AIFlorist Customise & Edit
Back to Dashboard

Privacy Policy

We respect your privacy and handle data in accordance with Shopify's privacy requirements.

Who we are

AIFlorist Customise & Edit ("we", "our", "us") is an AI-powered product image editing and customisation application for Shopify merchants.

Contact: support@aiflorist.studio

What we collect and why

Merchant/store data

Shop domain, OAuth tokens, plan usage and billing status for subscription and usage billing.

App settings and preferences

Widget styles, rules, quotas, and customisation preferences.

Operational logs and metrics

Usage data to improve reliability and provide support.

Customer data (storefront)

Only when merchants enable features; limited to edited image metadata, prompts, and linkage necessary for cart/fee operations.

How data is processed

Purposes: Provide app features (AI customisation, rules/fees), billing, support, troubleshooting, security.

Retention: Kept only as long as necessary for the stated purposes or as legally required.

Storage: Cloudflare D1 (data), R2 (images), Workers (processing).

Your rights and requests (Shopify compliance)

We honour Shopify's mandatory compliance webhooks:

  • customers/data_request — provide customer data we store
  • customers/redact — delete customer data when requested
  • shop/redact — delete shop data after uninstall

We verify webhook HMAC and respond per Shopify guidance. Merchants can contact us at support@aiflorist.studio for additional privacy questions.

Reference: Shopify Privacy Law Compliance

Data sharing

We don't sell personal data.

Third-party processing (infrastructure): Cloudflare (Workers, R2, D1). AI provider(s) for edits as configured (e.g., Google Gemini). Data is limited to what's required to deliver features.

Security

Access tokens scoped and stored securely. Least privilege on APIs; webhook HMAC verification; CSRF protections; iframe embed CSP (frame-ancestors for Shopify Admin).

International transfers

Data may be processed globally via our infrastructure and providers; protections applied per provider terms and applicable laws.

AI Processing & Integrations

Transparency about our AI processing and third-party integrations.

Google Gemini Integration

We use Google Gemini AI to process product images only. No customer personal data is sent to AI processors by default.

Full Control & Opt-Out

Merchants can opt-out of AI processing via app settings. Data subject requests are honoured via Shopify compliance webhooks.

Changes

We may update this policy; effective date will be indicated. Contact support@aiflorist.studio with questions.

Last updated: 18 Sep 2025