Privacy Policy

Last updated: January 14, 2025

1. Introduction

Prodshot AI ("we", "our", or "us") operates as a Shopify application that provides AI-powered product image generation services. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Shopify application available at prodshot.ai and through the Shopify App Store.

By installing and using Prodshot AI, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not install or use our application.

2. Information We Collect

2.1 Information from Shopify

When you install our app through Shopify's OAuth process, we collect and access:

  • Store Information: Store name, URL, domain, contact email, timezone, and currency
  • Product Data: Product names, descriptions, SKUs, variants, and existing product images
  • Media Files: Access to read and write product images to your Shopify media library
  • Billing Information: Subscription status and usage data for billing purposes (processed through Shopify Billing API)
  • Shop Owner Information: Name and email address of the shop owner for account management

2.2 Information You Provide

  • Scene Data: Custom background images you upload for scene creation
  • AI Prompts: Text descriptions you provide for AI-generated scenes
  • Generation Preferences: Quality settings, scene selections, and product selections for image generation
  • Support Communications: Any information you provide when contacting our support team

2.3 Automatically Collected Information

  • Usage Data: Features used, generation history, job status, and timestamps
  • Technical Data: Browser type, IP address, access times, and referring URLs
  • Session Data: Authentication tokens and session identifiers for maintaining your logged-in state
  • Error Logs: Technical error information for debugging and service improvement

3. How We Use Your Information

We use the collected information for the following purposes:

  • Service Delivery: To provide and maintain our AI image generation service
  • Image Generation: To process your product images and generate AI-enhanced product photography using your selected scenes
  • Image Storage: To store generated images temporarily before uploading to your Shopify store
  • Billing and Payments: To process subscription payments and track usage-based billing through Shopify's Billing API
  • Service Communications: To send service updates, billing notifications, and respond to support requests
  • Service Improvement: To analyze usage patterns, improve our AI models, and develop new features
  • Security: To detect, prevent, and address technical issues and fraudulent activity
  • Legal Compliance: To comply with legal obligations and enforce our Terms of Service

4. Data Processing and AI Services

Our service uses artificial intelligence to generate product images. Here's how your data is processed:

  • Image Processing: Your product images are temporarily processed to remove backgrounds and prepare them for scene integration
  • AI Generation: Product images and scene data are sent to NanoBanana AI (our AI service provider) to generate final product photography
  • Temporary Storage: Generated images are temporarily stored during the review and approval process
  • Final Upload: Approved images are uploaded directly to your Shopify store's media library
  • Data Deletion: Temporary processing data is automatically deleted after image generation is complete

5. Data Storage and Security

5.1 Security Measures

We implement industry-standard security measures to protect your data:

  • Encryption: All data transmission uses HTTPS/TLS encryption
  • Authentication: Secure OAuth 2.0 authentication with Shopify
  • Access Controls: Role-based access controls and authentication tokens
  • Database Security: Encrypted database connections and secure credential storage
  • Regular Updates: Regular security patches and updates to our infrastructure

5.2 Data Storage Locations

  • Application Data: Stored on Railway's secure infrastructure
  • Generated Images: Temporarily stored on AWS S3 with encryption at rest
  • Database: PostgreSQL database with encrypted connections

6. Third-Party Services

We use the following third-party services to provide our application:

6.1 Shopify

  • Purpose: App hosting, OAuth authentication, and billing
  • Data Shared: Store information, product data, and billing information
  • Privacy Policy: shopify.com/legal/privacy

6.2 NanoBanana AI

  • Purpose: AI-powered image generation
  • Data Shared: Product images, scene data, and generation parameters
  • Data Retention: Images are processed and not retained by NanoBanana after generation

6.3 Amazon Web Services (AWS S3)

  • Purpose: Temporary image storage
  • Data Shared: Generated product images
  • Security: Encrypted storage with restricted access
  • Privacy Policy: aws.amazon.com/privacy

6.4 Railway

  • Purpose: Application hosting and infrastructure
  • Data Shared: Application data and database
  • Privacy Policy: railway.app/legal/privacy

7. Data Retention

We retain your data according to the following schedule:

  • Active Accounts: Data is retained while your account is active and the app is installed
  • Generated Images: Temporarily stored for 30 days after generation, then automatically deleted from our servers (images uploaded to your Shopify store remain in your control)
  • Scene Data: Custom scenes are retained while your account is active
  • Usage History: Billing and usage data retained for 7 years for accounting and legal compliance
  • After Uninstallation: Most data is deleted within 30 days of app uninstallation, except billing records required for legal compliance
  • Backup Data: Backup copies are retained for 90 days for disaster recovery purposes

8. Your Rights and Choices

8.1 GDPR Rights (European Economic Area)

If you are located in the EEA, you have the following rights:

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Request correction of inaccurate data
  • Right to Erasure: Request deletion of your data ("right to be forgotten")
  • Right to Restriction: Request limitation of data processing
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to data processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent

8.2 CCPA Rights (California Residents)

If you are a California resident, you have the following rights:

  • Right to Know: Request information about data collection and use
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: Opt-out of the sale of personal information (Note: We do not sell personal information)
  • Right to Non-Discrimination: Not be discriminated against for exercising your rights

8.3 How to Exercise Your Rights

To exercise any of these rights, please contact us at support@prodshot.ai. We will respond to your request within 30 days. You may also uninstall the app at any time through your Shopify admin, which will trigger data deletion processes.

9. Cookies and Tracking

We use essential cookies and similar technologies to:

  • Authentication: Maintain your logged-in session
  • Preferences: Remember your settings and preferences
  • Security: Protect against fraudulent activity

We do not use tracking cookies, advertising cookies, or third-party analytics tools. All cookies are essential for the operation of the service.

10. Children's Privacy

Our service is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

11. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. When we transfer data internationally, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions by relevant data protection authorities
  • Compliance with applicable data protection frameworks

12. Data Breach Notification

In the event of a data breach that affects your personal information, we will:

  • Notify affected users within 72 hours of discovering the breach
  • Notify relevant supervisory authorities as required by law
  • Provide information about the nature of the breach and steps being taken
  • Offer guidance on protective measures you can take

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make changes:

  • We will update the "Last updated" date at the top of this policy
  • For material changes, we will notify you via email or through the app
  • Continued use of the service after changes constitutes acceptance of the updated policy
  • We encourage you to review this policy periodically

14. Legal Basis for Processing (GDPR)

We process your personal data under the following legal bases:

  • Contract Performance: Processing necessary to provide our services
  • Legitimate Interests: Service improvement, security, and fraud prevention
  • Legal Obligation: Compliance with applicable laws and regulations
  • Consent: Where you have provided explicit consent for specific processing activities

15. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

  • Email: support@prodshot.ai
  • Website: prodshot.ai
  • Response Time: We aim to respond to all inquiries within 48 hours (Monday-Friday, 9 AM - 6 PM CET)

For GDPR-related requests, please include "GDPR Request" in your email subject line. For CCPA-related requests, please include "CCPA Request" in your email subject line.

16. Supervisory Authority

If you are located in the EEA and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection supervisory authority.

17. Do Not Sell My Personal Information

We do not sell, rent, or trade your personal information to third parties for monetary or other valuable consideration. We only share data with service providers as necessary to operate our service, as described in this Privacy Policy.