Privacy Policy

Last updated: April 2026

ShopMentions ("we", "our", or "us") is a Shopify app that helps merchants understand how their brand and products appear in AI-generated responses. This policy explains what data we collect, how we use it, and your rights.

Data We Collect

When you install ShopMentions, we collect:

• Store information — your Shopify store domain, store name, and primary domain URL.
• Product data — product titles, handles, and types from your Shopify catalog (read-only). Used to generate relevant search queries.
• Brand profile — your brand name, website URL, and competitor domains you provide through the app.
• Scan results — AI-generated responses, brand mentions, cited sources, and visibility scores produced when we run queries on your behalf.
• Billing data — subscription status and credit balance. Payment processing is handled entirely by Shopify; we do not store payment card information.

How We Use Your Data

• To run AI visibility scans and return results to you.
• To track your brand's AI visibility over time.
• To manage your subscription and credit balance.
• To send notifications about new scan results (if enabled).
• To diagnose errors and improve the service via anonymised error logs.
• To produce anonymised, aggregated research and reports on AI recommendation trends. This data never identifies individual stores or merchants.

We do not sell your data to third parties or use it for advertising purposes.

Third-Party Services

To provide the service, we share limited data with the following third-party providers:

• Perplexity AI — to retrieve AI-generated search results. Queries contain product or brand names only, not personal data.
• OpenAI — to process and verify scan results. This includes normalising brand names, verifying brand mentions, extracting structured insights, and fact-checking AI claims against your product data. Queries contain brand/product names and AI response text only — no store credentials or customer data.
• Anthropic (Claude) — to process and analyse scan results. Same scope as OpenAI — brand/product names and AI response text only, no store credentials or customer data.
• Google (Gemini) — to process and analyse scan results. Same scope as OpenAI — brand/product names and AI response text only, no store credentials or customer data.
• Supabase — our database provider, hosted in the United States.
• Sentry — for error monitoring. Error reports may include anonymised request metadata.

Data Retention

We retain your scan results and brand data for as long as your account is active. If you uninstall ShopMentions, all of your store's data is deleted from our systems when Shopify sends the mandatory shop data erasure webhook, typically within 48 hours of uninstall.

Your Rights (GDPR)

If you are in the European Economic Area, you have the right to access, correct, or delete personal data we hold about your store. To exercise these rights, contact us at support@shopmentions.com.

ShopMentions does not store personal data about your customers. The only personal data we hold is your Shopify store domain and any contact information associated with your Shopify account.

Security

All data is transmitted over HTTPS. Database access is restricted to our application servers. We use Shopify's OAuth flow for authentication and never store your Shopify admin credentials.

Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via in-app notification. Continued use of ShopMentions after changes constitutes acceptance of the updated policy.

Questions? Email support@shopmentions.com