Privacy Policy
Last updated: June 22, 2026
IronWeb Manager ("the App", "we", "us") is operated by IronWeb. This Privacy Policy explains how we collect, use, store, and protect information when you install and use the App on your Shopify store.
1. Information We Collect
1.1 Store Information
When you install the App, we collect and store:
- Your Shopify store domain (e.g., yourstore.myshopify.com)
- An OAuth access token issued by Shopify to communicate with your store on your behalf
- Your selected permission scopes
1.2 Store Data Accessed
During normal operation the App may read and write:
- Products, collections, and inventory
- Orders and draft orders
- Customer lists (name, email, order count — never passwords or payment details)
- Pages, blog articles, and navigation menus
- Theme settings and template files
- Discount codes and metafields
- Uploaded files and media
1.3 Chat Messages
Messages you send to the AI assistant are transmitted to our AI providers (Anthropic and/or OpenAI) for processing. These messages may include task instructions and store catalog data, but never customer payment information.
1.4 Information We Do NOT Collect
- Credit card or payment information
- Customer passwords
- Personal browsing history
- Information from other apps on your store
2. How We Use Your Information
- Execute tasks — carry out actions you request through the chat interface
- Authenticate — verify your identity and maintain your session
- Store analysis — generate reports and recommendations about your store
- Improve the service — diagnose errors and improve reliability
3. Third-Party Services
| Provider | Purpose | Data Sent |
|---|---|---|
| Anthropic | Primary AI processing | Chat messages, store catalog data |
| OpenAI | Fallback AI processing | Chat messages, store catalog data |
| Vercel | Hosting and infrastructure | Application data |
| Neon | Database | Store credentials, chat metadata |
We do not sell, rent, or trade your data to any third party for marketing or advertising purposes.
4. Data Retention
- While installed: Store credentials and session data are retained for the App to function.
- After uninstall: All stored data is automatically deleted when you uninstall the App.
- Chat messages: Not stored persistently. Messages are processed in real-time and discarded.
- AI provider logs: Subject to each provider's own retention policies. Anthropic and OpenAI do not use API data for training by default.
5. Data Security
We implement the following security measures:
- All data transmitted over HTTPS/TLS encryption
- Access tokens stored in an encrypted database
- Webhook payloads verified with HMAC-SHA256 signatures
- Session tokens validated on every API request
6. GDPR and Your Rights
If you are in the European Economic Area (EEA), you have the right to:
- Access — request a copy of the data we hold about your store
- Rectification — request correction of inaccurate data
- Erasure — request deletion of your data (or simply uninstall the App)
- Portability — request your data in a machine-readable format
- Object — object to data processing
We comply with Shopify's mandatory GDPR webhooks: customers/data_request, customers/redact, and shop/redact.
7. CCPA (California)
If you are a California resident, you have the right to know what personal information we collect and to request its deletion. We do not sell personal information. To exercise your rights, contact us at the email below.
8. Children's Privacy
The App is not directed at individuals under the age of 16. We do not knowingly collect personal information from children.
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by updating the "Last updated" date. Continued use of the App after changes constitutes acceptance.
10. Contact Us
For privacy-related inquiries, data requests, or complaints:
- Email: asifdan1000@gmail.com
- Company: IronWeb
See also: Terms of Service · Data Processing Agreement · Acceptable Use Policy · Refund Policy