Privacy Policy

Importier is a Shopify product import application operated in Australia. If you have questions or concerns about how we handle your personal information, wish to exercise your data rights, or wish to make a complaint, you can contact us at:

Email: support@importier.app

We are committed to protecting the personal information of merchants and their customers in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and applicable international privacy laws including the General Data Protection Regulation (GDPR), the California Privacy Rights Act (CPRA), and other relevant legislation.

When you install and use Importier, we collect the following information directly from you:

• Account details: your name, email address, and Shopify store URL provided during app installation
• Import configuration: your preferred settings including AI model selection, writing tone, tax presets, brand voice preferences, and saved settings presets
• Uploaded files: CSV, Excel, or PDF files you upload for product import processing
• Support communications: any information you provide when contacting our support team via email or in-app messaging
• Billing information: payment details processed securely through Shopify's billing system. We do not store credit card numbers directly.

With your authorisation during app installation, Importier accesses the following data through Shopify's API:

• Product data: existing product titles, descriptions, variants, prices, inventory, images, and metafields in your Shopify store
• Store configuration: store name, currency, country, tax settings, locations, and sales channels
• Collection data: product collections and their membership for filtering and organisation
• Order and billing data: subscription status processed through Shopify's app billing API

Importier requests only the minimum API scopes necessary to operate the app. We do not access customer personal data, order customer details, or storefront customer accounts through the API.

Importier is a backend product import tool used within the Shopify admin. We do not:

• Place cookies or tracking technologies on your customers' devices
• Collect personal information directly from your storefront visitors or customers
• Track how customers visit, navigate, or interact with your online store
• Access customer names, emails, addresses, or purchase histories

Importier operates entirely within the Shopify admin environment and does not inject scripts, pixels, or any code into your storefront theme.

When you use Importier within the Shopify admin, we automatically collect:

• Session cookies: to maintain your authentication state and app session within the Shopify admin iframe
• Preference cookies: to remember your import settings, selected AI model, and configuration choices
• Server logs: IP address, browser type, device information, access timestamps, and pages visited within the app
• Error logs: technical information about any errors encountered during import processing

We use anonymised, aggregated usage analytics to understand how merchants interact with the app and to improve its features and performance. You can manage cookie preferences through your browser settings, although disabling session cookies may prevent the app from functioning correctly.

We use the information we collect for the following purposes:

• To provide and operate the Importier app including product import, AI description generation, variant detection, barcode enrichment, and data validation
• To process your uploaded files through our AI models and return enriched product data to your Shopify store
• To manage your account, subscription, and billing through Shopify
• To communicate with you about your account, feature updates, and support requests
• To improve the app's functionality, accuracy, and user experience based on aggregated usage patterns
• To detect and prevent fraud, abuse, or misuse of our services
• To comply with legal obligations, respond to lawful requests, and resolve disputes

We do not use your personal information or product data for any purpose beyond providing and improving the Importier app. We do not use your data for advertising, marketing profiling, or to build interest-based segments. We do not sell, rent, or trade your personal information to third parties.

We may share your information with the following categories of recipients, solely for the purpose of providing the Importier service:

• Shopify: to integrate with your store, process app billing, and access authorised store data through Shopify's platform
• AI service providers: product data (titles, barcodes, file contents) is sent to AI providers including OpenAI, xAI, Anthropic, Google, Amazon, Meta, Mistral, and DeepSeek for processing. Importier offers 18+ AI models across these providers. Data sent to these providers is used solely to generate the requested output and is subject to each provider's data processing terms. We do not send merchant personal information (name, email) to AI providers.
• Cloud hosting providers: to securely store and serve the application, your uploaded files, and processed data
• Analytics providers: anonymised and aggregated usage data only, which cannot identify individual merchants
• Legal authorities: where required by law, regulation, subpoena, or court order

Your information may be transferred to and processed in countries outside Australia. This includes:

• United States: cloud hosting infrastructure, Shopify's platform, and AI processing providers (OpenAI, Anthropic, Google, xAI, Amazon, Meta, Mistral, DeepSeek)
• Canada: Shopify's headquarters and infrastructure

For merchants in the European Economic Area (EEA) or United Kingdom: we ensure that any transfer of personal data outside the EEA/UK is protected by appropriate safeguards as required by the GDPR, including the use of standard contractual clauses approved by the European Commission or reliance on adequacy decisions where available.

