Sevrank AI is a Shopify app that generates SEO-optimized, brand-aligned content for products and collections, allows merchants to review changes, publishes approved content back to Shopify, and (on paid tiers) reports on the organic performance of those changes via integrations with Google Analytics 4 and Google Search Console.

We are committed to handling merchant and store data in compliance with Shopify’s API License and Terms of Use, the EU General Data Protection Regulation (GDPR), the UK Data Protection Act 2018, and the California Consumer Privacy Act (CCPA/CPRA).

When you install the App, we collect:

• Shopify store identifier (myshopify.com domain), shop name, plan, country, currency, primary contact email, and timezone.
• Product data: titles, descriptions, handles, tags, SEO fields (title, meta description), images, alt text, prices, and metafields you authorize the App to read.
• Collection data: titles, descriptions, handles, SEO fields, and rules you authorize the App to read.
• Brand inputs you provide: tone-of-voice notes, target keywords, banned words, positioning statements, and example copy (Pro and Advanced tiers).
• Generated content history: AI-generated drafts and a diff of what was published, retained for audit history and analytics.
• Subscription and billing status (managed by Shopify) including plan, billing cycle, and trial state.
• Account credentials only as required for OAuth integrations you explicitly authorize (e.g., GA4, Search Console). We never receive or store your Google or other third-party passwords.

When you visit our Site, we collect standard server logs (IP address, user agent, referrer, timestamp) and limited analytics events (pages viewed, button clicks) for the purpose of improving the Site.

We use data to:

• Provide the App's core functionality: generate content, render previews, push approved changes to your Shopify store, and surface analytics.
• Personalize AI output to your brand using the brand inputs you provide.
• Operate billing, manage your subscription, and apply usage limits.
• Communicate with you about service updates, security notices, billing, and (with consent) product news.
• Detect, prevent, and respond to abuse, fraud, and security incidents.
• Improve the App in aggregate. Improvement metrics are derived from de-identified usage; we do not train AI models on your store-specific content without your explicit, opt-in consent.
• Comply with legal obligations and respond to lawful requests.

Sevrank uses the following sub-processors to operate the App. Each processes only the minimum data required for its function:

Sub-processors may change as we evolve the App. The current list will always be reflected here. For changes that materially affect data handling, we will notify administrators by email at least 30 days in advance where feasible.

When you install Sevrank, the App requests OAuth scopes necessary to read your products, collections, and store metadata, and to write content updates back when you approve them. We only request scopes that are essential to the App’s functions.

We do not access or store: customer PII, order details, payment data, draft orders, fulfillment data, or any data unrelated to product and collection content unless explicitly required for an opt-in feature you have enabled.

We comply with Shopify’s mandatory privacy webhooks:

• customers/data_request — we do not store customer data; if a request is received, we confirm there is none to disclose.
• customers/redact — we do not store customer data; the request is acknowledged.
• shop/redact — within 30 days of receipt, we delete all data associated with the requesting shop from our production systems and within 90 days from any backups.

When you generate content, the relevant product or collection text and your brand inputs are sent to our AI model provider, Anthropic (Claude API), to produce a draft. Anthropic processes this data under their published enterprise data-handling terms. Specifically:

• Inputs and outputs are not used to train Anthropic's foundation models.
• Anthropic retains inputs only as long as required to generate the response (typically up to 30 days, for abuse-monitoring purposes).
• We do not send unrelated store data, customer information, or order data to Anthropic.

If you would like to disable AI generation entirely while retaining other features, contact us — we can configure your account accordingly.

Our marketing Site uses a minimal set of cookies and storage:

• Strictly necessary cookies for session continuity.
• First-party privacy-respecting analytics (no cross-site tracking, no advertising profiles).

The App itself, when embedded in the Shopify admin, uses only cookies and storage required for session and CSRF protection. We do not use third-party advertising trackers inside the App.

• Generated content drafts and diffs: retained for the lifetime of your account so you can review the audit history. You can purge them on request.
• Brand guidelines: retained for the lifetime of your account.
• Server logs: retained for 30 days, then deleted.
• Billing records: retained for 7 years to meet tax and accounting obligations.
• Account data after uninstall: deleted within 30 days from production systems and within 90 days from backups, except billing records as required by law.

We protect your data with:

• TLS 1.2+ for all data in transit.
• Encryption at rest for OAuth tokens, API keys, and brand inputs (AES-256).
• Principle of least privilege for staff access; access is logged and reviewed.
• Secrets isolated from application code via environment-scoped vaults.
• Regular dependency and vulnerability scanning.
• Incident response plan with notification to affected merchants within 72 hours of a confirmed personal-data breach, in line with GDPR Article 33.

No system is perfectly secure. If you believe you have found a vulnerability, please email security@sevrank.ai.

Depending on your location, you may have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion of your data ('right to be forgotten').
• Request data portability (receive a machine-readable export).
• Object to or restrict certain processing.
• Withdraw consent for opt-in features at any time.
• Lodge a complaint with your local data protection authority (e.g., the UK ICO, your EU member state DPA, or the California Privacy Protection Agency).

To exercise any of these rights, email privacy@sevrank.ai. We respond within 30 days.

When you uninstall Sevrank from your Shopify store, we receive a Shopify webhook indicating the uninstall. Within 30 days, we delete:

• Your OAuth access tokens.
• All product/collection metadata and generated content drafts associated with your shop.
• Your brand guideline inputs.
• All third-party integration credentials (GA4, Search Console).

Backup copies are purged within 90 days. Billing records required for tax and accounting are retained for 7 years in accordance with applicable law.

Sevrank operates globally. Your data may be processed in the United Kingdom, the European Union, and the United States. Where data is transferred outside the UK/EEA, we rely on the UK International Data Transfer Agreement, the EU Standard Contractual Clauses (SCCs), or an adequacy decision, whichever is applicable.

Sevrank is a B2B tool for merchants. The App and Site are not directed to children under 16, and we do not knowingly collect data from children. If you believe a child has provided us data, contact us and we will delete it.

We may update this Privacy Policy from time to time. Material changes will be communicated via in-app notice or email to administrators at least 30 days before they take effect. The “Effective date” at the top of this page reflects the most recent revision.

For privacy questions, data requests, or any concern about this policy: