Back to home

Legal

Privacy Policy

This policy explains how PopAEO collects, uses, stores, and protects information when merchants install and use the app through Shopify.

Last updated: June 5, 2026

This Privacy Policy explains how PopAEO ("the App", "we", "us", or "our") collects, uses, stores, and protects information when merchants install and use the App through Shopify. The App is operated by Beijing Shuangsi Digital Technology Co., Ltd. Our official website is www.popaeo.com and our official support email is support@popaeo.com.

PopAEO helps Shopify merchants assess and improve their AI search visibility by detecting llms.txt readiness, generating AI-readable store indexing signals, running AEO diagnostics, providing optimization recommendations, and supporting paid automation features.

Information We Collect

When a merchant installs or uses the App, we may collect and process the following categories of information.

Shopify Account and Store Information

  • Shop domain, such as example.myshopify.com.
  • Shopify app installation and session information.
  • OAuth access tokens required to authenticate with Shopify APIs.
  • Shopify user metadata made available through the installation session, such as user ID, name, email, locale, account owner status, collaborator status, and email verification status.
  • App permission scopes granted by the merchant.

Store Catalog and Operational Data

Depending on the features used and permissions granted, we may access limited store data through Shopify APIs, including:

  • Product titles, handles, product types, tags, descriptions, and pricing information.
  • Product update activity and content change indicators.
  • Inventory-related information used to estimate product freshness and synchronization status.
  • Store root llms.txt availability and llms.txt content required for backup, generation, or refresh workflows.

AEO, Analytics, and Optimization Data

We generate and store app-specific data to provide diagnostics and recommendations, including:

  • AEO audit scores and recommendation rates.
  • Benchmark and peer-comparison indicators.
  • Detected optimization gaps and completed checks.
  • Buyer intent patterns, keyword trends, hot topics, and platform attribution summaries.
  • Strategy settings selected by the merchant, such as automated sync, clearance strategy, high-margin strategy, FAQ/discount optimization, holiday campaign optimization, and cross-sell optimization.
  • Last audit and last synchronization timestamps.

Billing and Subscription Status

We use Shopify Billing to create and confirm subscriptions. We do not collect or store payment card details. Payment processing is handled by Shopify. We may store whether a merchant has an active paid subscription in order to unlock paid features.

How We Use Information

We use collected information to:

  • Authenticate merchants and securely operate the embedded Shopify app.
  • Detect whether a store has an llms.txt file configured.
  • Generate, publish, refresh, or back up llms.txt content.
  • Display AEO health scores, diagnostic status, optimization issues, and analytics dashboards.
  • Provide buyer intent insights and strategy recommendations.
  • Enable paid features after Shopify confirms an active subscription.
  • Run scheduled synchronization for eligible paid merchants.
  • Maintain app security, troubleshoot issues, and improve app reliability.
  • Comply with Shopify platform requirements and applicable legal obligations.

Shopify API Permissions

The App may request the following Shopify API scopes:

  • write_products
  • write_metaobjects
  • write_metaobject_definitions
  • write_files
  • write_online_store_navigation
  • read_inventory

These permissions are used only to provide the App's AEO audit, llms.txt generation, catalog indexing, file publishing, navigation, and inventory freshness features.

Sharing of Information

We do not sell merchant information or customer data.

We may share information only in the following limited situations:

  • With Shopify, as required to authenticate the App, access Shopify APIs, process billing, or comply with Shopify platform requirements.
  • With infrastructure and hosting providers, including Render and Neon, used to operate the App, database, scheduled jobs, and related services.
  • When required by law, regulation, legal process, or enforceable governmental request.
  • To protect the rights, property, security, or integrity of the App, merchants, Shopify, or others.

Data Storage and Security

We store application data with Neon in the US East region. We use reasonable administrative, technical, and organizational safeguards designed to protect information against unauthorized access, loss, misuse, or alteration.

OAuth access tokens and other sensitive credentials are used only for authorized Shopify API communication. Secrets should never be stored in public configuration files or source code.

No method of transmission or storage is completely secure, and we cannot guarantee absolute security. However, we take reasonable steps to protect the information needed to operate the App.

Data Retention

We retain merchant information for as long as needed to provide the App, maintain business records, comply with legal obligations, resolve disputes, and enforce agreements.

When a merchant uninstalls the App, we retain merchant information for 30 days and then delete or anonymize it, unless limited records must be retained for security, compliance, billing, audit, legal, or legitimate operational purposes. Shopify session data and merchant records may be removed or updated through the App's uninstall and data-management workflows.

Merchant Rights and Choices

Merchants may:

  • Uninstall the App from Shopify at any time.
  • Revoke App access through Shopify admin settings.
  • Request access to, correction of, or deletion of information associated with their store, subject to legal and operational requirements.
  • Contact us with questions about privacy, data use, or deletion requests.

Some features may stop working if required Shopify permissions are revoked.

Customer Personal Information

The App is designed for merchant-facing AEO and store optimization workflows. It does not require direct collection of shoppers' payment information. If Shopify APIs make customer-related information available through granted permissions in the future, we will use it only as necessary to provide the App's features and in accordance with Shopify requirements and applicable law.

International Data Transfers

Information may be processed and stored in countries where we or our service providers operate. These countries may have data protection laws different from those in the merchant's jurisdiction.

Children's Privacy

The App is intended for use by Shopify merchants and is not directed to children. We do not knowingly collect personal information from children.

Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date above and may provide additional notice where required.

Contact

If you have questions about this Privacy Policy or would like to make a privacy-related request, please contact Beijing Shuangsi Digital Technology Co., Ltd. at support@popaeo.com.

This email address should be treated as the official contact address for privacy-related requests.