Privacy Policy
Last updated: June 2, 2026
This Privacy Policy describes how Complyify ("we", "us", or "our") collects, uses, and protects information when you install and use the Complyify Shopify app.
1. What We Collect
When you install Complyify, we collect the minimum data needed to operate the service:
| Data | Why we collect it |
|---|---|
| Shopify store domain | Identifies your store and routes scan results to the correct account |
| Shopify access token | Allows Complyify to read your theme files and register the accessibility widget |
| Store owner email address | Sends scan completion alerts and compliance notifications (opt-out in Settings) |
| Public page URLs from your sitemap | The pages we scan for accessibility violations |
| Scan results (page URLs, rule IDs, HTML selectors, violation counts) | Displayed in your dashboard and included in compliance reports |
| Product images (Pro & Enterprise only) | Sent to our AI provider to generate descriptive alt text, on request only |
We do not collect personal data about your store's customers. Complyify scans publicly accessible pages only. No customer names, emails, purchase history, or payment data are ever accessed or stored.
2. How We Use Your Data
- Run accessibility scans on your store's public pages
- Display scan results, compliance scores, and issue details in your dashboard
- Generate PDF compliance reports and accessibility statement pages
- Send email alerts when scans complete or critical issues are found (if enabled)
- Apply and manage the storefront accessibility widget via Shopify ScriptTag
- Apply theme-level accessibility patches via the Shopify Asset API (if requested)
We do not sell your data. We do not use your data for advertising.
3. Third-Party Services
| Service | Purpose | Data shared |
|---|---|---|
| Shopify | App platform, billing, OAuth | Store domain, access token (via Shopify's OAuth flow) |
| Railway | Cloud hosting and infrastructure | All app data processed on Railway servers (US region) |
| Anthropic | AI alt text generation (Pro/Enterprise) | Product images and titles — only when you request AI alt text |
| MailerSend | Transactional email alerts | Your store owner email and scan summary |
4. Data Retention
We retain your data for as long as your Complyify account is active. When you uninstall the app:
- Your Shopify access token is invalidated immediately by Shopify
- Your scan results, issues, and compliance reports are deleted within 30 days
- Theme patches applied to your store remain in place — Complyify does not reverse them automatically. You can revert them from the Theme Patches screen before uninstalling.
5. Your Rights
If you are in the European Economic Area, UK, or California, you have the right to access, delete, correct, or receive a portable copy of your data. Email privacy@complyify.fyi and we will respond within 30 days.
Complyify complies with Shopify's GDPR mandatory webhook requirements. When Shopify sends a customers/data_request, customers/redact, or shop/redact webhook, we process it immediately. Because we do not store customer PII, customer data requests result in a confirmation that no customer data is held.
6. Security
Shopify access tokens are stored encrypted at rest. All data is transmitted over HTTPS. We do not log access tokens in application logs. Our infrastructure (Railway) operates under SOC 2 Type II standards.
7. Children's Privacy
Complyify is a business tool for Shopify merchants. We do not knowingly collect data from anyone under 13.
8. Changes to This Policy
If we make material changes, we will notify you via the email address on your Shopify account. Continued use of Complyify after changes are posted constitutes acceptance of the updated policy.