Privacy Policy
Updated 23 April 2026
1. Data Controller
| Company | Iisivuokra Oy |
|---|---|
| Contact person | Kimmo Lehtilä |
| [email protected] | |
| Service | Shopivibe (shopivibe.app) |
2. Name of the Register
User register of the Shopivibe service.
3. Purpose of Processing Personal Data
We process personal data for the following purposes:
- Service delivery — Connecting your Shopify store, managing app projects, and AI-powered app generation.
- Billing and subscriptions — Managing subscription information through Stripe.
- AI features — Processing chat messages for app design and generation.
- Service improvement — Analysing anonymous usage data to improve the service.
- Communication — Service-related communication with users.
4. Legal Basis for Processing
- Contract (GDPR Art. 6(1)(b)) — Providing the service requires processing certain personal data. When you register and use Shopivibe, a licence agreement is formed.
- Legitimate interest (GDPR Art. 6(1)(f)) — Technical operation of the service, security, and abuse prevention (e.g. demo rate limiting by IP address).
5. Personal Data Processed
5.1 Shopify Store Data
- Store domain (e.g. mystore.myshopify.com)
- Email address (provided at registration)
5.2 App Project Data
- Project name and description
- App specifications (AI-generated)
- Chat messages (user-written and AI-generated responses)
- Generated app files
5.3 Billing Data
- Selected subscription plan
- Credits used and token counts
- Billing is handled through Shopify — we do not process payment card details
5.4 Technical Data
- IP address (for demo rate limiting, not stored permanently)
- Session identifiers (cookies for Shopify OAuth login)
6. Regular Sources of Data
- Shopify OAuth — Store details and merchant information are received from Shopify's login process.
- User-provided data — Chat messages, project descriptions, and settings.
- Shopify Billing API — Subscription and billing information.
7. Disclosure of Data and Subprocessors
We use the following subprocessors to deliver the service:
| Subprocessor | Purpose | Location |
|---|---|---|
| Anthropic (Claude API) | AI features: chat, app design and generation | United States |
| Railway | Server and database hosting | United States |
| Shopify | Login, billing, and store integration | Canada / United States |
| GitHub | Storage of generated app code (during deploy) | United States |
We do not sell, rent, or otherwise disclose personal data to third parties for marketing purposes.
8. International Data Transfers
Some of our subprocessors are located in the United States. Transfers of data outside the EU are made under the following safeguards:
- EU–U.S. Data Privacy Framework (DPF)
- EU Standard Contractual Clauses (SCC)
- Subprocessors' own data protection commitments
9. Security
- All data in transit is encrypted via HTTPS
- The database is secured and access is restricted
- Shopify OAuth tokens are stored encrypted
- Server access is restricted to authorised personnel
- We do not store passwords — login is handled via Shopify OAuth
10. Cookies
Shopivibe uses only strictly necessary cookies to maintain the Shopify OAuth session. We do not use analytics, marketing, or tracking cookies.
11. Your Rights
Under the EU General Data Protection Regulation (GDPR), you have the following rights:
- Right of access — The right to know what data we hold about you.
- Right to rectification — The right to have inaccurate data corrected.
- Right to erasure — The right to request deletion of your data ("right to be forgotten").
- Right to restriction — The right to restrict processing of your data in certain circumstances.
- Right to data portability — The right to receive your data in a machine-readable format.
- Right to object — The right to object to processing based on legitimate interest.
To exercise your rights, contact us by email: [email protected]
You also have the right to lodge a complaint with a supervisory authority. In Finland: tietosuoja.fi
12. Retention Periods
- Active use — Data is retained for as long as the Shopivibe app is installed in your Shopify store.
- App uninstall — When you uninstall Shopivibe, your data is deleted within 30 days. An automatic webhook triggers the deletion process.
- Backups — Data is removed from database backups within 90 days.
- Demo usage data — IP addresses used for demo rate limiting are held in memory only and cleared on server restart.
13. Changes to This Policy
We reserve the right to update this privacy policy. Material changes will be communicated through the service. We recommend checking this page periodically.
14. Contact
For privacy-related questions, please contact:
Iisivuokra Oy
[email protected]