Privacy Policy
Effective date: May 5, 2026 · Last updated: May 5, 2026
This Privacy Policy describes how Wordy by MVIDEV (“Wordy”, “we”, “us”, or “our”) collects, uses, and shares information when a Shopify merchant installs and uses the Wordy app (“the App”) on their Shopify store.
By installing or using the App, you agree to the practices described in this policy.
1. Who we are
Wordy is operated by MVIDEV.
- Contact: support@mvidev.com
- App URL: https://wordy.mvidev.com
For privacy questions, data access requests, or data deletion requests, contact us at the email above. We respond within 30 days.
2. Information we collect
The App is designed to operate with the minimum data necessary to function. We do not collect customer personal information (no names, emails, addresses, payment data, or order details belonging to your buyers).
2.1 Information collected automatically from the merchant’s Shopify store
When a merchant installs and uses the App, we receive and store the following from Shopify on our servers:
- Shop domain (e.g.
your-store.myshopify.com) — used to identify your store and route requests. - Shopify session and access tokens — issued by Shopify during the OAuth flow and used by the App to call the Shopify Admin API on your behalf, scoped to the permissions you approved at install (currently
write_products). - Token metadata — token expiry, scopes granted, and refresh tokens, where applicable.
2.2 Information about your products
When you ask the App to generate or update a description, the App reads from your Shopify store and temporarily processes:
- Product title, product type, vendor, and existing product description (HTML).
- Any inputs you supply within the App: tone, target audience, selling angle, key features, SEO keywords, and chosen layout.
We do not store the full text of your products on our servers beyond what is required to complete the in-progress request. Generated descriptions are written back to your store via the Shopify Admin API.
2.3 Usage and configuration data
We store the following on our servers to operate the App:
- Plan and billing status — your current plan (free, starter, growth, pro), Shopify recurring charge ID, and billing status (active, pending, cancelled).
- Monthly description usage count — how many descriptions you have generated in the current month, used to enforce plan limits.
- Theme color preference — a single hex value you choose to brand the App’s interface.
2.4 Server logs
Our hosting provider (Vercel) and database provider may automatically log standard request metadata (IP address, user agent, timestamp, status code) for security, abuse prevention, and debugging. These logs are retained for a limited period (typically 30 days) and are not used to build profiles of individual users.
3. How we use information
We use the information described in Section 2 to:
- Authenticate your store with Shopify and maintain your session.
- Generate product descriptions and meta descriptions on your request.
- Update product descriptions in your Shopify store via the Admin API.
- Track and enforce your plan’s monthly description limit.
- Process billing through Shopify’s Billing API.
- Diagnose errors, prevent abuse, and improve the App.
- Comply with legal obligations and Shopify Partner Program requirements.
We do not sell, rent, or trade your information. We do not use your store data to train AI models on your behalf or for our own purposes.
4. Third-party services we share data with
To deliver the App’s functionality we share specific data with the following sub-processors:
| Sub-processor | Purpose | Data shared |
|---|---|---|
| Shopify | Source of truth for your store; Admin API; Billing API | Shop domain, session tokens, all API requests |
| Anthropic (Claude API) | Generates the product description and meta description text | Product title, product type, existing description, and your chosen tone / audience / selling angle / keywords. No customer PII is sent. |
| Vercel | Application hosting | Standard request logs |
| Neon (or equivalent managed Postgres) | Database hosting | Data described in Section 2.1 and 2.3 |
Each of these providers is bound by their own privacy and security commitments. Anthropic’s API terms (as of the effective date) state that customer API inputs and outputs are not used to train Anthropic models by default.
We do not share your data with any other third parties except (a) where required by law, (b) to protect our rights, or (c) in connection with a corporate transaction (merger, acquisition, asset sale), in which case we will notify you.
5. Data retention and deletion
- Active install: we retain the data described above for as long as the App is installed on your store.
- Uninstall: when you uninstall the App, Shopify sends us an
app/uninstalledwebhook. On receipt, we delete your Shopify session tokens. We retain your shop record and aggregate usage counts only as long as needed for billing reconciliation. - Shop redaction: 48 hours after uninstall, Shopify sends us a
shop/redactwebhook. On receipt, we delete all remaining records associated with your shop, including the shop record, all usage history, and any remaining session data. - Customer redaction / data request: because the App does not collect or store buyer (customer) personal data, the
customers/redactandcustomers/data_requestwebhooks have nothing to delete or export, and we acknowledge them as required.
You may also request immediate deletion at any time by emailing support@mvidev.com. We will confirm deletion within 30 days.
6. Security
- All data in transit between your browser, Shopify, our servers, and our sub-processors is encrypted using TLS.
- All inbound webhooks from Shopify are verified using HMAC signatures before any data is read.
- Database connections use TLS and are restricted to our application servers.
- Access tokens are stored only in our database and are never transmitted to the browser or to third parties other than Shopify.
No system is 100% secure. If we become aware of a breach affecting your data, we will notify you and the relevant authorities as required by applicable law.
7. Your rights
Depending on where you are located, you may have rights under applicable data protection laws (including the EU/UK GDPR and the California Consumer Privacy Act) to:
- Access the personal data we hold about you
- Correct inaccurate data
- Request deletion of your data
- Object to or restrict certain processing
- Receive your data in a portable format
- Withdraw consent
To exercise any of these rights, email support@mvidev.com. We do not discriminate against users who exercise their privacy rights.
8. International data transfers
Our hosting and sub-processors may store and process data in jurisdictions outside your own (including the United States). Where applicable, we rely on standard contractual clauses or equivalent safeguards.
9. Children
The App is offered to Shopify merchants and is not directed to children under 16. We do not knowingly collect personal information from children.
10. Changes to this policy
We may update this policy from time to time. The “Last updated” date at the top reflects the most recent change. Material changes will be communicated through the App or by email to the merchant contact on file. Continued use of the App after a change constitutes acceptance of the revised policy.
11. Contact
If you have any questions about this policy or our data practices, contact:
MVIDEV
Email: support@mvidev.com