Where we transfer personal information outside Australia, we take reasonable steps to ensure that the overseas recipient handles your information in accordance with the Australian Privacy Principles. We remain responsible under the Privacy Act for the handling of your personal information by overseas recipients.

Depending on your jurisdiction, you may have some or all of the following rights regarding your personal information:

• Right of access: request a copy of the personal information we hold about you
• Right to correction: request that we correct inaccurate, incomplete, or out-of-date information
• Right to deletion: request that we erase your personal information where it is no longer necessary for the purposes it was collected
• Right to restrict processing: request that we limit how we use your personal information in certain circumstances
• Right to data portability: request a copy of your data in a structured, machine-readable format
• Right to object: object to the processing of your personal information for certain purposes
• Right to withdraw consent: where processing is based on consent, you can withdraw it at any time

Australian residents: you have the right to access and correct your personal information under the Privacy Act 1988.

EEA/UK residents: you have all rights listed above under the GDPR. You also have the right to lodge a complaint with your local data protection authority.

California residents: under the CPRA, you have the right to know what personal information is collected, request deletion, and opt out of the sale of personal information. We do not sell personal information.

To exercise any of these rights, contact us at support@importier.app. We will respond within 30 days (or sooner if required by applicable law). We will not discriminate against you for exercising your data rights.

We retain your personal information only for as long as necessary to fulfil the purposes described in this policy:

• Account data: retained for the duration of your subscription and for 90 days after you uninstall the app, after which it is permanently deleted
• Uploaded files (CSV, Excel, PDF): processed and deleted from our servers within 30 days of import completion
• AI-generated content: product descriptions and enriched data are pushed to your Shopify store and not retained separately on our servers after processing
• Import history and snapshots: retained for the duration of your subscription to enable the undo/revert feature
• Support correspondence: retained for 2 years after the last interaction, then deleted
• Server and error logs: retained for 90 days for debugging and security purposes
• Aggregated, anonymised analytics: may be retained indefinitely as this data cannot identify individual merchants

We take reasonable and appropriate technical and organisational measures to protect your personal information from misuse, interference, loss, unauthorised access, modification, and disclosure:

• Encryption of all data in transit using TLS/SSL and encryption at rest for stored data
• Secure authentication exclusively through Shopify's OAuth 2.0 system
• Regular security reviews, dependency audits, and vulnerability assessments
• Access controls limiting employee access to personal information strictly on a need-to-know basis
• Secure deletion of data when no longer required, including cryptographic erasure where applicable
• No direct storage of payment card data. All billing is processed through Shopify's secure billing API

While we take all reasonable precautions, no method of electronic storage or transmission is completely secure. If you become aware of any security issue, please contact us immediately at support@importier.app.

Importier complies with Shopify's mandatory privacy webhooks to ensure merchant and customer data is handled responsibly:

• Customer data request: if a merchant's customer requests their data, Shopify notifies us. Because Importier does not collect or store customer personal data, we respond confirming no customer data is held.
• Customer data erasure: if a merchant's customer requests erasure of their data, Shopify notifies us. Because we do not store customer personal data, we respond confirming no data requires deletion.
• Shop data erasure: when a merchant uninstalls the app and Shopify requests data erasure, we delete all merchant account data, uploaded files, import history, and configuration within the retention periods specified in Section 10.

If you believe your personal information has been mishandled, you have the right to lodge a complaint:

• Contact us at support@importier.app with a description of your concern
• We will acknowledge your complaint within 7 days
• We will investigate and respond with a resolution within 30 days
• If you are not satisfied with our response, you may escalate your complaint to the relevant authority:

Australia: Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au or by calling 1300 363 992.

EEA/UK: your local Data Protection Authority.

United States: the relevant state attorney general or the Federal Trade Commission.

We may update this privacy policy from time to time to reflect changes in our data practices, legal requirements, or the features of our app. When we make material changes, we will update the date at the top of this page and notify you via email or a notice within the app at least 14 days before the changes take effect. We encourage you to review this policy periodically.