Privacy Policy
Last Updated: 18 February 2026
Effective Date: 1 February 2026
This Privacy Policy describes how Proofly ("we," "us," or "our"), developed and operated by JP Antsjoha / AlphaHive, collects, uses, and protects information when you install and use the Proofly application on the Shopify platform.
By installing or using Proofly, you agree to the practices described in this Privacy Policy. If you do not agree, please uninstall the application.
1. What Data We Collect
Proofly is a Store Readiness Intelligence System. We collect only the data necessary to perform catalog quality audits and generate improvement recommendations for your Shopify store.
1.1 Store and Product Catalog Data
When you install Proofly, we access and store the following data from your Shopify store via the Shopify Admin GraphQL API:
- Store information: Your Shopify shop domain, plan type, timezone, currency, country, and store configuration details
- Product catalog data: Product titles, descriptions, body HTML, vendor, product type, tags, status (active/draft/archived), and SEO metadata (meta title, meta description)
- Product media: Image URLs and existing ALT text for product images
- Product variants: SKU, barcode (GTIN), price, inventory quantities, and variant-level attributes
- Metafields: Existing product metafields relevant to catalog quality and Agent Readiness validation
- Product collections: Collection membership for catalog structure analysis
- Store policies: Refund policy, shipping policy, and privacy policy content (for quality assessment)
1.2 Account and Usage Data
- Shopify session tokens: Used to authenticate API requests. These are Shopify-issued tokens and are not used beyond authentication.
- Subscription and billing status: Your current Proofly plan tier (Starter, Growth, or Scale), as reported by Shopify Billing API
- Audit activity: Records of audits run, findings generated, fix operations applied, and rollback events. This constitutes your operational history within Proofly.
- Application settings: Your configured preferences, notification settings, and developer settings within the app
1.3 What We Do Not Collect
We are explicit about what we do not collect:
- No customer PII: We do not access, collect, or store any customer personal data from your store (customer names, emails, addresses, order history, or payment information)
- No sensitive personal information: We do not collect social security numbers, financial account details, or health-related data
- No browsing history: We do not track your activity outside of the Proofly application
- No marketing data: We do not access your customer email lists, marketing segments, or customer behavioural data
2. How We Use Your Data
2.1 Core Service Delivery
- Catalog quality analysis: Analysing product titles, descriptions, images, and metafields to identify quality issues including missing ALT text, thin descriptions, SEO gaps, and Agent Readiness blockers
- AI-powered recommendations: Generating suggested improvements to product content using Google Vertex AI (Gemini). Product content is submitted to the Gemini API to generate correction suggestions.
- Fix application and rollback: Applying approved content corrections to your Shopify product catalogue via the Shopify Admin API, and maintaining a full change history to support rollback operations
- Audit history and proof ledger: Maintaining an auditable record of all changes made by Proofly so you can review, verify, and reverse any modification
2.2 Service Operations
- Authentication and authorisation: Verifying your identity and Shopify store ownership to protect your data
- Subscription management: Enforcing your plan tier entitlements (product limits, feature access) based on your active Shopify billing subscription
- Performance and reliability: Monitoring application health, processing audit jobs, and ensuring background tasks complete successfully
2.3 Service Improvement
We may use anonymised, aggregated metrics (such as average audit scores or common issue categories across stores) to improve Proofly's detection algorithms. This data cannot be traced back to any individual store or merchant.
We do not use your data for advertising, profiling, or any purpose unrelated to delivering the Proofly service to you.
3. Data Storage and Security
3.1 Storage Infrastructure
Your data is stored in a PostgreSQL database hosted on Google Cloud SQL, located in the us-central1 (Iowa, United States) region. This infrastructure is operated by Google Cloud Platform.
Google Cloud maintains comprehensive compliance certifications including SOC 1/2/3, ISO 27001, ISO 27017, ISO 27018, and PCI DSS. For details, see Google Cloud Compliance.
3.2 Security Measures
- Encryption in transit: All data transmitted between your browser, the Proofly application, Shopify's API, and Google Cloud is encrypted using TLS (Transport Layer Security)
- Encryption at rest: All data stored in our PostgreSQL database is encrypted at rest using AES-256 encryption via Google Cloud SQL
- Access controls: Database access is restricted to Proofly application services only, using least-privilege service accounts. No direct public access to the database is permitted.
- Multi-tenant isolation: Each Shopify store's data is logically isolated by a unique tenant identifier. No store can access another store's data.
- Authentication: We use Shopify OAuth 2.0 for secure authentication — we never store your Shopify password
- Network security: Services run in isolated VPC networks with firewall rules
- Keyless authentication: Our infrastructure uses GitHub OIDC for deployment — we do not store static API keys for infrastructure operations
- Monitoring: Automated security monitoring and logging for anomaly detection
4. Third-Party Services (Subprocessors)
Proofly relies on the following third-party infrastructure providers to deliver the service:
| Subprocessor |
Purpose |
Data Processed |
Location |
| Google Cloud Platform |
Hosting, Database, Background Jobs |
All service data |
USA (us-central1) |
| Google Vertex AI (Gemini) |
AI content analysis & generation |
Product text only (no PII) |
USA |
| Shopify |
Platform, billing, OAuth |
OAuth tokens, store data |
Canada / Global |
| Firebase (Google) |
Website hosting |
Static web content only |
Global CDN |
Each subprocessor is bound by data processing agreements. We do not sell your data to any third party. We do not share your data with advertising networks, data brokers, or analytics platforms beyond the subprocessors listed above.
