InkForge InkForge

Last updated:

Privacy Policy

Last updated: 22 April 2026

This Privacy Policy describes how Codesio Software Services FZCO (“InkForge”, “we”, “us”) collects, uses, stores, and shares information when you install or use the InkForge Shopify application (the “App”) or visit our website at getinkforge.com (the “Site”).

If you do not agree with this Policy, please do not install or use the App.

1. Who we are

InkForge is operated by Codesio Software Services FZCO, a free zone company registered in the International Free Zone Authority (IFZA), Dubai, United Arab Emirates.

For any privacy-related questions, contact: support@getinkforge.com

2. Scope and our role

This Policy applies to:

  • Shopify merchants (“you”, “merchants”) who install the App on their Shopify store
  • Visitors to the Site
  • Anyone who contacts us for support

The App does not collect information from end shoppers visiting merchants’ storefronts. We do not install tracking pixels, cookies, or scripts on merchant storefronts.

2.1 Our role under GDPR / UK GDPR / UAE PDPL

  • For product catalog data, brand voice settings, and generation data that we process on behalf of your store, we act as a data processor (or “processor” under UAE PDPL) and you are the data controller.
  • For shop owner account data (shop owner name, email, billing metadata), support communications, and Site usage, we act as a data controller.

Where we act as a processor, we process data only on your documented instructions as reflected in this Policy, our Terms of Service, the App’s configuration, and any Data Processing Addendum (DPA) executed between us.

3. Information we collect

3.1 Information you provide when installing the App

When you install the App through Shopify, we receive the following from Shopify’s OAuth flow:

  • Your Shopify shop domain (e.g., your-store.myshopify.com)
  • Shop owner name and email address
  • OAuth access token (encrypted at rest)
  • Shop metadata (timezone, currency, plan name, locale)
  • The Shopify API scopes you granted

3.2 Product and store data we access

To generate product descriptions, SEO metadata, and image alt text, the App reads the following from your Shopify store via Shopify’s GraphQL Admin API:

  • Product titles, descriptions, handles, types, tags, and vendor
  • Product variants, options, prices, and SKUs
  • Product images (URLs and existing alt text)
  • SEO fields (page title and meta description)
  • Collection names and product-collection relationships (for filtering and context)

We only read product catalog data. We do not request or access: customer personal data, order history, draft orders, payment information, or checkout data.

3.3 Data you configure inside the App

  • Brand voice settings (target audience description, tone, custom instructions, banned words)
  • Generation preferences (language, length, tone preset)
  • Records of each generation request, the draft output produced, any edits you made, and your final approved version (used for version history and one-click rollback)

3.4 Usage and billing data

  • Credits consumed per billing cycle
  • Subscription plan, activation and cancellation timestamps
  • Generation timestamps and error logs
  • Feature usage counters (for product improvement)

3.5 Support communications

If you email us for support, we receive your email address, message contents, and any attachments you send. We store these in our support inbox (Resend / email infrastructure) and internal notes.

3.6 Site analytics

The Site currently does not use third-party analytics or advertising trackers. If this changes, we will update this Policy and list any analytics provider in Section 5.

4. How we use your data

We use the information described in Section 3 to:

  • Authenticate your store and authorize access via Shopify
  • Generate product descriptions and related content you request
  • Maintain version history and allow rollback of changes
  • Track credit usage and enforce plan limits
  • Process subscription changes through the Shopify Billing API
  • Provide customer support
  • Monitor errors, diagnose bugs, and improve the App
  • Communicate service-related announcements (e.g., scheduled maintenance, billing issues)
  • Detect and prevent abuse, fraud, or violation of our Terms of Service
  • Comply with legal obligations

We do not use your data for advertising or sell it to third parties.

5. Subprocessors — third parties we share data with

We share the minimum necessary data with the following subprocessors to operate the App:

SubprocessorPurposePrimary processing regionData shared
Shopify Inc.Platform on which the App runs; OAuth, GraphQL, and Billing APIsGlobalAll data related to your Shopify store
Anthropic, PBCLarge language model provider (Claude API) that generates product descriptionsUnited StatesProduct titles, existing descriptions, brand voice settings, and generation instructions — for each generation you request
Railway Corp.Hosting provider (application server and PostgreSQL database)United States / EU (region-selectable)All data stored by the App
Resend Inc.Transactional and support email deliveryUnited StatesYour email address and support message contents
Cloudflare, Inc.DNS, CDN, and website hosting for the SiteGlobal edge networkStandard request logs for getinkforge.com
Sentry (Functional Software, Inc.)Application error monitoringUnited StatesError stack traces and limited request metadata (shop domain, timestamp). We do not include product content in error reports.

Important disclosure about AI processing

When you generate content, the App sends relevant product context and your brand voice settings to Anthropic via the Claude API.

Under Anthropic’s Commercial Terms of Service, Anthropic does not use inputs to or outputs from the Claude API to train its models. Anthropic retains Claude API inputs and outputs for up to 30 days for abuse-monitoring and safety purposes, after which they are deleted, in accordance with Anthropic’s API data-handling practices. We are not enrolled in Anthropic’s Development Partner Program or any other program that would provide your data for model training.

