Privacy Policy

This Privacy Policy describes how Proofly ("we," "us," or "our"), developed and operated by JP Antsjoha / AlphaHive, collects, uses, and protects information when you install and use the Proofly application on the Shopify platform.

By installing or using Proofly, you agree to the practices described in this Privacy Policy. If you do not agree, please uninstall the application.

1. What Data We Collect

Proofly is a Store Readiness Intelligence System. We collect only the data necessary to perform catalog quality audits and generate improvement recommendations for your Shopify store.

1.1 Store and Product Catalog Data

• Store information: Your shop domain, plan type, timezone, currency, country, and store configuration details
• Product catalog data: Product titles, descriptions, body HTML, vendor, product type, tags, status, and SEO metadata (meta title, meta description)
• Product media: Image URLs and existing ALT text for product images
• Product variants: SKU, barcode (GTIN), price, inventory quantities, and variant-level attributes
• Metafields: Existing product metafields relevant to catalog quality and Agent Readiness validation
• Product collections: Collection membership for catalog structure analysis
• Store policies: Refund policy, shipping policy, and privacy policy content (for quality assessment)

1.2 Account and Usage Data

• Shopify session tokens: Used to authenticate API requests
• Subscription and billing status: Your current Proofly plan tier (Starter, Growth, or Scale)
• Audit activity: Records of audits run, findings generated, fix operations applied, and rollback events
• Application settings: Your configured preferences within the app

1.3 What We Do Not Collect

• No customer PII: We do not access, collect, or store any customer personal data (names, emails, addresses, order history, payment information)
• No sensitive personal information: No social security numbers, financial account details, or health-related data
• No browsing history: We do not track your activity outside of the Proofly application
• No marketing data: We do not access your customer email lists, marketing segments, or customer behavioural data

2. How We Use Your Data

2.1 Core Service Delivery

• Catalog quality analysis: Analysing product titles, descriptions, images, and metafields to identify quality issues
• AI-powered recommendations: Generating suggested improvements using Google Vertex AI (Gemini)
• Fix application and rollback: Applying approved corrections and maintaining a full change history
• Audit history and proof ledger: Maintaining an auditable record of all changes made by Proofly

2.2 Service Operations

• Authentication and authorisation: Verifying your identity and store ownership
• Subscription management: Enforcing your plan tier entitlements based on your active billing subscription
• Performance and reliability: Monitoring application health and processing audit jobs

2.3 Service Improvement

We may use anonymised, aggregated metrics to improve Proofly's detection algorithms. This data cannot be traced back to any individual store. We do not use your data for advertising, profiling, or any purpose unrelated to delivering the Proofly service.

3. Data Storage and Security

3.1 Storage Infrastructure

Your data is stored in a PostgreSQL database hosted on Google Cloud SQL in the us-central1 (Iowa, United States) region. Google Cloud maintains SOC 1/2/3, ISO 27001, ISO 27017, ISO 27018, and PCI DSS compliance certifications.

3.2 Security Measures

• Encryption in transit: All data is encrypted using TLS (Transport Layer Security)
• Encryption at rest: All stored data is encrypted using AES-256 encryption via Google Cloud SQL
• Access controls: Database access is restricted to Proofly application services only via least-privilege service accounts
• Multi-tenant isolation: Each store's data is logically isolated by a unique tenant identifier
• Authentication: Shopify OAuth 2.0 — we never store your Shopify password
• Network security: Services run in isolated VPC networks with firewall rules

4. Third-Party Services (Subprocessors)

Proofly relies on the following infrastructure providers. Each is bound by data processing agreements. We do not sell your data to any third party.

4.1 Google Vertex AI (Gemini)

Product content data is transmitted to Google Vertex AI's Gemini API to generate quality improvement suggestions, under Google Cloud's Data Processing and Security Terms. Google does not use this data to train its general AI models under our enterprise agreement.

4.2 No Advertising or Analytics Third Parties

We do not integrate with Google Analytics, Facebook Pixel, or any third-party advertising or behavioural analytics services. We do not place tracking cookies on your browser.

5. Cookies and Tracking

Proofly uses only the cookies and session tokens required for Shopify embedded app authentication. We do NOT use persistent tracking cookies, advertising cookies, or cross-site tracking technologies.

6. Data Retention

6.1 Active Subscription

While your subscription is active, we retain your store configuration, audit history, fix run history, and change ledger. Product catalogue change history is retained for 30 days (Growth plan) or 90 days (Scale plan).

6.2 App Uninstallation and Data Deletion

When you uninstall Proofly, we initiate a cascading deletion of all data associated with your store. This deletion is permanent and irreversible.

6.3 Shopify Compliance Webhooks

Proofly implements all three mandatory Shopify compliance webhooks: customers/data_request, customers/redact, and shop/redact.

7. International Data Transfers

Proofly is operated from the United Kingdom. Your data is stored in the United States (Google Cloud us-central1). For EEA/UK merchants, data transfers are made pursuant to Standard Contractual Clauses (SCCs) approved by the European Commission.

8. Your Rights

8.1 General Rights (All Merchants)

You have the right to access, correct, delete, and port your data, and to object to specific processing activities.

8.2 GDPR Rights (EEA/UK Residents)

Under GDPR, you additionally have the right to restriction of processing, withdrawal of consent, and to lodge a complaint with your local data protection authority. Our legal basis for processing is contract performance.

8.3 CCPA Rights (California Residents)

California residents have the right to know, delete, and opt-out of the "sale" of personal information. Note: Proofly does not sell personal information. To exercise rights, contact us here. We will respond within 45 days.

9. Data Breach Notification

In the unlikely event of a data breach, we will notify affected users within 72 hours of becoming aware and provide details of the breach, affected data, and remediation steps.

10. Children's Privacy

Proofly is a business application not directed at individuals under the age of 13 (or 16 in the EEA). We do not knowingly collect data from minors.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via the Proofly application. Continued use of Proofly after changes constitutes acceptance of the updated policy.

12. Contact Us

Proofly (AlphaHive / JP Antsjoha)
Submit a privacy request
We will respond to privacy-related requests within 30 days (GDPR) or 45 days (CCPA).