Privacy Policy — Omnicon for Shopify

Last updated: May 10, 2026

This policy explains how Omnicon Cloud ("we", "us") handles data when a Shopify merchant installs the Omnicon for Shopify app from the Shopify App Store. For the broader Omnicon Cloud privacy policy covering use of omnicon.cloud directly, see our main privacy policy.

1. What we store

When you install the app on a Shopify shop, we record:

• Shop identity — your myshopify.com domain.
• API credentials — the offline access token Shopify issues us, encrypted at rest with ASP.NET Core Data Protection. The token is rotated whenever your store re-authenticates via App Bridge.
• Granted scopes — the OAuth scopes you approved (read_products, read_content, write_content, read_themes).
• Install lifecycle — install/uninstall timestamps and an active/inactive flag.
• Channel mappings — which Omnicon Channel maps to which Shopify blog.
• Article sync state — for each article we publish, the Shopify article ID we created, last-pushed timestamp, sync status, and any last error.
• Scheduled publishes — articles you've queued to publish at a future time, plus attempt/retry history.
• Billing history — Shopify subscription charges (plan, amount, status), mirrored from Shopify's billing API for tier enforcement.
• Linked Omnicon account — the Omnicon Cloud user record the shop is bound to (one shop ↔ one Omnicon account).

2. What we don't store

We do not collect, store, or process any data about your store's end customers. The app's granted scopes do not include read_customers, read_orders, or any other customer-PII surface. Shopify's mandatory customers/data_request and customers/redact webhooks are wired and logged for compliance, but their payloads contain no data we ever persist.

3. How we use the data

• The encrypted access token authenticates calls we make to your shop's Admin GraphQL API on your behalf — exclusively to fetch products, collections, and blogs that you reference, and to create/update articles in blogs you've mapped.
• Article content you draft in Omnicon (including AI-generated content) is sent to Shopify via Admin GraphQL when you publish.
• AI text generation runs through OpenAI's API. The content you generate is sent to OpenAI under our API key; OpenAI's data-retention policy applies (see openai.com/policies). We do not include shop-identifying data in those prompts.

4. Retention and deletion

• When you uninstall the app from Shopify admin, Shopify fires our app/uninstalled webhook. We immediately mark your shop inactive and wipe the encrypted access token.
• Up to 48 hours later, Shopify fires shop/redact. On receipt we hard-delete the shop row plus all child rows (channel mappings, article syncs, scheduled publishes, billing records).
• You may request earlier deletion at any time by emailing the address in §8.

5. Security

• The Shopify offline access token is encrypted at rest with ASP.NET Core Data Protection (AES-256 GCM). Encryption keys are stored in a private Azure Blob Storage container, separate from application code.
• All data is hosted on Microsoft Azure (East US region by default).
• All requests between your browser, our servers, and Shopify use HTTPS.
• Webhooks from Shopify are HMAC-verified against our app's client secret on every request.
• Session tokens from Shopify's App Bridge are validated server-side on every embedded admin request.

6. Third-party services

• Shopify — the source of truth for products, blogs, and billing. We use Shopify's Admin GraphQL API and Shopify Billing API.
• OpenAI — AI text generation. Subject to OpenAI's privacy policy.
• Microsoft Azure — hosting, SQL Server (relational data), Azure Table Storage (article bodies), Azure Blob Storage (media + encryption keys).

7. Your rights

You can request a copy of the shop-level data we hold, request earlier deletion than the 48h Shopify-driven window, or request a correction of any inaccurate record by emailing the address below. We'll respond within 30 days.

8. Contact

Privacy questions, data requests, or anything else: support@omnicon.cloud.

9. Changes to this policy

If we change this policy in a way that materially affects what we collect or how we use it, we'll update the "last updated" date at the top and post a notice in the embedded admin's dashboard.