Privacy Policy

WarpWare XEO

Effective Date: May 10, 2026 Last Updated: May 10, 2026

Introduction

This Privacy Policy describes how WarpWare Works LLC (“we,” “us,” or “our”) collects, uses, and shares information when you use WarpWare XEO (the “App”), a Shopify application that generates AI-powered product descriptions. It also covers information collected through our marketing website at warpwareworks.com.

We will never sell your data. Never have, never will.

Quick Summary

• We collect store and product data only to provide WarpWare XEO.
• We do not sell your data or use merchant/product data to train AI models.
• We do not access Protected Customer Data such as customer names, phone numbers, physical addresses, or order history.
• You can request data access, export, correction, or deletion at any time.
• We comply with US state privacy laws applicable to our operations, including the CCPA.

Who We Are

WarpWare Works LLC Email: legal@warpwareworks.com Website: https://warpwareworks.com

Our Role: Data Processor

Important: When you use our App with your Shopify store:

• You (the merchant) are the Data Controller - You determine what customer data is collected and how it’s used
• We are the Data Processor - We process customer data only on your behalf and per your instructions
• You must list us as a sub-processor in your own privacy policy

This means:

• Your customers’ personal data belongs to you, not us
• We only process it to provide the App’s functionality
• You’re responsible for obtaining necessary consents from your customers
• We help you comply with privacy laws, but ultimate responsibility is yours

What Information We Collect

1. Information About You (The Merchant)

When you install the App, we collect:

Account Information:

• Name and email address (from Shopify)
• Company/store name
• Shopify store domain
• Billing information (processed by Shopify)

Authentication Data:

• Shopify access tokens (to connect to your store)
• OAuth credentials

Why we collect it: To create your account, authenticate with Shopify, and provide the App

Legal basis: Contractual necessity

2. Information From Your Shopify Store

We access the following via Shopify APIs (only with your permission):

API Scopes We Request:

Required at install (granted by every merchant):

• read_products — To read product titles, descriptions, images, tags, and variants so the AI has context to write descriptions
• write_products — To save AI-generated descriptions and tags back to your products when you click “Save”
• read_inventory — To read variant stock quantities so the AI Search audit can flag out-of-stock items in its analysis

Optional (only granted if you opt in):

• read_orders — Used only by merchants who enable A/B testing on the Optimize or Intelligence plans. We subscribe to the orders/create webhook to attribute purchases to the description variant a shopper saw, so the App can compute conversion lift. Merchants on the Free or Generate plans never grant this scope.

Data Types We Access:

• Product information (titles, descriptions, images, categories, tags)
• Product variants, pricing, and stock quantities
• Store name and domain (provided by Shopify with the OAuth session)
• For merchants who grant read_orders: order line-item product IDs, order totals, and cart/checkout tokens (used solely for A/B test conversion attribution; no customer PII is stored)

Why we collect it: To generate AI-powered product descriptions using OpenAI’s API, save them back to your products, and (for merchants who opt in to A/B testing) measure which descriptions convert better.

Legal basis: Your consent (when you authorize API scopes) and contractual necessity

Protected Customer Data: This App does NOT access Protected Customer Data such as customer names, email addresses, phone numbers, or physical addresses. Merchants who grant the optional read_orders scope receive order webhooks, but we extract only the product IDs, quantities, and totals needed for A/B test attribution — we discard customer identifiers from those payloads on receipt.

3. AI Processing Data

What we send to OpenAI:

• Product titles
• Existing product descriptions
• Product categories/types
• Product tags
• Your store name (for context)

Why: To generate contextual, high-quality product descriptions

Important: We only send product data to OpenAI, never customer personal information. OpenAI processes this data according to their API Data Usage Policy (data is not used to train models).