4.1 Google Vertex AI (Gemini)
Product content data (titles, descriptions, and relevant metadata) is transmitted to Google Vertex AI's Gemini API to generate quality improvement suggestions. This data is processed in accordance with Google Cloud's Data Processing and Security Terms. Google does not use this data to train its general AI models under our enterprise agreement.
4.2 No Advertising or Analytics Third Parties
We do not integrate with Google Analytics, Facebook Pixel, or any third-party advertising or behavioural analytics services. We do not place tracking cookies on your browser beyond the session tokens required for Shopify App authentication.
5. Cookies and Tracking
Proofly uses only the cookies and session tokens required for Shopify embedded app authentication:
- Shopify session tokens: Short-lived tokens issued by Shopify's OAuth system to authenticate your session within the embedded app. These are required for the app to function and cannot be disabled.
We do NOT use:
- Persistent tracking cookies
- Advertising or marketing cookies
- Cross-site tracking technologies
6. Data Retention
6.1 Active Subscription
While your Proofly subscription is active, we retain:
- Your store configuration and tenant record
- Audit history and findings
- Fix run history and change ledger (for rollback capability)
- Product snapshots associated with fix operations
Product catalogue change history is subject to tier-based retention limits:
- Growth plan: 30 days of change history
- Scale plan: 90 days of change history
6.2 App Uninstallation and Data Deletion
When you uninstall Proofly, Shopify sends a shop/redact webhook to our servers. Upon receiving this webhook, we initiate a cascading deletion of all data associated with your store. This deletion is permanent and irreversible.
6.3 Shopify Compliance Webhooks
Proofly implements all three mandatory Shopify compliance webhooks:
- customers/data_request: We respond to customer data requests. As we do not collect customer PII, we confirm that no customer personal data is held.
- customers/redact: We process customer data erasure requests. As we do not store customer data, this is a confirmation response.
- shop/redact: We permanently delete all store data as described above.
7. International Data Transfers
Proofly is operated from the United Kingdom. Your data is stored and processed in the United States (Google Cloud us-central1 region). By using Proofly, you consent to the transfer of your store's data to the United States.
For merchants in the European Economic Area (EEA) or United Kingdom:
- Data transfers to the United States are made pursuant to Standard Contractual Clauses (SCCs) approved by the European Commission
- Google Cloud has implemented additional safeguards for international data transfers
8. Your Rights
8.1 General Rights (All Merchants)
You have the right to:
- Access: Request a copy of the data Proofly holds about your store
- Correction: Request correction of inaccurate data
- Deletion: Request deletion of your store's data at any time. Uninstalling the app triggers automatic deletion.
- Portability: Request your data in a machine-readable format
- Objection: Object to specific processing activities
8.2 GDPR Rights (EEA/UK Residents)
Under the General Data Protection Regulation (GDPR), you additionally have:
- Right to Restriction: Request restriction of processing in certain circumstances
- Right to Withdraw Consent: Where processing is based on consent
- Right to Complain: Lodge a complaint with your local data protection authority
Proofly's legal basis for processing your store's product catalogue data is contract performance — we process this data to deliver the service you have subscribed to.
8.3 CCPA Rights (California Residents)
Under the California Consumer Privacy Act (CCPA), California residents have:
- Right to Know: What personal information is collected and how it is used
- Right to Delete: Request deletion of personal information
- Right to Opt-Out: Opt out of the "sale" of personal information — Note: Proofly does not sell personal information
- Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights
To exercise any of your rights, contact us at support@alphahive.io. We will respond within 45 days for CCPA requests.
9. Data Breach Notification
In the unlikely event of a data breach affecting your information:
- We will notify affected users within 72 hours of becoming aware of the breach
- We will notify relevant supervisory authorities as required by law
- We will provide details of the breach, affected data, and remediation steps
10. Children's Privacy
Proofly is a business application designed for Shopify merchants and is not directed at individuals under the age of 13 (or 16 in the EEA). We do not knowingly collect data from minors. If you believe a minor has provided us with information, please contact us at support@alphahive.io and we will take steps to delete it.
11. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes:
- We will update the "Last Updated" date at the top of this page
- We will provide notice via the Proofly application or email for significant changes
- Continued use of Proofly after changes constitutes acceptance of the updated policy
12. Contact Us
Proofly (AlphaHive / JP Antsjoha)
For privacy-related questions, data requests, or concerns:
We will respond to privacy-related requests within 30 days (GDPR) or 45 days (CCPA).
← Back to Home