Privacy Policy
Last updated: June 28, 2026
This Privacy Policy describes how Jofflab (“we”, “us”) collects, uses, and protects information when you install and use AEO Pro (the “App”) on your Shopify store.
1. Information we collect
When you install the App, we receive from Shopify:
- Shop domain, owner email, country, currency, plan
- Product catalog data (titles, descriptions, images, prices, metadata)
- Theme files (for inserting llms.txt and structured data)
- Content (pages, blog posts) for the AI audit
We do not request access to customer personal data, orders, or payment information. The App scopes are limited to read_products, write_products, read_themes, write_themes, read_content, write_content.
2. How we use information
- Run AI-readiness audits on your store
- Query AI engines (ChatGPT, Perplexity, Gemini, Claude) to track citations of your store
- Generate AI-optimized product descriptions via large language models
- Operate and improve the App
3. Third-party service providers
Product data and content may be sent to the following processors strictly to deliver the App's features:
- Anthropic (Claude) - store audits, product description rewriting, and citation tracking queries. Citation tracking on Claude runs on the Plus tier only and uses Anthropic's web search tool, which fetches public web pages to answer; we still send only your configured keyword.
- OpenAI (ChatGPT) - citation tracking queries
- Perplexity - citation tracking queries
- Google (Gemini) - citation tracking queries
- Railway - application hosting
- Sentry - error monitoring
- PostHog - product analytics (anonymized usage)
- Google Analytics (Google) - traffic analytics for our marketing website (jofflab.com): page views, approximate location and device, set via cookies. This applies to website visitors only and does not receive your Shopify store, product, or customer data.
- Resend - transactional email
Each provider operates under its own privacy policy and data processing terms.
4. Data retention & deletion
We retain shop data for as long as the App is installed. When you uninstall the App, we process the standard Shopify GDPR webhooks (shop/redact, customers/redact, customers/data_request) and delete your shop's data within 30 days, except as required by law.
5. Security
Shopify access tokens are encrypted at rest using AES-256. All traffic between the App and Shopify, and between the App and AI providers, uses TLS 1.2+.
6. Your rights (GDPR / CCPA)
You may request a copy of your data, correction of inaccurate data, or deletion of your data at any time by emailing hello@jofflab.com. We respond within 30 days.
7. Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be notified to the shop owner email on file.
8. Contact
Jofflab — hello@jofflab.com