1. Introduction
CEO PRO ("we", "our", "us") is an AI-powered business management platform that helps e-commerce merchants manage their digital advertising, analytics, and business operations. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our application, including our Shopify App and web dashboard at ceoclaw.io.
2. Information We Collect
2.1 Account Information
When you install our Shopify App or register on our platform, we collect:
- Store name and Shopify domain
- Store email address
- Store currency and timezone settings
- Shopify plan information
2.2 Store Data (Accessed via Shopify API)
With your permission, we access the following data through Shopify's API to provide our services. This data is accessed in real-time and is not permanently stored in our databases:
- Order data (order totals, dates, status — for analytics and reporting)
- Product data (titles, prices, inventory levels — for performance analysis)
- Customer counts (aggregate only — we do NOT store individual customer records)
- Analytics data (sales, sessions, traffic — via ShopifyQL for reporting)
- Discount and fulfillment data (for business intelligence)
2.3 AI Conversation Data
When you interact with our AI assistant, we store conversation summaries and memory notes to provide continuity and context-aware responses. These are tied to your business account and are deleted when you uninstall the app.
2.4 Usage Data
We log AI usage metrics (token counts, model used, cost) for billing and service improvement purposes. These logs do not contain the content of your conversations.
3. What We Do NOT Collect or Store
- Individual customer PII: We do not store your customers' names, email addresses, phone numbers, shipping addresses, or payment information.
- Payment card data: All billing is handled by Shopify Billing API. We never see or store credit card information.
- Passwords: Shopify merchants authenticate via Shopify OAuth. We do not store Shopify passwords.
4. How We Use Your Information
- To provide AI-powered analytics, reporting, and business intelligence
- To manage your advertising campaigns across platforms (Google Ads, Meta Ads, etc.)
- To deliver automated reports and alerts via email, Telegram, or Slack
- To process and manage your subscription
- To improve our AI models and service quality
- To comply with legal obligations
5. Data Sharing
We do not sell, rent, or trade your personal information. We may share data with:
- AI Service Providers: We use Anthropic (Claude) and Alibaba Cloud (Qwen) for AI processing. Conversation data is sent to these providers for generating responses and is subject to their privacy policies.
- Infrastructure Providers: We use Railway for hosting and PostgreSQL for data storage. Data is encrypted in transit and at rest.
- Third-Party Integrations: When you connect Google Ads, Meta Ads, or other platforms, data flows between those services as needed for the features you use.
6. Data Security
We implement industry-standard security measures including:
- AES-256-GCM encryption for stored credentials (API keys, access tokens)
- HTTPS/TLS encryption for all data in transit
- JWT-based authentication with expiring tokens
- Internal API key protection for service-to-service communication
- Role-based access control
7. Data Retention & Deletion
Active accounts: We retain your data for as long as your account is active and the app is installed on your Shopify store.
App uninstall: When you uninstall the CEO PRO app from Shopify, your subscription is immediately cancelled.
GDPR shop redact: 48 hours after uninstall, Shopify sends us a shop data deletion request. We permanently delete all data associated with your shop, including: user account, business profile, integrations, AI skills, memory notes, conversation summaries, usage logs, scheduled tasks, and all related records.
Customer data requests: Since we do not store individual customer PII, customer data requests and redaction requests are acknowledged but require no data deletion on our end.
8. Your Rights
You have the right to:
- Access the data we hold about you
- Request correction of inaccurate data
- Request deletion of your data (by uninstalling the app or contacting us)
- Withdraw consent for data processing
- Data portability
9. Shopify API Scopes
Our app requests the following Shopify API scopes, each for a specific purpose:
- read_products: To analyze product performance and inventory
- read_orders: To generate sales reports and revenue analytics
- read_analytics: To access ShopifyQL analytics (same data as Shopify admin dashboard)
- read_customers: To provide aggregate customer counts and segments (no PII stored)
- read_inventory: To monitor stock levels and alert on low inventory
- read_discounts: To analyze discount performance
- read_fulfillments: To track shipping and fulfillment metrics
- read_returns: To analyze return rates and patterns
- read_reports: To access Shopify's built-in report data
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by updating the "Last updated" date at the top of this page. Continued use of the service after changes constitutes acceptance of the updated policy.
11. Contact Us
If you have questions about this Privacy Policy or your data, contact us at: