Privacy Policy

1. Introduction

Welcome to Crawl-It-Not ("we," "our," or "us"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Shopify app (the "Service"). By using our Service, you agree to the collection and use of information in accordance with this policy.

We are committed to protecting your privacy and handling your data responsibly in compliance with applicable privacy laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

2. Information We Collect

2.1 Shop and Merchant Information

When you install and use our app, we collect the following information about your Shopify store:

• Shop domain and shop ID
• OAuth access tokens and session information
• Store administrator information (name, email, account owner status) - only for authentication purposes

2.2 Product and Content Data

When you use our LLM.txt synchronization feature, we access the following product information from your Shopify store (only when you explicitly enable this feature):

• Product titles, descriptions, and metadata
• Product prices and variants
• Product vendors, types, and tags
• Collection information
• Product URLs

Important: This product data is only accessed when you enable the auto-sync feature or manually sync your LLM.txt file. The data is used solely to generate the LLM.txt file for your store and is not stored permanently in our database beyond what is necessary for the sync operation.

2.3 Configuration and Settings Data

We store your app configuration and settings, including:

• Rulesets and crawl policies you create
• robots.txt and LLM.txt configurations
• Auto-sync settings and preferences
• Product feed validation rules and results
• Custom agent configurations

2.4 Access and Activity Logs

When you use our crawl activity tracking features, we may log:

• Endpoint access information (which URLs were accessed)
• Bot/user agent information (for identifying crawlers)
• IP addresses (anonymized for privacy)
• Response codes and timestamps

2.5 Google Search Console Data (Optional)

If you choose to connect your Google Search Console account:

• OAuth tokens for accessing Google Search Console API
• Crawl analytics and indexing data from Google Search Console
• Property information (URL, name)

This integration is optional and only occurs if you explicitly connect your Google Search Console account.

3. Information We Do NOT Collect

We want to be clear about what we do not collect:

• Customer Personal Data: We do not collect, store, or access customer names, email addresses, phone numbers, shipping addresses, or any other personal information about your customers.
• Order Data: We do not collect order information, payment details, or transaction data.
• Payment Information: We do not access credit card numbers, payment methods, or financial information.
• Customer Behavior Data: We do not track individual customer browsing behavior, purchase history, or preferences.

4. How We Use Your Information

We use the information we collect for the following purposes:

• Providing and Operating the Service: To enable you to manage robots.txt and LLM.txt files, create rulesets, configure crawl policies, and sync product data.
• Authentication and Security: To authenticate your Shopify store and maintain secure sessions.
• Product Data Synchronization: To generate and update your LLM.txt file with product information when you enable the auto-sync feature.
• Analytics and Monitoring: To track crawl activity, analyze bot behavior, and provide insights about your storefront access.
• Improving the Service: To understand how the app is used and make improvements.
• Support and Communication: To respond to your inquiries and provide customer support.

5. Data Storage and Retention

We store your data on secure servers using industry-standard security measures. Your data is retained as follows:

• Active Use: Data is retained while your app is installed and in use.
• After Uninstallation: Upon app uninstallation, we initiate deletion of your data within 48 hours, in compliance with Shopify's data retention requirements.
• Compliance Requirements: We may retain certain data for longer periods if required by law or to comply with legal obligations.

When you uninstall the app, we delete:

• All session and authentication tokens
• All configuration and settings data
• All access logs and analytics data
• All connected integrations (e.g., Google Search Console tokens)

6. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share information only in the following circumstances:

• Service Providers: We may use third-party service providers (such as hosting providers, database services) who are bound by confidentiality obligations.
• Legal Requirements: We may disclose information if required by law or in response to valid legal requests.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred, subject to this Privacy Policy.

7. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal information:

• Access: You can request access to the personal information we hold about you.
• Correction: You can request correction of inaccurate or incomplete information.
• Deletion: You can request deletion of your data (subject to legal retention requirements).
• Data Portability: You can request a copy of your data in a machine-readable format.
• Opt-Out: You can disable certain features (like auto-sync) at any time through the app settings.

To exercise these rights, please contact us at the email address provided in the Contact section below.

Note: You can also uninstall the app at any time through your Shopify admin, which will trigger automatic deletion of your data as described in Section 5.

8. Data Security

We implement appropriate technical and organizational security measures to protect your information, including:

• Encryption of data in transit using HTTPS/TLS
• Secure storage of authentication tokens
• Regular security assessments and updates
• Access controls and authentication requirements
• Compliance with Shopify's security standards

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

9. Compliance Webhooks

In compliance with Shopify's requirements and privacy regulations (GDPR, CCPA), we implement and respond to mandatory compliance webhooks:

• Data Request Webhooks: If a customer requests their data, Shopify may notify us. As we do not store customer personal data, we respond accordingly.
• Redaction Webhooks: If customer data deletion is requested, we ensure no customer data is retained.
• Shop Redaction: When you uninstall the app, we delete all associated data.

10. Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us, and we will take steps to delete such information.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. You are advised to review this Privacy Policy periodically for any changes.

12. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your privacy rights, please contact us:

This Privacy Policy is effective as of December 2024 and applies to all users of the Crawl-It-Not Shopify app.