Privacy Policy

Last updated: 2026-05-30

Backbone Catalog ("the App", "we") is a Shopify embedded admin application that ingests supplier PDF catalogs, classifies and extracts product information using AI, and lets merchants push the result to their Shopify storefront.

1. What we store

Catalog data: the PDF files merchants upload, the rendered page images, and the structured products / variants / images we extract from them.
Shop billing state: subscription status, page-credit balance, billing event audit trail (subscription activations, charges, page deductions).
Per-shop settings: optional Anthropic and Replicate API keys the merchant configures in Settings, image-quality preferences.
Shopify session tokens: stored to maintain the OAuth session with Shopify. Required for the App to call Shopify on the merchant's behalf.

2. What we do not store

No customer Personally Identifiable Information (PII). The App reads read_products and writes products + files; it does not read customer records, orders, or checkouts.
No payment-card data. All charges are processed by Shopify's Billing API; we never see card numbers.

3. Subprocessors

To deliver the App's functionality we share data with the following subprocessors:

Anthropic, PBC (US) — uploaded PDF page images, extracted product metadata samples (when the merchant clicks "Suggest improvements" in Settings), and cropped product images (when the merchant uses the cross-link-image flow) are sent to Anthropic's Claude API for vision classification, product extraction, hint suggestion, and image-matching. Anthropic's data-handling policy is at anthropic.com/legal/privacy. Per Anthropic's commercial-API terms, requests are not used to train Anthropic's models. Anthropic retains API request/response content for up to 30 days for abuse monitoring then deletes.
Shopify, Inc. (Canada) — the App runs as an embedded admin inside Shopify and writes products via Shopify's Admin API.
Fly.io (US, hosting) — App is deployed in Fly's Frankfurt (fra) region. Database (Fly Managed Postgres) and uploaded-PDF cache volume both reside in the EU. Encryption at rest by the underlying provider.
frankfurter.app (Germany, FX rates) — when a catalog's source currency differs from the shop currency, we request the daily ECB reference rate. ONLY ISO 4217 currency codes are sent (e.g. "USD", "EUR"). No catalog data, no shop identity, no products.
jsDelivr CDN (multi-region, FX fallback) — for currencies frankfurter.app doesn't cover (AED, SAR, etc.), we fetch from the @fawazahmed0/currency-api dataset mirrored on jsDelivr. Again, only ISO codes flow out.
Replicate, Inc. (US) — listed in Settings as a future AI image upscaling / generation feature. NOT currently wired to any code path; no Replicate API calls are made today even if the merchant enters a token.

4. Data retention and deletion

When a merchant uninstalls the App, all of their data (catalogs, snapshots, extracted products, billing state, shop settings, session tokens) is deleted within seconds via our app/uninstalled webhook handler. As a GDPR backstop, Shopify also sends a shop/redact webhook 48 hours after uninstall — our handler re-runs the same deletion.

Content-hashed PDF and rendered-image blobs on disk may persist longer than the database rows (they are deduplicated across shops) but contain no shop-identifying metadata once the corresponding Catalog row has been deleted.

5. Your rights (GDPR)

Merchants in the EU and other GDPR-covered jurisdictions may at any time:

Request a copy of stored data — email the address below.
Request deletion — uninstall the App, or email the address below. Both trigger a complete wipe.
Withdraw consent — uninstalling the App revokes all access.

6. Security

Data is stored in a managed PostgreSQL database on Fly.io (encrypted at rest by the underlying provider). All traffic to and from the App is HTTPS-only. API keys the merchant brings (Anthropic, Replicate) are stored as plaintext rows in the database — treat the database as secret-bearing. We do not have any third-party access to the database.

7. Changes to this policy

If we materially change how data is handled, we will update this page and notify merchants via an in-app banner before the change takes effect.

8. Contact

For privacy questions or data-subject requests, email privacy@backbone-catalog.app.