Blendo AI Labels
Privacy Policy
Last updated: 7 July 2026
Blendo AI Labels (“the App”, “we”, “us”, “our”) is a Shopify app operated by Nikolas Charalambous that generates deterministic product labels and badges for Shopify stores. This policy explains what data the App accesses, why, how long it is kept, and how to request deletion. It supplements, and does not replace, the Shopify Privacy Policy and the merchant store’s own privacy policy.
1. Data we access and why
We request only the minimum Shopify scopes needed to operate:
read_products, read_inventory,
read_orders, read_customer_events,
write_app_proxy, write_pixels. We do
not request access to customer profiles
(read_customers) or full order history
(read_all_orders).
a) Shop and account data. Store domain, plan, setup and app-embed
timestamps, Web Pixel activation status, and the Shopify session (which
may include your staff account name, email, user ID, locale, and an
access token). Used to authenticate you and operate the embedded app.
Kept while installed; deleted on uninstall or
shop/redact.
b) Product, inventory, and order-line data. Product/variant identifiers, handles, inventory signals, and order line-item product/variant IDs and quantities. Used to evaluate deterministic label rules (Sale, Low stock, Sold out, New arrival, and Best seller — top products by quantity over the last 60 days). Order data is aggregated to product-level metrics; we do not collect customer names, emails, phone numbers, addresses, or geolocation.
c) Label, design, and rule configuration. Merchant-created label text, type, status, priority, validated design JSON, rule JSON, and product assignments. Kept until you delete the label or uninstall.
d) AI scan jobs and brand summaries. When you run a store scan, our crawler visits a small number of your own public storefront pages to extract a compact brand-signal summary (e.g. colors, typography). Screenshots are not retained. Scan jobs and brand summaries are eligible for deletion after 90 days.
e) Storefront analytics events. Anonymous events via Shopify Web Pixel and our app proxy: label render, impression, click, app-embed, product view, add-to-cart, checkout started/completed — with product/variant IDs, quantity, and currency. No buyer identity, contact, or payment data. Eligible for deletion after 395 days.
f) Admin performance metrics. Shop-scoped LCP, CLS, INP web-vitals and an optional country code from App Bridge, to keep the admin app fast. Eligible for deletion after 90 days.
g) Contact and support submissions. Store domain, an optional contact email you provide, category, subject, and message, so we can respond. Open submissions retained for follow-up; closed submissions eligible for deletion after 548 days.
h) Compliance webhook receipts. Non-PII hashes, counts, and action summaries recording receipt of Shopify’s mandatory compliance webhooks.
2. How AI is used
The App uses the OpenAI API only to generate validated
badge design tokens (colors, scale, spacing) from the
brand summary produced by scanning your own storefront. We do
not send Shopify customer or order data to OpenAI, and
requests are sent with retention disabled (store: false) so
OpenAI does not store them. AI output is schema-validated, clamped,
contrast-corrected, and shown to you for approval before publishing. AI
never generates storefront scripts, arbitrary code, SVG, or
product-assignment decisions.
3. What we do not do
We do not sell data; do not collect buyer personal or payment information; do not modify theme files via the Asset API; and do not display third-party attribution or run tracking on your storefront beyond the anonymous badge events above.
4. Third-party service providers
- Shopify — platform, authentication, billing, APIs.
- OpenAI — badge design-token generation from brand signals only (retention disabled; no customer/order data).
- Resend — sending transactional support/contact emails.
- Render — application and database hosting.
5. Data retention and deletion
Retention windows: analytics events 395 days; scan jobs and brand
summaries 90 days; admin performance metrics 90 days; closed contact
submissions 548 days. When you uninstall the App or
Shopify sends shop/redact, we delete your store’s sessions and all shop-scoped data. On
customers/redact, we scrub any customer-like fields from analytics payloads. On
customers/data_request, we record a receipt confirming the App stores no direct customer
profile data.
6. Security
Data is transmitted over encrypted connections. We verify Shopify app-proxy and webhook signatures, and we do not log access tokens, secrets, or customer data.
7. Your rights
Subject to GDPR, CCPA, and other applicable laws, you may request access, correction, or deletion of personal data we hold. Merchants can trigger deletion by uninstalling the App. For other requests, contact us below.
8. Changes & contact
We may update this policy; material changes update the “Last updated” date. Contact: Nikolas Charalambous, nik.developer@protonmail.com.
← Back to Blendo AI Labels