Privacy Policy

Max AI: Blog Canvas

Effective Date: March 19, 2026 Last Updated: March 19, 2026

Introduction

This Privacy Policy explains how Max AI: Blog Canvas (the "App", "we", "us", or "our") collects, uses, shares, stores, and protects information when Shopify merchants install and use the App.

The App is a business-to-business (B2B) application intended for Shopify merchants and store staff. The App is designed to create, manage, and publish blog articles to Shopify storefronts. This policy focuses on the data we process to provide that functionality.

By installing or using the App, you agree to the practices described in this Privacy Policy.

1. Data We Collect

1.1 Store and Merchant Information

We collect and store information to identify your store and operate the App, such as:

Shop domain (for example, your-store.myshopify.com)
Shopify shop identifiers and basic store details (such as store name)
Shopify session information (such as user ID, name, email address, locale, and session timestamps) when provided by Shopify during authentication
Shopify access tokens required to make Admin API requests on your behalf

1.2 Blog Content and Article Data

To create and publish blog articles, we access and may store content that you create in the App, including:

Article drafts (title, body content, metadata, SEO fields)
Article settings (author, blog collection, tags, template suffix, URL handle)
Featured images and inline media references
Product card configurations (selected products, display settings)
Appearance settings (product card, FAQ, and TOC styling)

1.3 Product Catalog Data

To support product card insertion and AI smart matching, we may sync and store:

Product metadata (title, description, price, handle, status, images)
Product vector embeddings for semantic search

1.4 App Settings and Preferences

We store configuration settings that you control in the App, such as:

Appearance settings per component type
Onboarding status
Plan state and quota usage

1.5 Usage, Billing, and Operational Data

We store data needed to run the App and manage usage, such as:

Publish events (timestamps, status, quotas consumed)
AI command usage (daily counters for free plan limits)
Billing events and subscription records

2. Data We Do Not Intentionally Collect

We do not request Shopify API scopes to access customer records or orders as part of the App's core blog editing functionality, and we do not intentionally collect:

Customer order information
Customer payment information
Customer addresses, phone numbers, or email addresses from Shopify customer records

3. How We Use Your Data

We use the data we collect for the following purposes:

Authentication and security: To authenticate users, maintain sessions, and protect the App
Article management: To create, edit, save drafts, and publish articles to Shopify
AI features: To generate text improvements, SEO fields, FAQ, TOC, and product recommendations
Product catalog: To sync and search products for card insertion
Billing and usage: To track publish quotas, image usage, and manage subscriptions through Shopify billing
Appearance rendering: To apply storefront styling via the Theme App Extension
Support and reliability: To diagnose issues, prevent abuse, and improve stability

4. AI Services and Subprocessors

4.1 AI Provider

To generate AI content (text improvements, SEO fields, FAQ, TOC), the App uses an AI language model. The default model is LongCat-Flash-Lite, configured via environment settings.

4.2 Data Sent to AI Providers

When using AI features, we send only what is needed to generate content, such as:

Selected text or article body content
Generation instructions (improve, shorten, summarize, etc.)
Target language context

We do not send your Shopify access tokens to AI providers.

4.3 Provider Retention and Terms

AI providers process data according to their own terms and policies. We recommend that you review the applicable provider documentation.

We do not sell your personal information.

We share data only as needed to operate the App, including:

Shopify: To read and write blog articles, products, and media through Shopify APIs
Service providers (subprocessors): Hosting, databases, AI providers, and infrastructure that help us operate the App
Legal and compliance: If required to comply with applicable law, regulation, legal process, or enforce our rights

6. Data Retention and Deletion

6.1 Retention

We retain data only as long as needed to provide the App, meet legal obligations, resolve disputes, and enforce agreements. Typical retention includes article drafts and operational records while your subscription is active.

6.2 Uninstall and Shopify Compliance Webhooks

Apps distributed through the Shopify App Store must support Shopify's mandatory privacy compliance webhooks. The App is configured to respond to:

customers/data_request
customers/redact
shop/redact

Upon receipt of a shop/redact request, the App deletes shop-related data from our systems, including sessions, articles, product data, and shop records.

If we do not have end-customer personal data associated with a request, we will respond accordingly.

7. Security

We implement reasonable technical and organizational measures designed to protect information from unauthorized access, disclosure, alteration, or destruction, including:

Encryption in transit (HTTPS/TLS) where applicable
Access controls and least-privilege internal access
Monitoring and logging for operational security

No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

Email: [email protected]