Page Proof — Privacy Policy

Last updated: 2026-06-28

Page Proof ("the App", "we", "us") is an on-page conversion-rate (CRO) auditor for Shopify stores. This policy explains exactly what the App accesses, why, how it is stored, and your rights. It is grounded in what the App technically does — not boilerplate.

1. The short version

Page Proof is classified Protected Customer Data (PCD) Level 0. It requests no access to orders or customers and stores no customer personal data.
It reads your store's public page markup and your own product/page catalog to run conversion audits, and — only when you explicitly approve — writes an improved copy block back to a product or page description.
Your data is deleted when you uninstall (and on Shopify's shop/redact webhook).

2. Shopify access scopes we request

Page Proof requests these scopes, and only these:

| Scope | Why |

|---|---|

| read_products | List your products and build their public storefront URLs to audit. |

| write_products | Append an approved, reversible CRO copy block to a product description. |

| read_content | Read Online Store page content for the audit/fix. |

| write_content | Append an approved, reversible CRO copy block to an Online Store page. |

| read_online_store_pages | List your Online Store pages to audit. |

| write_online_store_pages | Write an approved fix block back to an Online Store page. |

We do not request read_orders, read_customers, read_all_orders, read_themes, or any payment/fulfilment scope. Because no orders/customers scope is requested, the App is PCD Level 0 and no Protected Customer Data review is required.

3. What we store

We store the minimum needed to operate the App:

Your shop domain, shop GID, and basic shop fields (name/email/country as provided by Shopify at install).
Your plan and billing status (tier, subscription state, credit balance).
The CRO audits you run: the audited URL, the predicted score, the per-check findings, and timestamps.
A record of each AI copy-fix: the target page, the checks addressed, and a snapshot of the prior description text (so the change is reversible), plus coarse token counts for the usage meter.
Your offline Shopify access token and, if you choose to provide one, your own Anthropic API key — both encrypted at rest (AES-256-GCM).

None of this contains customer personal data. We do not store order data, customer records, contact details, or payment data — we never receive them.

4. What we send to sub-processors

Anthropic (LLM provider) — only when you run the optional AI copy-fix. We send the product/page title and description (your own catalog content) to generate a grounded reassurance block, under Anthropic's zero-data-retention terms. No orders or customers are ever sent. If you bring your own Anthropic key, the call runs on your account and your key is used only for that purpose.
Hosting — the App runs on our own server infrastructure (syncerp.work). Data in transit is TLS-encrypted.
Shopify — billing and admin API interactions are with Shopify itself.

We do not sell data, and we do not use your data to train models.

5. Public-page fetching

To audit a page, the App fetches the page over HTTPS like any visitor and reads its public HTML. It identifies itself honestly (PageProofBot/1.0) and follows standard SSRF safety limits (public hosts only, size/time caps). It reads only what is publicly served.

6. Data retention & deletion

Audit and fix records are retained while the App is installed so you keep your history and trend.
On uninstall and on Shopify's shop/redact webhook, all rows for your shop are cascade-deleted.
You can remove your stored Anthropic key at any time from the Plan tab.

7. GDPR / privacy compliance webhooks

The App implements Shopify's mandatory privacy webhooks:

customers/data_request — truthfully reports that we hold no customer data.
customers/redact — no-op (no customer data to redact).
shop/redact — cascade-deletes your shop's data.

8. Your rights (GDPR / CCPA)

Because we hold no customer personal data, customer-level requests are answered by the webhooks above. For your merchant data (shop record, audits, billing), you may request access, correction, export, or deletion by contacting us; uninstalling deletes it automatically.

9. Security

Access tokens and BYOK keys are encrypted at rest (AES-256-GCM). The App fails closed on a bad encryption key and never logs prompt/response bodies or secret values.

10. Changes

We will update this policy as the App evolves and revise the "last updated" date.

11. Contact

Email: gheorghe.beschea@overheat.agency — for any privacy question, access/deletion request, or data concern.