Last updated: 28 June 2026
FAQ Genie ("the App", "we", "us") is a Shopify app that builds grounded store FAQs
from a merchant's own shop policies and settings and publishes them to the
merchant's storefront. This policy explains exactly what the App accesses, why, how
long we keep it, and your rights. We collect as little as possible.
FAQ Genie is operated by the app publisher (the "data controller" for the limited
data described below). Contact: privacy@faqgenie.app (replace with your real
support address before submission).
FAQ Genie is classified at Protected Customer Data (PCD) Level 0. It does
not request, read, store, or process any orders, customers, checkouts, or any
customer personal data. There is no read_orders, read_customers, or any
customer/order scope anywhere in the App.
The App requests only these scopes, and uses them only as described:
| Scope | What we do with it |
|---|---|
| read_products | Read product titles / on-page content as context for grounded FAQs. No orders or customers. |
| read_content | Read your shop policies (refund / shipping) to extract facts (e.g. return window, free-shipping threshold). |
| write_content | Write your FAQ content back to a store page — only when you click Publish. |
| read_online_store_pages | Find an existing FAQ page so a re-publish replaces only our block. |
| write_online_store_pages | Create or update a store page with your FAQ content + FAQPage JSON-LD — only when you click Publish. |
We do not request optional scopes, and we never request orders or customer scopes.
We store only what is needed to run the App, all keyed to your shop:
myshopify.com domain, shop GID, name/email/country (asprovided by Shopify on install), default FAQ language, and install/uninstall
timestamps.
that we import from your policies (no personal data).
JSON-LD, and a reversible snapshot of any page we wrote so you can undo it.
billing status (your plan and Shopify subscription ID). Billing is processed by
Shopify; we never see or store card details.
(AES-256-GCM), used only to read your settings and write FAQs on your action.
We do not store any shopper, order, or checkout data.
Solely to provide the App: read your settings, build grounded FAQs, publish them
to your store on your request (and, on the Pro plan, re-publish your live FAQ page
automatically when your shop policies change), and show you insights derived only
from your own data. We do not sell your data, and we do not use it for advertising
or to train third-party AI models.
Redis queue, hosted on a dedicated VPS we control. Data stays within this
infrastructure.
FAQ Genie's FAQ generator is **deterministic and runs entirely on our own
servers — it does not** call any external LLM/AI provider, so your data is not
sent to Anthropic, OpenAI, or any other AI vendor.
We keep your data only while the App is installed. On uninstall we flag your shop
inactive; when Shopify sends the shop/redact request (about 48 hours after
uninstall) we cascade-delete every record tied to your shop, including the
encrypted access token. You can also email us to request earlier deletion.
We implement Shopify's three compliance webhooks honestly:
customers/data_request — we hold no customer data, so there is nothing toreturn.
customers/redact — no-op; we hold no customer data to redact.shop/redact — we delete all of your shop's data, as above.Subject to applicable law (including GDPR/UK GDPR and the CCPA), you may request
access to, correction of, or deletion of the limited shop data we hold, and you may
object to or restrict processing. Because we hold no customer/shopper personal
data, such requests concern only the merchant/shop records listed in section 4.
Contact us at the address in section 1.
Access tokens are encrypted at rest with AES-256-GCM; all traffic is over HTTPS;
webhooks are HMAC-verified; database access is restricted to the App. We follow
least-privilege scoping (Level 0) by design.
We may update this policy; material changes will be reflected by the "Last updated"
date and, where required, in-app notice.