StoreLingo

Privacy Policy

Effective date: May 26, 2026 · Last updated: May 26, 2026

This Privacy Policy describes how StoreLingo ("we", "us", or "our"), operated by Executio, collects, uses, and discloses information when you install and use the StoreLingo application ("App") available on the Shopify App Store. By installing the App, you agree to the practices described in this policy.

1. Data Controller

For merchants in the European Economic Area (EEA) or United Kingdom, StoreLingo acts as a data controller for the merchant's shop data and as a data processor when processing end-customer data on behalf of the merchant.

Contact: privacy@storelingo.app

2. Information We Collect

We collect the following categories of information solely to provide translation services:

2.1 Merchant & Store Data

Shop identity: store domain (myshopify.com URL), Shopify shop ID.
OAuth access token: a Shopify-issued access token scoped to the permissions you grant, used to read and write store content and translations.
Plan & billing status: your active subscription plan and word-credit usage, managed through the Shopify Billing API. We never store payment card data.
App settings: selected target languages, auto-translate preference, BYOK API key (if provided, stored encrypted), and glossary terms.

2.2 Store Content

Product titles, descriptions (body_html), and SEO fields.
Collection titles and descriptions.
Page titles and body content.
Article titles, body, and summaries.

This content is accessed exclusively to generate translations. We do not use it for any other purpose.

2.3 Translation Data

Original text and AI-generated translated text for each field and locale.
Translation status (pending, translated, approved, stale) and word counts.
Content change events detected via products/update webhooks.

2.4 Technical & Usage Data

Server-side error logs (do not contain personal customer data).
API request metadata (timestamps, response codes) for reliability monitoring.

We do not collect personal data about your store's end customers (names, emails, addresses, payment information). StoreLingo only processes store content, not customer records.

3. Legal Basis for Processing (GDPR)

For merchants subject to GDPR, our legal bases are:

Contract performance (Art. 6(1)(b)): processing necessary to deliver the translation service you subscribed to.
Legitimate interests (Art. 6(1)(f)): server error logging and reliability monitoring to maintain a secure, working service.
Legal obligation (Art. 6(1)(c)): compliance with GDPR data subject requests forwarded via Shopify's mandatory webhooks.

4. How We Use Your Data

Authenticate your store and maintain a secure session.
Retrieve store content via Shopify's Admin API for translation.
Send content to AI translation providers (see Section 6) and store results.
Publish approved translations back to your store using Shopify's Translation API.
Detect outdated translations when your products change in Shopify.
Manage subscription plans and word-credit balances via the Shopify Billing API.
Send transactional communications (e.g., plan expiry notices) to the store owner email.

We do not use your data for advertising, profiling, or any purpose unrelated to operating the App.

5. Data Sharing & Third Parties

We share data only as necessary to provide the service:

5.1 AI Translation Providers

Store content fields are sent to AI providers for translation. By default we use Anthropic (Claude) (privacy policy: anthropic.com/legal/privacy). Merchants may supply their own API key (BYOK) to use a different provider. Only the text content to be translated is sent — no personal customer data, no store access tokens.

5.2 Infrastructure Providers

Supabase (database) — our PostgreSQL database is hosted in the EU (eu-west-1, Ireland). Supabase is GDPR-compliant. Privacy: supabase.com/privacy
Vercel (hosting & serverless functions) — the App backend runs on Vercel's edge network. Privacy: vercel.com/legal/privacy-policy

5.3 Shopify

StoreLingo is built on the Shopify platform. Your use of Shopify is governed by Shopify's own Privacy Policy. We process data in accordance with Shopify's API Terms of Service.

We do not sell, rent, or otherwise disclose your data to any other third party.

6. Data Retention

While the App is installed: all shop settings, translations, and detected changes are retained to provide continuous service.
After uninstallation: we process shop data deletion within 30 days of receiving Shopify's shop/redact webhook.
Customer data: we do not store personal customer data; customer redact requests forwarded by Shopify are acknowledged and confirmed.
Logs: server error logs are retained for up to 30 days for debugging purposes.

7. International Data Transfers

Your data is stored in the EU (Ireland). AI translation providers may process content in the United States. Where data is transferred outside the EEA, we rely on Standard Contractual Clauses (SCCs) or the provider's adequacy certification (e.g., EU-US Data Privacy Framework) as the legal basis for the transfer.

8. Your Rights

Depending on your location, you may have the following rights regarding your data:

Access: request a copy of the data we hold about your store.
Rectification: request correction of inaccurate data.
Erasure: request deletion of your data (also triggered automatically by uninstalling the App).
Restriction: request that we limit processing of your data.
Portability: request an export of your translation data in a structured format.
Objection: object to processing based on legitimate interests.
CCPA (California residents): you have the right to know, delete, and opt out of the sale of personal information. We do not sell personal information.

To exercise any of these rights, email us at privacy@storelingo.app. We will respond within 30 days.

9. Security

We implement industry-standard security measures: HTTPS/TLS encryption in transit, encrypted storage for sensitive credentials, and access controls limiting who can access production systems. No method of transmission over the Internet is 100% secure; we cannot guarantee absolute security but we are committed to protecting your data.

10. Cookies

StoreLingo is a Shopify embedded app and does not use tracking or advertising cookies. The app may use session cookies strictly necessary for authentication within the Shopify Admin interface.

11. Children's Privacy

The App is intended for use by Shopify merchants (businesses). We do not knowingly collect personal data from individuals under the age of 16.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page. Continued use of the App after changes constitutes acceptance of the revised policy. For significant changes, we may also notify you via the Shopify Admin.

13. Contact Us

For questions, concerns, or data requests related to this Privacy Policy:

StoreLingo — Executio

Email: privacy@storelingo.app

Website: storelingo.app

If you are in the EEA and believe your data protection rights have been violated, you have the right to lodge a complaint with your local supervisory authority.