Last updated: February 23, 2026
1. Introduction
CristaGEO ("we", "our", "the app") is a Shopify application developed by Frantend. This privacy policy explains how we collect, use, and protect information when you install and use CristaGEO on your Shopify store.
By installing CristaGEO, you agree to the practices described in this policy.
2. Information We Collect
2.1 Store Data
When you install CristaGEO, we access the following Shopify store data through the Shopify Admin API:
- Product information: titles, descriptions, images, vendors, product types, variants, barcodes, and metafields
- Store information: shop domain and locale settings
2.2 Data We Do NOT Collect
CristaGEO does not collect, store, or process:
- Customer personal data (names, emails, addresses, payment info)
- Order details or transaction data (beyond anonymous AI-attribution analytics)
- Browsing behavior or tracking cookies
- Any data from your store's visitors or customers
3. How We Use Your Data
We use the product data we access exclusively to:
- Analyze your product catalog for SEO and AI-readiness (scoring, missing fields detection)
- Generate AI-powered enrichment suggestions (descriptions, metafields, structured data)
- Inject Schema.org structured data into your storefront via our theme extension
- Generate an LLMs.txt file to improve your store's visibility to AI search engines
- Track score progression over time to measure optimization impact
4. Data Storage and Security
- Product analysis data is stored in an encrypted database hosted on Fly.io infrastructure located in Paris, France (CDG region).
- Shopify access tokens are encrypted using AES-256-CBC before storage.
- All data transfers use HTTPS/TLS encryption.
- We do not share, sell, or transfer your data to third parties, except for AI processing through OpenAI's API (product titles and descriptions only, no personal data).
5. Third-Party Services
CristaGEO uses the following third-party services:
6. Data Retention
- Your data is retained for as long as CristaGEO is installed on your store.
- Upon uninstallation, your session data is immediately deleted.
- Upon receiving a shop/redact webhook from Shopify, all store data (products, scans, suggestions, enrichment history) is permanently deleted within 48 hours.
- You can also manually delete all your data at any time from the Settings page within the app.
7. GDPR & Privacy Compliance
CristaGEO complies with Shopify's mandatory privacy webhooks:
- customers/data_request — CristaGEO does not store customer data. We acknowledge these requests and respond accordingly.
- customers/redact — CristaGEO does not store customer data. No action is required.
- shop/redact — All store-related data is permanently deleted upon receiving this request.
As CristaGEO does not collect or process personal data of your customers, GDPR data subject requests (access, rectification, erasure) regarding end customers are not applicable to our service.
8. Shopify API Scopes
CristaGEO requests only the minimum necessary permissions:
- read_products — to analyze your product catalog
- write_products — to apply enrichment suggestions (metafields) to your products
- read_content — to access store content for SEO analysis
- write_files — to generate and host the LLMs.txt file
9. Your Rights
You have the right to:
- Access all data CristaGEO holds about your store (visible in the app dashboard)
- Delete all your data at any time via Settings > Delete all data
- Uninstall the app at any time, which triggers automatic data cleanup
- Contact us for any privacy-related questions or requests
10. Changes to This Policy
We may update this privacy policy from time to time. Any changes will be reflected on this page with an updated "Last updated" date. Continued use of CristaGEO after changes constitutes acceptance of the revised policy.
11. Contact
For any questions or concerns regarding this privacy policy or your data, contact us at:
Frantend
Email: contact@frantend.fr
Website: frantend.fr