Privacy Policy

Last updated: March 27, 2026

This Privacy Policy describes how ProductIndex ("we", "us", or "our") collects, uses, and protects information when you install and use the ProductIndex Analytics Shopify app ("the App").

Information We Collect

When you install the App, we collect and store:

• Shop information: Your Shopify store domain and the OAuth access token required to call the Shopify Admin API on your behalf. Access tokens are encrypted at rest using AES-256-GCM.
• Product and review data: Product metadata and customer reviews fetched from your store via the Shopify Admin API (metaobjects scope). This data is stored in our database to power analytics features.
• AI provider credentials (optional): If you choose to supply your own AI API key (OpenAI, Anthropic, Google Gemini, or xAI Grok), that key is encrypted at rest using AES-256-GCM and stored only to process your store's requests. We never use your key for any purpose other than serving your store.
• Usage data: Aggregate counts of AI analysis calls made on your behalf when you use our managed AI tier.

How We Use Your Information

• To provide the App's features: sentiment analysis, semantic search, and analytics dashboards.
• To generate vector embeddings from your product reviews for similarity search.
• To authenticate your store's ongoing API requests via the stored access token.
• To calculate managed-tier usage for billing purposes.

We do not sell, rent, or share your store's data or customer data with third parties for marketing purposes.

Customer Data

Reviews fetched from your store may contain customer-authored text. This content is stored solely to provide analytics to you, the merchant. We do not use customer review content for any purpose unrelated to your store's analytics.

Data Retention and Deletion

We honor all Shopify mandatory privacy webhooks:

• Shop redact (GDPR): When you uninstall the App and 48 hours have elapsed, Shopify sends a shop redact webhook. We permanently delete all data associated with your store — including your access token, products, reviews, and usage records.
• Customer data request (GDPR): If a customer requests a copy of their data, we will provide any stored review content associated with their customer ID to you within 30 days of receiving the request.
• Customer redact (GDPR): If a customer requests deletion of their data, we permanently delete any stored review content associated with their customer ID within 30 days of receiving the request.

Security

All data is stored on AWS infrastructure (US West — Oregon region). OAuth access tokens and AI API keys are encrypted at rest. Data is transmitted over HTTPS/TLS. We follow AWS security best practices including least-privilege IAM policies and Secrets Manager for credential storage.

Third-Party Services

Depending on your configuration, review text may be processed by the following AI providers to generate sentiment scores and embeddings:

• AWS Bedrock (default managed tier) — processed in the US West region
• OpenAI — if you supply your own OpenAI API key
• Anthropic — if you supply your own Anthropic API key
• Google Gemini — if you supply your own Gemini API key
• xAI Grok — if you supply your own Grok API key

Each provider's own privacy policy governs how they handle API request data. We only send review text to the provider you have selected.

Changes to This Policy

We may update this policy from time to time. The "last updated" date at the top of this page reflects when changes were last made. Continued use of the App after changes constitutes acceptance of the updated policy.

Contact

For privacy inquiries, data requests, or to report a concern, contact us at privacy@productindex.ai.

ProductIndex Website Visitors

This section applies to visitors of productindex.ai, separate from the Shopify app above.

Information collected

The productindex.ai website does not require account creation and does not collect personal information directly. The Site uses Google Analytics 4 to collect anonymous usage data including pages visited, time on page, browser type, and general geographic region. Google Analytics sets cookies (_ga, _ga_8XKCZC5N4Q) in your browser to distinguish visitors and sessions. This data is processed by Google under their privacy policy and is used solely to understand how the Site is used.

Cookies

The Site currently sets analytics cookies via Google Analytics. No other cookies are set. You may opt out of Google Analytics tracking via the Google Analytics opt-out browser add-on.

No sale of data

We do not sell, rent, or share website visitor data with third parties for marketing purposes.

Contact for website privacy

For questions about data collected through the productindex.ai website, contact privacy@productindex.ai.