This Privacy Policy explains how Specably (“we”, “us”) handles information in connection with the Specably app for Shopify (the “App”) and the specably.com website (the “Site”).
Our role. For data in a merchant’s Shopify store, the merchant is the data controller and Specably acts as a processor on the merchant’s behalf. For the Site and our business records, we are the controller.
What the App accesses. With the merchant’s authorization, the App accesses, via Shopify’s API, product/catalog data (titles, descriptions, variants, metafields, product images, collections, tags) and store content (pages, blog posts, and store policies such as shipping/returns/FAQ). The App requests only these scopes: read_products, read_content, read_themes, read_locales. The App does not request or access orders, customers, checkout data, or any Shopify Protected Customer Data.
Content the App generates and stores. The App uses AI to draft question-and-answer content and product spec/comparison content from the data above. Generated content is stored in the merchant’s Shopify metafields and in our application database, and is published only as configured/approved by the merchant.
Shopper-submitted questions. Shoppers may submit product questions through a form on the merchant’s storefront. These are processed as anonymous free text. We do not require a login and do not collect or store shopper IP addresses, device fingerprints, names, or emails. Shoppers are asked not to include personal information; if a shopper voluntarily includes personal data in the text, the merchant (as controller) is responsible for it and it is subject to deletion on request and on app uninstall.
Website data. The Site uses privacy-friendly, cookieless analytics (Cloudflare Web Analytics) that do not use tracking cookies or collect personal data. If you contact us, we process the information you provide to respond.
Sub-processors. We use the providers listed on our Sub-processors page (AI model provider, hosting, anti-spam, analytics, email) to operate the App. They process data only as needed to provide their service.
International transfers. Data may be processed in the regions where Specably and its sub-processors operate. Where required, we rely on appropriate safeguards (e.g., Standard Contractual Clauses).
Retention & deletion. We retain merchant store data only as long as the App is installed. On uninstall, we honor Shopify’s shop/redact request and delete the store’s data within 30 days. We also honor customers/redact and customers/data_request requests.
Security. We use encryption in transit and at rest, access controls, and least-privilege practices. No method is 100% secure, but we work to protect your data.
Your rights. Depending on your location (e.g., GDPR/UK GDPR/CCPA), you may have rights to access, correct, delete, or restrict processing of personal data. Merchants can exercise these for store data; end users should contact the relevant merchant (controller). Contact us at [email protected] for help.
Children. The App is for businesses and is not directed to children.
Changes. We may update this policy; we’ll change the “Last updated” date and, for material changes, notify merchants.
Contact. Specably, [email protected]. A postal address is available on request.