← Product Studio

Product Studio — Privacy Policy

Last updated: 2026-06-28

Product Studio ("the App", "we", "us") is a Shopify app that plans

deals-montage video-ad timelines from a merchant's product catalog. This policy

explains exactly what the App accesses, why, how long we keep it, and your

rights. We collect the minimum needed to do one job and nothing more.

1. Who we are

Product Studio is operated by the App developer. For any privacy question or

request, contact us at the email in Section 11.

2. What the App accesses (scopes)

Product Studio requests a single Shopify Admin API scope:

• read_products — product titles, prices, compare-at prices, and featured

image URLs.

That is the entire access surface. The App does not request, and is

structurally unable to read or write:

• read_orders / write_orders, read_customers / write_customers,

checkouts, or any order/customer/financial data;

• write_products or any write scope — the App cannot modify your store;
• themes, files, discounts, fulfillment, or marketing data.

3. Protected Customer Data (PCD) level

Product Studio is Protected Customer Data Level 0. It processes no

protected customer data (no customer PII, no order data). Because it touches

only catalog data, it falls outside Shopify's PCD opt-in requirement.

4. What we store

• Shop record: your myshopify.com domain, install/uninstall timestamps, and

your billing/plan status.

• Offline access token: encrypted at rest with AES-256-GCM. We store the

ciphertext, never the plaintext token.

• Montage plans: the timelines you generate — scene order, durations,

transitions, and the real price-drop badges (the product title and the

before/after price for badged scenes). We store the resulting plan, not a full

copy of your catalog.

• Usage counters & webhook audit rows: counts and event IDs used to enforce

your plan quota and to deduplicate webhooks. No customer PII.

We do not store orders, customers, payment details, or any personally

identifiable customer data — we never receive it.

5. How we use it

Solely to provide the App: read your catalog on demand to plan a montage

timeline, show which products are deal-ready, enforce your plan quota, and

display insights over your own planning history. We do not sell or share your

data, and we do not use it for advertising or profiling.

6. AI / automated processing

The shipped App is deterministic: montage planning is plain computation, not

machine learning. No large-language-model or AI provider processes your data,

so there is no AI sub-processor today. If a future feature (e.g. an optional MP4

render or AI imagery) introduces one, this policy will be updated before that

feature ships and the sub-processor will be named in Section 8.

7. Data retention & deletion

• Montage plans and counters persist while the App is installed so you can review

your history.

• On app uninstall we mark your shop inactive; on a Shopify shop/redact

request we cascade-delete all rows for your shop (shop, token, plans,

scenes, usage, webhook audit).

• The Shopify GDPR webhooks customers/data_request and customers/redact are

honored as no-ops because we hold no customer data to return or erase.

8. Sub-processors

• Shopify — the platform; provides the Admin API we read from.
• Hosting/infrastructure provider — runs the App server and its PostgreSQL +

Redis datastores (EU/region as configured). Data is processed only to operate

the App.

No AI/LLM sub-processor is used by the current App (see Section 6).

9. Security

Access tokens are encrypted at rest (AES-256-GCM). All Shopify traffic is over

HTTPS/TLS. Inbound webhooks are HMAC-verified and deduplicated. Access is limited

to operating the App.

10. Your rights (GDPR/UK GDPR/CCPA)

You may request access to, correction of, or deletion of the data we hold for

your shop, and you may object to or restrict processing. The fastest route to

deletion is to uninstall the App (or trigger a shop-redaction); you may also

contact us directly. We respond within the timeframes required by applicable law.

11. Contact

Privacy requests and questions: privacy@productstudio.syncerp.work

(or the support email listed on the App Store listing).

12. Changes

We will post any changes here and update the "Last updated" date. Material changes

that affect what we access or who processes your data will be reflected before the

relevant feature ships.