4. Usage Information

We automatically collect:

• Features you use in the App
• Number of descriptions generated
• App performance data
• Error logs and debugging information
• IP address and browser information (via our analytics provider)

Why we collect it: To improve the App, fix bugs, provide support, and understand usage patterns

Legal basis: Legitimate interest (improving our service)

5. Communications

We store:

• Support tickets and emails
• Feedback you provide

Why we collect it: To provide customer support and improve the App

Legal basis: Contractual necessity and legitimate interest

How We Use Information

Your Merchant Data

• Create and manage your account
• Authenticate with Shopify
• Process subscription payments (through Shopify)
• Generate AI product descriptions
• Send service notifications (installation confirmation, billing updates, security alerts)
• Provide customer support
• Improve the App
• Analyze usage patterns (anonymized)

Product Data (Processed on Your Behalf)

We process your product data ONLY to:

• Generate AI-powered product descriptions using OpenAI
• Display your products in the App interface
• Provide editing and review features
• Store generation history

We do NOT:

• Use product data for our own marketing
• Sell or share product data with third parties (except sub-processors listed below)
• Train our own AI models on your product data (OpenAI also does not train on API data)
• Share your products publicly or with other merchants

How We Share Information

Sub-Processors

We use third-party service providers (sub-processors) to operate the App, including categories such as: cloud hosting infrastructure, AI inference providers, error and log monitoring, and analytics. All sub-processors are bound by confidentiality and data protection obligations consistent with this Policy. A current list is available on request to privacy@warpwareworks.com.

Your responsibility: You must list us as a sub-processor in your own store’s privacy policy.

Legal Requirements

We may disclose information if required by law (e.g., to comply with valid legal process or to protect our rights, property, or safety). If we receive a legally valid government request for merchant data, we will, where lawful, notify the affected merchant.

Business Transfers

If WarpWare Works LLC is acquired or merges with another company, your information may transfer to the new entity. This Privacy Policy will continue to apply, and you’ll be notified of any material changes.

Shopify Privacy Webhooks

We’ve implemented Shopify’s mandatory privacy webhooks:

customers/data_request

Since this App does not access customer data, we have no customer data to provide. We will acknowledge the webhook and confirm no customer data is held.

customers/redact

Since this App does not access customer data, no customer data deletion is necessary. We will acknowledge the webhook.

shop/redact

When you uninstall the App or close your store:

• We receive the webhook from Shopify
• We delete all your store data within 48 hours
• We may retain anonymized aggregated usage statistics

Timeline for webhook responses:

• Acknowledgment: Immediate
• Complete deletion from production: Within 48 hours
• Complete deletion from backups: Within 90 days

Your Privacy Rights

All Merchants

Access: Request a copy of your merchant account data Rectification: Correct inaccurate information in your account settings Deletion: Delete your account and data (via uninstall or request) Export: Download your generation history Objection: Object to certain processing activities

How to exercise: Email legal@warpwareworks.com or use the App’s export feature

Availability and EU/UK

WarpWare Works LLC is a US-based developer. The App is offered through the Shopify App Store exclusively to merchants located in the United States. We do not currently offer the App to merchants established in the European Union, the European Economic Area, or the United Kingdom, and we do not knowingly process the personal data of data subjects located in those jurisdictions. If we extend the App’s availability to the EU, EEA, or UK in the future, we will publish applicable provisions (including any required representative designation and transfer mechanisms) before doing so.

CCPA (California Residents)

We do not sell or share personal information as those terms are defined under the CCPA/CPRA. California residents may request access or deletion by emailing privacy@warpwareworks.com.

Dispute Resolution

If you have privacy concerns or complaints, please email privacy@warpwareworks.com with a description of the issue. We will acknowledge within 5 business days and aim to provide a full response within 30 days.

Data Retention

While Your Account Is Active

We retain data to provide the App’s functionality:

• Product data: Retained for description generation history
• Generated descriptions: Retained for your reference and regeneration
• Usage analytics: Retained for service improvement

After Uninstalling the App

• Immediate: Access ends, API tokens revoked
• 48 hours: shop/redact webhook received and processed, production data deletion begins
• 7 days: Production data deletion completed (except anonymized analytics)
• 30 days: Active backup deletion completed
• 90 days: Complete removal from all systems including archived backups

Legal Retention

We may retain minimal data longer if required for:

• Tax and accounting obligations (typically 7 years)
• Legal disputes
• Fraud prevention

What we keep: Transaction records, invoices, account email

Requesting immediate deletion: Email legal@warpwareworks.com for urgent deletion

Data Security

WarpWare uses industry-standard safeguards to protect Merchant data, including encryption in transit (TLS), access controls limited to authorized maintainers, and vendor due diligence for our service providers. We notify Shopify of security incidents per our obligations under the Shopify API Terms, and we will notify affected merchants without undue delay (and consistent with applicable law). No method of transmission over the Internet is 100% secure.

