Privacy Policy

Last updated: March 2026

DropShip Intelligence ("the App") is operated by LIETL. This Privacy Policy explains how we collect, use, store and delete information when you install and use our Shopify app.

1. Information We Collect

When you install the App, Shopify provides your store's domain name and grants an OAuth access token. We use this token to publish product listings to your store when you request it. We also record your subscription plan, monthly search usage count, and install date in order to manage your billing and usage limits.

The App does not collect, access or store any personal information about your end customers.

2. How We Use Your Information

Your Shopify access token is used solely to publish product listings to your store on your instruction
Your usage count and plan are stored to enforce monthly search limits and manage your subscription
Product research queries are sent to the Anthropic API (Claude AI) on your behalf to generate product recommendations
Search history and price alert preferences are stored in Shopify metafields attached to your shop object
We do not sell, rent or share your data with any third parties for marketing purposes

3. Where Your Data Is Stored

Your Shopify OAuth access token is stored in encrypted form on our Railway.app server infrastructure located in the United States. Merchant plan data, search history and price alerts are stored directly in Shopify metafields on your own Shopify shop object — meaning this data is governed by Shopify's infrastructure and data residency policies.

4. Data Retention

    We retain your data for as long as the App is installed on your store. If you uninstall the App, your OAuth access token is deleted from our servers within 24 hours in response to Shopify's mandatory shop/redact webhook. Merchant plan data stored in Shopify metafields is deleted from Shopify's systems in accordance with your GDPR data deletion request (see Section 6). We do not retain any data beyond 90 days after uninstall.
  

5. Third-Party Services

Anthropic API — product research queries are processed by Claude AI. Subject to Anthropic's Privacy Policy. Anthropic does not use API requests to train models.
Railway.app — our server hosting provider. Located in the United States. Subject to Railway's Privacy Policy.
ExchangeRate-API — provides live currency rates. No personal data is shared.
DiceBear API — generates abstract product placeholder images from product names. No personal data is shared.

6. Your Rights (GDPR)

If you are located in the European Economic Area or United Kingdom, you have the right to:

Request access to the data we hold about your store
Request correction of inaccurate data
Request deletion of all data we hold — we will action this within 30 days
Object to or restrict processing of your data

To exercise any of these rights, email us at privacy@vify.app. We will respond within 30 days.

7. GDPR Webhooks

We support all three mandatory Shopify GDPR webhooks: customers/redact, customers/data_request and shop/redact. Upon receiving a shop/redact webhook we immediately delete all stored tokens and merchant data associated with your store.

8. Security

All communication between the App and Shopify's API uses HTTPS/TLS encryption. OAuth requests are validated using HMAC-SHA256 signatures as required by Shopify's security specifications. We do not log or store the contents of your product research queries beyond the immediate API response.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify merchants of material changes by updating the date at the top of this page. Continued use of the App after changes constitutes acceptance of the updated policy.

10. Contact

For privacy concerns or data requests: privacy@vify.app