We do not send Anthropic any data beyond what is necessary for the specific generation request.

Shopify’s own data handling

Shopify is your merchant platform and processes its own data about your store under Shopify’s Privacy Policy. Nothing in our Policy overrides or modifies your relationship with Shopify.

6. How long we retain data

  • While the App is installed: We retain your data for as long as the App is installed on your store, plus any version history you have generated.
  • On uninstall: Shopify sends us a shop/redact webhook approximately 48 hours after you uninstall the App. We delete your shop data within 48 hours of receiving this webhook. This includes generation history, stored product data, brand voice settings, and access tokens. Billing records and anonymized usage metrics may be retained longer where required for accounting, tax, or legal reasons.
  • Support emails: Retained for up to 2 years after the last interaction, then deleted.
  • Error logs: Retained for up to 90 days.

You may also request earlier deletion at any time — see Section 9.

7. Security

We take reasonable technical and organizational measures to protect your data:

  • All data is transmitted over HTTPS/TLS
  • Shopify access tokens are encrypted at rest
  • Database access is restricted to authorized application processes
  • Hosting infrastructure (Railway) runs in SOC 2-compliant data centers
  • We log and monitor access to production systems

No method of electronic storage or transmission is 100% secure. While we work to protect your data, we cannot guarantee absolute security.

If we become aware of a security incident affecting your data, we will notify affected merchants without undue delay, and where feasible within 72 hours of confirmation, providing the information reasonably available at the time of notification.

8. International data transfers

InkForge is based in the United Arab Emirates. Our subprocessors listed in Section 5 are located in the United States and other jurisdictions. By using the App, you acknowledge that your data may be processed in countries outside your own, which may have different data protection laws.

Where applicable (e.g., for EU/UK merchants), we rely on the subprocessors’ own Standard Contractual Clauses (SCCs), UK International Data Transfer Addenda, and equivalent safeguards for cross-border transfers.

9. Your rights and data requests

Depending on where you or your customers are located, you may have rights under laws such as the EU General Data Protection Regulation (GDPR), the UK GDPR, the California Consumer Privacy Act (CCPA/CPRA), the UAE Personal Data Protection Law (PDPL), Brazil’s LGPD, or similar laws. These rights may include:

  • Access — Request a copy of the personal data we hold about you
  • Correction — Ask us to correct inaccurate data
  • Deletion — Ask us to delete your data (subject to legal retention obligations)
  • Restriction / objection — Ask us to limit how we use your data
  • Portability — Receive your data in a machine-readable format
  • Withdraw consent — Where processing is based on consent, you may withdraw it
  • Non-discrimination — We will not deny service or change pricing because you exercise your rights

To exercise any of these rights, email support@getinkforge.com from the email address associated with your Shopify store. We respond to verified requests within 30 days (or such shorter period as required by applicable law).

Verification

To protect your data, we may request additional information reasonably necessary to confirm your identity and your relationship to the Shopify store before fulfilling a request. For merchant requests, sending the request from the email address on file with your Shopify store is generally sufficient.

Shopify merchant and customer data requests

Every Shopify App Store app is required to subscribe to three mandatory compliance webhooks. We handle them as follows:

  • customers/data_request — If a customer of your store requests information they believe you hold about them, Shopify forwards the request to us. Because the App does not store end-customer personal data, we will respond with “no data held” in the vast majority of cases and will forward any applicable data to you directly.
  • customers/redact — Because the App does not store end-customer personal data, there is typically nothing for us to redact. We nevertheless subscribe to and respond to this webhook within the time limits required by Shopify.
  • shop/redact — Triggered approximately 48 hours after you uninstall the App. We delete your shop data within 48 hours of receiving this webhook, as described in Section 6.

Data Processing Addendum (DPA)

Merchants subject to the EU GDPR, UK GDPR, or similar regimes requiring a written data-processing agreement may request a Data Processing Addendum by emailing support@getinkforge.com. We will execute our standard DPA, which incorporates the current EU Standard Contractual Clauses (and UK International Data Transfer Addendum where relevant) for any cross-border transfers, within a reasonable time.

Supervisory authority

Where applicable, you also have the right to lodge a complaint with a supervisory authority in your country of residence.

10. Children’s privacy

The App is a B2B tool for Shopify merchants and is not directed at individuals under 18. We do not knowingly collect personal data from children.

11. Changes to this Policy

We may update this Policy from time to time. When we do, we will:

  • Update the “Last updated” date at the top
  • For material changes, notify installed merchants by email at least 14 days before the changes take effect
  • For non-material changes (clarifications, typo fixes, updated subprocessor addresses, formatting), the updated “Last updated” date is sufficient notice

Continued use of the App after a change takes effect constitutes acceptance of the updated Policy.

12. Contact

For any questions, concerns, or requests regarding this Policy or your data:

Codesio Software Services FZCO IFZA, Dubai, United Arab Emirates Email: support@getinkforge.com Website: getinkforge.com