Privacy Policy
Last updated: June 9, 2026
1. Who we are
SEO Bison (“we,” “our,” or “the App”) is a Shopify application that uses artificial intelligence to generate SEO blog content for merchants. By installing the App you agree to this Privacy Policy.
2. Data we collect
We collect and process the following data from your Shopify store:
- Store information — shop domain, shop name.
- Product catalog — product titles, descriptions, images, tags, and prices. Used solely to generate on-brand blog content.
- Collections — collection titles and handles. Used to identify content gaps.
- Existing blog articles and pages — titles, body text, publication dates. Used to avoid duplicate topics and detect your brand voice.
- Shopify OAuth access token — stored encrypted (AES-256-GCM with envelope encryption) to authenticate API calls on your behalf.
We do not collect personal data from your customers (names, emails, addresses, or order history).
3. How we use your data
- Generating AI blog topics and drafts grounded in your product catalog.
- Extracting your brand’s writing voice from your existing content.
- Publishing approved articles to your Shopify blog via the Shopify Admin API.
- Scheduling and managing blog posts on your behalf.
- Billing via the Shopify Billing API for your subscription and published posts.
We do not sell, rent, or share your store data with third parties for marketing purposes.
4. Third-party services
We send content to these services to generate blog posts:
- Anthropic (Claude AI) — generates blog text. Only product/store data is sent; no customer PII is transmitted. Governed by Anthropic’s Privacy Policy.
- Web search — the App may perform web searches to research blog topics. Only publicly available information is retrieved.
We also use:
- PostgreSQL database — stores your catalog, generated posts, and billing events on secured servers.
- Redis — temporary job queuing; no persistent personal data stored.
5. Data retention
We retain your store data while the App is installed and for up to 48 hours after uninstall (to process GDPR shop redact requests). After that, all data is permanently deleted per Shopify’s GDPR requirements.
6. GDPR & data subject rights
We handle Shopify’s mandatory GDPR webhooks:
- customers/data_request — we do not store customer PII, so no data export is needed.
- customers/redact — we do not store customer PII; no action needed.
- shop/redact — all merchant data is deleted within 48 hours of receiving this webhook.
7. Security
Shopify access tokens are encrypted at rest using AES-256-GCM with envelope encryption (a unique data-encryption key per store, itself encrypted with a master key stored separately). All data is transmitted over TLS 1.2 or higher.
8. Changes to this policy
We will notify you via the Shopify admin if we make material changes to this policy. Continued use of the App after changes constitutes acceptance.
9. Contact
Questions? Email us at support@seobison.com.