Data Processing Agreement

A Data Processing Agreement is available on request to privacy@warpwareworks.com.

Cookies and Tracking

The App uses strictly necessary cookies (e.g., Shopify OAuth session tokens, CSRF tokens) required for authentication and security. These cannot be disabled without preventing App use.

Our marketing website at warpwareworks.com uses Google Analytics (GA4) to understand aggregate traffic patterns. You can opt out by using a browser extension such as the Google Analytics Opt-out Add-on, by enabling browser tracking protection, or by visiting our Privacy Settings page. We do not use cookies for advertising, retargeting, cross-site tracking, or selling data.

Contact Form

If you submit the contact form on our website, we use the name, email, and message you provide solely to respond to your request and keep reasonable business records of the conversation.

Children’s Privacy

The App is intended for business use by Shopify merchants and is not directed to individuals under 16 years of age.

We don’t knowingly collect data from children under 16. If we learn we’ve collected a child’s data, we’ll delete it immediately.

Merchant Responsibility: If you are under 18 years of age, you must obtain parental or legal guardian consent before using our App. Merchants are responsible for ensuring they have legal authority to enter into this agreement and bind their business to these terms.

No Age Verification: We do not implement age verification for the App, as it is intended exclusively for business use by merchants operating Shopify stores.

AI and Automated Decision-Making

OpenAI Integration

What we send to OpenAI:

• Product titles, descriptions, and metadata
• Store context (your store name)

What we don’t send:

• Customer personal information
• Order data
• Customer emails or addresses
• Payment information

OpenAI’s data usage:

• OpenAI does NOT use API data to train their models
• Data is processed according to OpenAI’s API Data Usage Policy
• Data may be retained for abuse monitoring for 30 days, then deleted
• See: https://openai.com/policies/api-data-usage-policies

Your control:

• All AI-generated descriptions require your review and approval
• You can edit, regenerate, or discard any AI output
• No automatic publication without your action

Right to Human Review (GDPR Article 22)

While AI-generated descriptions are not legally binding automated decisions, you have the right to:

• Contest AI outputs: Request regeneration with different parameters or prompts
• Human oversight: All AI outputs require your manual review and approval before publishing
• Edit or reject: You can modify, discard, or regenerate any AI suggestion
• No automated legal effects: AI suggestions never auto-publish; you maintain full control over what appears on your store

Important: The App does not make automated decisions with legal or similarly significant effects without human intervention. All AI-generated content is advisory only and requires your explicit approval before use.

GDPR Article 22 Compliance: You have the right not to be subject to decisions based solely on automated processing that produce legal effects or similarly significantly affect you. Our App complies by requiring human review for all AI outputs.

Changes to This Policy

We may update this Privacy Policy to reflect:

• Changes to the App
• New legal requirements
• Changes in our practices

How we notify you:

• Email to your account address
• Notice in the App
• 30 days advance notice for material changes

Continued use after changes constitutes acceptance.

Contact Us

Privacy Questions or Requests

Email: legal@warpwareworks.com Website: https://warpwareworks.com Response time: Within 30 days

Support Questions

Email: legal@warpwareworks.com Help Center: https://warpwareworks.com/support

Shopify-Related Questions

For questions about Shopify’s privacy practices or your Shopify store, contact Shopify at privacy@shopify.com or visit https://shopify.com/legal/privacy

Your Responsibilities as a Merchant

By using this App, you agree to:

1. Maintain your own privacy policy that discloses:

   • Your use of this App
   • That you use WarpWare XEO for product content generation
   • List us as a sub-processor
   • How AI is used in your product descriptions (if required by your jurisdiction)

2. Obtain necessary consents from your customers for:

   • Data collection via your store
   • Use of your store’s privacy policy

3. Comply with applicable laws:

   • GDPR (if you have EU customers)
   • CCPA (if you have California customers)
   • Other regional privacy laws
   • Shopify’s Terms of Service and policies

4. Accurate product descriptions:

   • Review all AI-generated content before publishing
   • Ensure descriptions are accurate and comply with advertising laws
   • Take responsibility for published content

Last Updated: May 10, 2026 Version: 1.0 Shopify API Version: 2024-10 or later