so dashboards stay current without a full re-scan.
  • products/delete — marks associated AI suggestions as obsolete and removes orphaned scanned- product rows when a merchant deletes a product in Shopify.

Data storage and security

Your data is stored in an encrypted PostgreSQL database hosted on Railway (US-based infrastructure). All data is transmitted over HTTPS. Access tokens are scoped, rotated by Shopify, and used only to execute admin requests you initiate or that the monthly optimisation run performs on your behalf. We do not sell or rent your data.

Data retention

  • Active install — we retain your data for as long as the app is installed on your store.
  • Uninstall — on the app/uninstalled webhook we null the plan and retain your store data so you can reinstall without re-scanning for up to 48 hours.
  • Shop redact (48 hours post-uninstall) — on the shop/redact webhook we delete all merchant data as described above.
  • Uninstall event (churn snapshot) — we retain shop domain, days active, last score, plan, and improvements count for up to 24 months for churn analysis. The row contains no customer data. It is removed when shop/redact fires.
  • Vertical benchmarks — aggregated, anonymised vertical score percentiles are retained indefinitely. No shop identifier is stored on benchmark rows.
  • Audit-tool leads — email + storefront URL submitted to /audit are retained in HubSpot and Notion until you request deletion.
  • Railway database backups — encrypted, Railway-managed; retained per Railway's retention policy (typically 7 days). Restore is tested periodically.

Logging

We log shop domain, scan identifier, route, and error context to our server logs to diagnose issues and comply with Shopify's reliability expectations. Logs are retained with our host (Railway) per their policy. Logs do not contain customer data.

Your rights

Under GDPR, UK GDPR, CCPA, and other applicable privacy laws, you have the right to:

  • Access — request a copy of all data we hold about your store
  • Correction — request correction of inaccurate data
  • Deletion — request deletion of your data at any time (or uninstall the app; after 48 hours Shopify triggers shop/redact and we erase everything)
  • Portability — request your data in a machine-readable format
  • Restriction — request that we limit processing of your data
  • Objection — object to processing based on legitimate interest (benchmarking, churn analytics)

To exercise any of these rights, email info@geopad.ai. We respond within 30 business days.

Cookies and tracking

Inside the Shopify admin: Geopad sets no cookies and loads no third-party analytics. Authentication uses Shopify's session tokens, held server-side.

On the public marketing site (geopad.ai): we use Google Analytics (measurement ID G-DZBD16GK2D) for aggregate page-view analytics. You can block analytics via your browser's do-not-track setting or ad blocker.

International transfers

Several of our subprocessors (Anthropic, Railway, HubSpot, Notion, Google) are US-based. For EU and UK merchants, we rely on Standard Contractual Clauses (SCCs) with these subprocessors where applicable. EU/UK merchants may contact us for a Data Processing Addendum covering transfers.

Changes to this policy

We may update this privacy policy from time to time. Material changes will be communicated through the app interface. Continued use of the app after changes constitutes acceptance of the updated policy.

Contact

For privacy questions or data subject requests, contact:

Apex Orbis Ltd
Email: info@geopad.ai