Privacy Policy

Last Updated: November 2024

This Privacy Policy describes how the Shopline AI Image Editor application ("App", "we", "us", or "our") collects, uses, and shares information when you install and use our application through the SHOPLINE platform.

---

1. Information We Collect Through SHOPLINE APIs

When you install and use our App, we collect the following information through SHOPLINE's APIs:

Store Information

• Store handle (unique identifier)
• Merchant ID
• Shop name
• OAuth access tokens (for authentication purposes)

Product Data

• Product titles and identifiers
• Product images (URLs and image content)
• Product status information

Subscription & Billing Data

• Subscription ID and plan details
• Billing cycle information
• Payment records and transaction history
• Usage limits and consumable balances

---

2. Information We Collect Directly from Merchants

In addition to data obtained through SHOPLINE APIs, we may collect:

Account Information

• Email address (optional, for support communications)
• Contact preferences

Usage Data

• Monthly image edit counts
• Feature usage patterns
• Edit history including:
  • Original image URLs
  • Editing prompts/instructions
  • Edited image URLs
  • Timestamps and status

Technical Data

• App installation and uninstallation events
• Session information
• Error logs for troubleshooting

---

3. Information We Collect from Merchant Customers

Our App does not directly collect personal information from your customers.

However, please note:

• We process product images that may appear on your storefront
• We do not place cookies on customer devices
• We do not use tracking technologies to collect customer data
• We do not access customer personal information, purchase history, or browsing behavior

All image processing occurs on server-side systems and does not involve direct interaction with your customers' devices.

---

4. How We Use Collected Information

Primary Purposes (App Functionality)

• Authenticate your store and maintain secure sessions
• Retrieve and process product images for AI-powered editing
• Send images to our AI service provider (Google Generative AI) for processing
• Upload edited images to your SHOPLINE Media Library
• Track usage against your subscription plan limits
• Process subscription payments and manage billing

Secondary Purposes

• Provide customer support and respond to inquiries
• Troubleshoot technical issues and improve app stability
• Comply with legal obligations
• Protect against fraud and unauthorized access

What We Do NOT Do

• We do not sell your data to third parties
• We do not use your product images for training AI models
• We do not share your data for advertising purposes
• We do not access data beyond the scope required for app functionality

---

5. Third-Party Service Providers

We share information with the following third-party services to provide our App functionality:

Service Provider	Purpose	Data Shared
Google Generative AI (Gemini)	AI image processing	Product images (as base64 data)
SHOPLINE Platform	Authentication, media storage	OAuth tokens, edited images
Vercel	Application and database hosting	Technical logs, all app data (PostgreSQL)

All third-party providers are contractually obligated to protect your data and use it only for the specified purposes.

---

6. Data Retention

We retain your data for the following periods:

Data Type	Retention Period
OAuth Access Tokens	Until expiration (as issued by SHOPLINE) or app uninstallation
Subscription Records	Duration of subscription + 7 years (for legal/accounting)
Usage Data	Duration of subscription + 1 year
Edit History	Duration of subscription
Payment Records	7 years (legal requirement)

Data Deletion

When you uninstall the App:

• All merchant OAuth credentials are immediately deleted
• Webhook subscriptions are removed
• Token cache is cleared

Data Preserved for Reinstall Continuity: The following data is intentionally preserved to allow you to seamlessly resume your subscription if you reinstall the app:

• Subscription records
• Usage history
• Payment records
• Consumable balances
• Edit history

Complete Data Deletion: To request complete deletion of all your data (including preserved records), please contact us at the address below. We will process your request within 30 days.

---

7. Data Storage Location and International Transfers

Company Location

Vicino, Inc. is headquartered in Bellevue, WA, USA.

Data Storage

• Primary data is stored on servers located in the United States
• Database services are hosted on cloud infrastructure in the United States

International Transfers

Your data may be processed outside of Europe in the following circumstances:

• Google Generative AI: Images are processed on Google's servers (primarily US-based)
• Vercel: Application hosting (global edge network)
• SHOPLINE: Platform data processing

For transfers outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs)
• Adequacy decisions where applicable
• Supplementary security measures

---

8. Data Security

We implement appropriate technical and organizational measures to protect your data:

• Encryption: All data transmitted via HTTPS/TLS
• Authentication: OAuth 2.0 with SHOPLINE, token refresh mechanisms
• Access Control: Data isolated by store handle
• Webhook Security: HMAC-SHA256 signature verification
• Database Security: Encrypted connections, access logging

---

9. Your Rights

Depending on your location, you may have the following rights:

• Access: Request a copy of your data
• Rectification: Request correction of inaccurate data
• Erasure: Request deletion of your data
• Portability: Request data in a machine-readable format
• Objection: Object to certain processing activities
• Restriction: Request limited processing of your data

To exercise these rights, please contact us using the information below.

---

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the updated policy on our website
• Updating the "Last Updated" date
• Sending notification through the SHOPLINE app interface (for significant changes)

---

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us:

Vicino, Inc.

• Email: support@vicino.ai
• Support URL: https://vicino.ai/support
• Address: Bellevue, WA, USA

For EU residents, you may also contact our Data Protection Officer at privacy@vicino.ai.

If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.

---

12. SHOPLINE Merchants

This App is designed for use by SHOPLINE merchants. By installing this App, you acknowledge that:

1. You are responsible for ensuring your use of the App complies with applicable privacy laws
2. You should inform your customers if edited product images affect their privacy
3. You maintain your own privacy policy that covers your store's data practices
4. Your use of the App is also governed by SHOPLINE's Terms of Service and Privacy Policy

---

This Privacy Policy is effective as of the "Last Updated" date above.