FeaturesPricing
Install on Shopify
Privacy Policy

Privacy Policy

Application: MaginaliEffective date: February 24, 2026Last update: February 24, 2026

This policy explains how Maginali collects, uses, stores and protects data when a merchant installs and uses the Shopify application.

This application is intended for Shopify merchants. Customer data processed through Shopify remains under the merchant's control, who is responsible for their legal basis and information obligations toward their end customers.

1. Data controller

Application publisher: Chris Smith

Privacy contact: chrisx974@gmail.com

2. Data collected

Depending on the Shopify permissions granted, the application may process:

  • Shop information: shop name, Shopify domain, timezone, currency.
  • Technical information: Shopify identifiers, access tokens, technical logs, API events.
  • Product data: images, titles, descriptions, variants — used for visual generation.
  • Project data: visual compositions created by the merchant in the editor.
  • Shopify billing data (subscription, usage lines).

3. Processing purposes

  • Provide product visual creation and automation features.
  • Enable AI-assisted image generation.
  • Calculate costs and produce performance indicators.
  • Ensure security, abuse prevention and technical support.
  • Execute billing through Shopify Billing API.

4. Legal basis

Processing is based on contract performance (service provision) and legitimate interest (security, service improvement). For AI features, merchant consent is obtained upon activation.

5. Data sharing and sub-processors

Data may be processed by the following services, strictly for service delivery:

  • Shopify: e-commerce platform and Admin APIs.
  • Supabase: database, backend functions, operational storage.
  • Vercel: frontend hosting.
  • Third-party AI services: image generation and processing (via secure APIs).

We do not sell personal data and do not share it for third-party advertising purposes.

6. Data retention

  • Operational data: retained for the duration necessary for service and traceability.
  • Technical logs: limited retention based on security and support needs.
  • After uninstallation: shop data may be deactivated/deleted in accordance with our internal procedures.

7. Security

We implement reasonable technical and organizational measures: access controls, logical shop segregation, Shopify token verification, critical operation logging and HTTPS channels.

8. Data subject rights

End customers should exercise their rights (access, rectification, deletion, objection) primarily with the relevant Shopify merchant. The merchant may then contact us for technical assistance.

9. International transfers

Depending on the region of Shopify's and our sub-processors' infrastructure, some data may be processed outside the merchant's country. Appropriate safeguards are applied when required by law.

10. Children's privacy

The application is not intended for minors and does not intentionally target the collection of children's data.

11. Changes

This policy may be updated. The last update date at the top of the page prevails.

12. Contact

For any privacy or data-related request: chrisx974@gmail.com