Privacy Policy
Last updated: 26 January 2025
1. Introduction
Xiza Digital Ltd ("we", "our", or "us") operates ConvertLab, a Shopify application that helps merchants optimise their product descriptions through AI-powered A/B testing. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our application.
We are committed to protecting your privacy and complying with applicable data protection laws, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other relevant legislation.
2. Information We Collect
2.1 Information Collected Through Shopify's APIs
When you install ConvertLab, we access the following data through Shopify's APIs:
- Product Information: Product titles, descriptions, categories, tags, and identifiers
- Store Information: Shop name, domain, currency, and locale settings
- Order Metadata (Conversion Tracking Only): Order IDs, product IDs, and order amounts to measure A/B test performance. We do NOT access customer names, emails, addresses, or other personal information from orders.
- Analytics Data: Aggregated product view and conversion metrics
2.2 Information Collected Directly From You
- Account Information: Your Shopify store domain and email address (provided by Shopify during installation)
- Usage Data: How you interact with our application, including features used and preferences set
- Support Communications: Any messages or information you provide when contacting our support team
2.3 Information We Do NOT Collect
We do not collect or access:
- Customer personal information (names, emails, addresses, phone numbers)
- Payment or financial information (card numbers, bank details)
- Customer browsing behaviour on individual stores
- Shipping or billing addresses
3. How We Use Your Information
We use the information we collect solely for the following purposes:
- Providing the Service: To generate AI-powered product description variants and conduct A/B tests
- Analytics and Reporting: To display test results and performance metrics within the app
- Service Improvement: To improve our application's features and user experience
- Customer Support: To respond to your enquiries and provide technical assistance
- Billing: To process subscription payments through Shopify's billing system
We do not use your information for any other purposes, including marketing to third parties or creating advertising profiles.
4. AI Processing and OpenAI
ConvertLab uses OpenAI's API to generate product description variants. Here is how your data is handled:
- What We Send: Product titles, existing descriptions, categories, and any context you provide (target audience, key benefits)
- What We Do NOT Send: Customer data, order information, or any personally identifiable information
🔒 OpenAI Data Commitment
We use OpenAI's API with data usage controls enabled. Under our agreement with OpenAI:
- Your data is NOT used to train OpenAI's models
- Data is processed only to generate your requested content
- OpenAI retains API inputs for up to 30 days for abuse monitoring, then deletes them
- No data is shared with third parties for training purposes
5. Data Sharing and Disclosure
✓ We do NOT sell, rent, or trade your data to third parties for marketing or any other purpose.
We may share information only in the following limited circumstances:
- Service Providers: With trusted third parties who assist in operating our service (e.g., OpenAI for AI generation, cloud hosting providers), under strict contractual obligations
- Legal Requirements: If required by law, regulation, or valid legal process
- Business Transfers: In connection with a merger, acquisition, or sale of assets (with notice to you)
6. Data Retention
We retain your data for as long as necessary to provide our services:
- Active Accounts: Data is retained while your app remains installed
- Analytics Data: Raw analytics events (impressions, conversions) are automatically purged after 90 days. Aggregated statistics are retained for the lifetime of your account.
- After Uninstallation: We delete your data within 30 days of app uninstallation
- Deletion Requests: You may request immediate deletion at any time by contacting us
7. Data Security
We implement appropriate technical and organisational measures to protect your data:
- All data is encrypted in transit (TLS/SSL) and at rest
- Access tokens are encrypted using industry-standard encryption
- We use secure cloud infrastructure with regular security audits
- Access to data is limited to authorised personnel only
8. Your Rights
Depending on your location, you may have the following rights:
- Access: Request a copy of the data we hold about you
- Correction: Request correction of inaccurate data
- Deletion: Request deletion of your data
- Portability: Request your data in a portable format
- Restriction: Request restriction of certain processing activities
- Objection: Object to certain types of processing
To exercise any of these rights, please contact us at privacy@xiza.co.uk. We will respond within 30 days.
9. Shopify Integration
ConvertLab integrates with Shopify and complies with Shopify's requirements for app developers:
- We subscribe to Shopify's mandatory compliance webhooks for data deletion requests
- All billing is processed through Shopify's secure billing system
- We comply with Shopify's API Terms of Use and Partner Program Agreement
10. International Data Transfers
Xiza Digital Ltd is based in the United Kingdom. Your data may be processed in the UK, European Economic Area, and United States (for AI processing via OpenAI). We ensure appropriate safeguards are in place for any international transfers, including Standard Contractual Clauses where required.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.
12. Contact Us
If you have questions about this Privacy Policy or our data practices, please contact us: