← Blog Smith

Blog Smith — Privacy Policy

Last updated: 28 June 2026

This Privacy Policy explains what data the Blog Smith Shopify app ("Blog Smith", "we", "us") accesses, why, how it is stored, and your rights. Blog Smith is a content-creation tool that runs inside your Shopify admin.

1. Summary — Protected Customer Data Level 0

Blog Smith is classified at Protected Customer Data (PCD) Level 0. It does not request the read_orders, read_customers, or any order/customer scope, and it never reads, stores, or processes any order, customer, or shopper personal data. The app structurally cannot access that data because it never requests the scopes required to read it.

2. Scopes we request and why

Blog Smith requests the minimum scopes needed to do its job:

| Scope | Why we need it |

|---|---|

| read_products | Read product and collection handles to suggest internal-link slots in a content brief and provide catalog grounding for drafts. We do not read inventory, costs, or customer-specific data. |

| read_content | Read your existing blogs and articles so drafts avoid duplicating content you already have. |

| write_content | Publish an article you have explicitly approved to your store blog (a new blog post with SEO meta). Granted via the app configuration; you re-consent on install/update. |

We request no other scopes. We never request read_orders, read_customers, read_all_orders, or any protected-customer-data scope.

3. Data we store

On our servers (hosted on a dedicated EU/EEA-region server, see §6) we store only:

• Content briefs you create: topic, target keyword, content type, recommended length, per-section word/keyword targets, and internal-link slot suggestions.
• Article drafts produced against those briefs: the generated title, body, SEO meta, de-AI cleanliness score, and word count — until you publish or delete them.
• Aggregate token-usage counts for billing and budget enforcement: model name and input/output token totals per generation. We never store the prompts sent to the AI or the responses returned (zero-retention posture).
• Shop record: your myshopify.com domain, shop name/email/country as returned by Shopify at install, and your billing plan status.
• Webhook audit log: the Shopify webhook IDs we have processed (for idempotency).

We store no order data, no customer data, and no shopper personal data of any kind.

4. AI sub-processor (Anthropic)

When you use a paid plan to draft an article, the content brief, your brand name, and any grounding facts you supply are sent to Anthropic (our AI provider) to generate the draft. These prompts contain only your own catalog/brief data — never customer or order data. We operate under Anthropic's zero-data-retention terms: Anthropic does not retain your inputs or outputs to train models, and we do not log prompt or response bodies on our side.

If you use Bring Your Own Anthropic Key (Agency plan), drafting runs on your own Anthropic account under your own agreement with Anthropic. Your key is encrypted at rest (AES-256-GCM) and is never returned to your browser or to any third party.

5. How data is used

We use the data above only to: build briefs, draft and scrub articles, publish approved articles to your blog, enforce your plan's token budget, show you analytics of your own production (briefs/drafts counts, sizing, keyword coverage), and bill you correctly. We do not sell your data, and we do not use it for advertising.

6. Sub-processors / hosting

• Anthropic, PBC — AI text generation (paid plans only; zero-retention; never receives customer data).
• Application host — a dedicated server operated by us on which the app, its PostgreSQL database, and its Redis queue run. Access tokens and any BYOK key are encrypted at rest.

No other third parties receive your data.

7. Data retention and deletion

• Briefs and drafts persist until you delete them or uninstall the app.
• Token-usage counts persist for billing history.
• On uninstall, your shop is marked inactive. On Shopify's shop/redact webhook (sent ~48 hours after uninstall), all of your Blog Smith data is permanently deleted from our database.
• Because we hold no customer data, the customers/data_request and customers/redact webhooks truthfully report there is nothing to return or redact.

8. GDPR / privacy rights

Blog Smith implements Shopify's mandatory compliance webhooks (customers/data_request, customers/redact, shop/redact). As a merchant you may request access to, correction of, or deletion of the data we hold about your shop at any time by contacting us (§10). Uninstalling the app triggers deletion of your shop's data as described in §7. Our hosting is in the EU/EEA.

9. Security

Access tokens and any BYOK key are encrypted at rest with AES-256-GCM. All traffic is served over TLS. We log only coarse, non-content metadata (model id, token counts, latency, request id) — never your content, prompts, or responses.

10. Contact

For any privacy question or data request: support@syncerp.work (or the support email listed on the app's App Store page). We respond within 30 days.