Privacy Policy

CatalogNow — AI Product Catalog Enrichment for Shopify • Last updated: March 22, 2026

1. Introduction

CatalogNow ("we", "our", "the app") is a Shopify application that uses artificial intelligence to enrich and optimize product catalog data. This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data.

2. Data We Collect

Store Information

Shop domain — Your Shopify store URL (e.g., yourstore.myshopify.com)
Shopify session tokens — Used to authenticate API requests to your store

Product Catalog Data

Product titles, descriptions, images, categories, and tags
Product variants (SKU, price, options)
Product metafields
AI enrichment suggestions and quality scores

API Keys

OpenRouter API key — Provided by you in app settings for AI model access
Encrypted at rest using AES-256-GCM encryption

Usage Data

Audit logs of actions taken within the app (enrichments, syncs, approvals)

3. Data We Do NOT Collect

No customer personal information — We do not access customer names, emails, addresses, or any PII
No order data — We do not access orders, transactions, or payment information
No financial data — We do not process payments or access billing information
No analytics or tracking — We do not use third-party analytics, cookies, or tracking scripts
No browsing behavior — We do not monitor how you use your Shopify admin outside of CatalogNow

4. How We Use Your Data

Data	Purpose
Shop domain	Identify your store and associate products
Product data	Display in the app, send to AI for enrichment
API keys	Authenticate requests to OpenRouter for AI processing
Audit logs	Provide change history and rollback capability

5. Third-Party Data Sharing

OpenRouter (AI Processing)

When you use AI enrichment features, the following product data is sent to OpenRouter for processing:

Product titles and descriptions
Product image URLs (for vision analysis)
Product categories

OpenRouter routes these requests to the AI model you select (e.g., free models from StepFun, NVIDIA). We do not control how AI model providers process data beyond OpenRouter's terms of service. No customer PII is ever sent to AI services.

No Other Third Parties

We do not sell, rent, or share your data with any other third parties.

6. Data Storage and Security

Database: Product data is stored in a PostgreSQL database
API key encryption: Your OpenRouter API key is encrypted using AES-256-GCM before storage
Session management: Shopify session tokens are managed by the official @shopify/shopify-app-remix library
Access control: All API endpoints require valid Shopify authentication

7. Data Retention and Deletion

During Use

Product data and audit logs are retained for as long as the app is installed on your store.

On App Uninstall

When you uninstall CatalogNow:

The app/uninstalled webhook triggers automatic cleanup
All shop data, products, variants, metafields, AI optimizations, and audit logs are cascade-deleted
Your encrypted API key is deleted
Session data is removed

On Shop Erasure (GDPR)

The shop/redact webhook performs a full data purge for your store, removing all associated records from our database.

8. GDPR Compliance

CatalogNow implements all required Shopify GDPR webhooks:

Webhook	Action
`customers/data_request`	Returns confirmation that no customer PII is stored
`customers/redact`	Returns confirmation that no customer PII exists to delete
`shop/redact`	Deletes all shop data, products, audit logs, and API keys

Since CatalogNow does not collect or store any customer personal information, customer data requests and redaction requests are acknowledged with confirmation that no data exists.

9. Your Rights

You have the right to:

Access — View all data stored about your shop within the app
Correction — Edit any product data through the app interface
Deletion — Uninstall the app to trigger automatic deletion of all data
Portability — Export your product data through the Shopify admin
Restriction — Choose which products to sync and enrich

10. Children's Privacy

CatalogNow is a business tool for Shopify store owners. We do not knowingly collect data from children under 13.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be reflected in the "Last updated" date at the top of this document. Continued use of the app after changes constitutes acceptance of the updated policy.

12. Contact

If you have questions about this Privacy Policy or your data, please contact:

Email: connect@sumvec.ai
GitHub: Open an issue