Blendo AI Labels

Privacy Policy

Last updated: 7 July 2026

Blendo AI Labels (“the App”, “we”, “us”, “our”) is a Shopify app operated by Nikolas Charalambous that generates deterministic product labels and badges for Shopify stores. This policy explains what data the App accesses, why, how long it is kept, and how to request deletion. It supplements, and does not replace, the Shopify Privacy Policy and the merchant store’s own privacy policy.

1. Data we access and why

We request only the minimum Shopify scopes needed to operate: read_products, read_inventory, read_orders, read_customer_events, write_app_proxy, write_pixels. We do not request access to customer profiles (read_customers) or full order history (read_all_orders).

a) Shop and account data. Store domain, plan, setup and app-embed timestamps, Web Pixel activation status, and the Shopify session (which may include your staff account name, email, user ID, locale, and an access token). Used to authenticate you and operate the embedded app. Kept while installed; deleted on uninstall or shop/redact.

b) Product, inventory, and order-line data. Product/variant identifiers, handles, inventory signals, and order line-item product/variant IDs and quantities. Used to evaluate deterministic label rules (Sale, Low stock, Sold out, New arrival, and Best seller — top products by quantity over the last 60 days). Order data is aggregated to product-level metrics; we do not collect customer names, emails, phone numbers, addresses, or geolocation.

c) Label, design, and rule configuration. Merchant-created label text, type, status, priority, validated design JSON, rule JSON, and product assignments. Kept until you delete the label or uninstall.

d) AI scan jobs and brand summaries. When you run a store scan, our crawler visits a small number of your own public storefront pages to extract a compact brand-signal summary (e.g. colors, typography). Screenshots are not retained. Scan jobs and brand summaries are eligible for deletion after 90 days.

e) Storefront analytics events. Anonymous events via Shopify Web Pixel and our app proxy: label render, impression, click, app-embed, product view, add-to-cart, checkout started/completed — with product/variant IDs, quantity, and currency. No buyer identity, contact, or payment data. Eligible for deletion after 395 days.

f) Admin performance metrics. Shop-scoped LCP, CLS, INP web-vitals and an optional country code from App Bridge, to keep the admin app fast. Eligible for deletion after 90 days.

g) Contact and support submissions. Store domain, an optional contact email you provide, category, subject, and message, so we can respond. Open submissions retained for follow-up; closed submissions eligible for deletion after 548 days.

h) Compliance webhook receipts. Non-PII hashes, counts, and action summaries recording receipt of Shopify’s mandatory compliance webhooks.

2. How AI is used

The App uses the OpenAI API only to generate validated badge design tokens (colors, scale, spacing) from the brand summary produced by scanning your own storefront. We do not send Shopify customer or order data to OpenAI, and requests are sent with retention disabled (store: false) so OpenAI does not store them. AI output is schema-validated, clamped, contrast-corrected, and shown to you for approval before publishing. AI never generates storefront scripts, arbitrary code, SVG, or product-assignment decisions.

3. What we do not do

We do not sell data; do not collect buyer personal or payment information; do not modify theme files via the Asset API; and do not display third-party attribution or run tracking on your storefront beyond the anonymous badge events above.

4. Third-party service providers

5. Data retention and deletion

Retention windows: analytics events 395 days; scan jobs and brand summaries 90 days; admin performance metrics 90 days; closed contact submissions 548 days. When you uninstall the App or Shopify sends shop/redact, we delete your store’s sessions and all shop-scoped data. On customers/redact, we scrub any customer-like fields from analytics payloads. On customers/data_request, we record a receipt confirming the App stores no direct customer profile data.

6. Security

Data is transmitted over encrypted connections. We verify Shopify app-proxy and webhook signatures, and we do not log access tokens, secrets, or customer data.

7. Your rights

Subject to GDPR, CCPA, and other applicable laws, you may request access, correction, or deletion of personal data we hold. Merchants can trigger deletion by uninstalling the App. For other requests, contact us below.

8. Changes & contact

We may update this policy; material changes update the “Last updated” date. Contact: Nikolas Charalambous, nik.developer@protonmail.com.

← Back to Blendo AI Labels