Privacy Policy (Brandios)

Effective date: February 7, 2026

This Privacy Policy explains how Brandios (the “App”, “we”, “us”, or “our”) collects, uses, shares, and retains information when merchants install or use our Shopify app.

This policy is intended for Shopify merchants and their representatives. If you are a customer shopping on a merchant’s store, the merchant’s own privacy policy governs their store.

1) Who we are

Data controller: Brandios (operated by Nasereddin Kailani)

Mailing address: Masoud Bin Saad Street, Wadi al-Seer, Amman, Jordan

Contact: contact@trybrandios.com

2) What information we collect

A. Information from Shopify (merchant + store)

When you install or use the App, Shopify provides us with information necessary to operate the App, including:

• Shop and store identifiers (e.g., shop domain).
• Shopify Admin session data associated with authenticated users (may include name and email address).
• Access token required to call the Shopify Admin API on your behalf.
• Store configuration you enter in the App, such as brand name/domain, onboarding selections (e.g., flagship product/blog), enabled providers, and other brand profile settings.

B. Store content you choose to analyze or optimize

To provide the App’s optimization and analytics features, we process and may store Shopify content such as:

• Product, collection, blog article, and page metadata (e.g., title, handle, canonical URL).
• Product descriptions and other content used to generate “mirror” markdown pages.
• Derived artifacts we create, including:
  • AI-friendly markdown mirrors
  • Generated questions/prompts and embeddings
  • Aggregated analytics and reports

C. AI test and insights data

When you run visibility tests / insights, we may store:

• Prompt text and metadata.
• AI outputs such as excerpts/snippets, full answers (when available), structured analysis, and outcome classifications.
• Cited URLs/domains that an AI response referenced.
• Competitor domains and related competitive analysis.

D. Usage, diagnostics, and security logs

To monitor performance, prevent abuse, and measure AI-bot discovery, we collect:

• Access logs for mirror content requests (may include requested path/URL, user agent, whether the request appears to be an AI crawler, detection confidence, and IP address when available via standard proxy headers).
• Queue/job metadata and operational logs.

E. Email communications

If you provide an email address (e.g., store owner email) we may send service-related emails such as trial reminders or billing/renewal notifications.

F. Customer personal data

The App is designed for merchant-facing analytics and optimization. We do not intentionally collect or process personal information about a merchant’s customers (such as customer names, email addresses, phone numbers, shipping addresses, or order-level personal data), except to the extent such information may appear incidentally in store content selected by the merchant.

3) How we use information

We use information to:

We only collect and process merchant data to provide and improve the App, to comply with legal obligations, and as permitted by Shopify’s API Terms. We do not use merchant data for advertising or unrelated purposes.

• Provide core app functionality (sync content, generate mirrors, run visibility tests, generate insights, and display dashboards/reports).
• Perform AI-assisted processing (question generation, summarization, classification, market insights, and reputation analysis).
• Detect and analyze AI crawler visits and discovery signals.
• Communicate with you about the service (onboarding, trial/billing reminders, operational notifications).
• Maintain security, prevent fraud/abuse, troubleshoot, and improve reliability.

4) How we share information

We do not sell personal information.

We may share information with:

A. Shopify

We use Shopify APIs and Shopify billing. Shopify’s processing of information is governed by Shopify’s own terms and privacy policies.

B. AI and search providers (processors)

To provide the App’s AI features, we may send relevant inputs to third-party AI providers, such as:

• OpenAI (e.g., generating questions/answers, classifications, and structured insights).
• Perplexity (e.g., web-search based research, competitor discovery, and market insights).
• Gemini (e.g., web-search based research, competitor discovery, and market insights).

Inputs may include store content you choose to analyze (like product descriptions), your brand configuration, competitor domains, and prompts/questions. We do not intend to send customer personal information to these providers.

These providers act as data processors and are contractually restricted from using data for their own purposes.

C. Email delivery

We may use an email service provider (e.g., Resend) to deliver service emails to addresses you provide.

D. Infrastructure and hosting

We rely on infrastructure providers to host the App and operate queues/caches/databases (e.g., Redis/Upstash, Postgres hosting, and the App hosting provider). These providers process data on our behalf to run the service.

E. Legal and safety

We may disclose information if required by law, or to protect rights, safety, and security, including responding to lawful requests.

5) Data retention

We retain information for as long as needed to provide the App and for legitimate business purposes such as complying with legal obligations, resolving disputes, and enforcing agreements.

Uninstall / deletion: When a merchant uninstalls the App, Shopify may send us a “shop redact” webhook. When we receive it, we delete store-associated data within 30 days, unless retention is required by law. You can also request deletion by contacting us at contact@trybrandios.com.

If you want a specific retention commitment, please contact us.

6) Security

We use reasonable administrative, technical, and physical safeguards designed to protect information. No method of transmission or storage is 100% secure.

7) Your rights and choices

Depending on your location (including the EEA, UK, or California), you may have rights under applicable data protection laws such as GDPR or CCPA, including the right to access, correct, delete, or obtain a copy of your personal information.

To exercise rights, contact contact@trybrandios.com.

If you are a customer of a merchant’s store, please contact the merchant directly.

8) International transfers

Our providers (including AI and infrastructure providers) may process data in countries other than your own. Where required, we use appropriate safeguards for international transfers.

9) Children

The App is intended for use by businesses and is not directed to children.

10) Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated policy and revise the effective date.

11) Contact

• Email: contact@trybrandios.com
• Address: Masoud Bin Saad Street, Wadi al-Seer, Amman, Jordan