Privacy Policy
Last updated: 24 May 2026
KiwiPages ("we", "us", "the app") is a Shopify-embedded application that lets a merchant
build, edit and publish landing pages on their Shopify store. This Privacy Policy explains
what personal data we process when a merchant installs the app and when shoppers visit the
pages a merchant has published with it.
1. Data controller
For data the app receives from a merchant's Shopify store, the merchant is the data
controller and KiwiPages acts as a data processor. The merchant remains responsible for
informing their own shoppers about how their data is processed by tools installed on the
store, including this one.
2. What we collect from the merchant
- Shop identifier (the
*.myshopify.com domain) and OAuth access token issued by Shopify on install.
- Account holder data minimally required to render the embedded app (first name, last name, email when Shopify shares them as part of the session).
- Page content created by the merchant: title, handle, HTML, CSS, GrapesJS project data, meta tags, head scripts, tags, components, fonts.
- Ownership attestations recorded each time the merchant uses the importer (source URL, content size, IP, user-agent, timestamp and the exact attestation text). This is kept as proof that the merchant attested ownership at import time.
3. What we collect from store visitors
When a shopper visits a page published with KiwiPages we collect a small amount of analytics
data, used solely to give the merchant aggregate insights about their page performance:
- Page views (page identifier, timestamp, referrer, UTM parameters, user-agent string).
- Button clicks & scroll depth on the merchant's KiwiPages pages.
- A short hashed visitor identifier derived from the visitor's IP address + user-agent. We never store the raw IP of a shopper alongside the analytics row.
- Optional chat widget: if the merchant has enabled the on-page chat widget, the questions a shopper types and the AI replies are stored to give the merchant aggregate conversation history. The visitor's message text is sent to our AI provider (see Section 5) to generate the reply.
4. AI features and what is sent to our AI provider
KiwiPages ships with AI features (smart import, AI block generation in the editor, on-page
chat widget). These features are powered by a single bundled provider — there is no API
key for the merchant to configure. When a merchant or shopper triggers an AI feature, the
following content is sent to our AI provider:
- Smart import (URL or HTML): the scraped HTML and CSS of the page the merchant chose to import.
- AI block generation: the prompt the merchant types in the editor, plus the existing HTML/CSS of the section being modified.
- Chat widget: the shopper's message and the structured text representation of the landing page the shopper is currently viewing (so the AI can answer page-specific questions).
No personal customer profile data is included in AI requests. We do not use AI to derive
inferences about individual shoppers. The merchant can disable the chat widget on any
page from the page editor.
5. Sub-processors
The following services may process data on our behalf to deliver the app:
- Hetzner Online GmbH — hosting infrastructure (Nuremberg, Germany).
- Shopify Inc. — authentication, page publishing, and webhook delivery.
- DeepSeek (operated by DeepSeek (Hangzhou) AI Co., Ltd.) — bundled AI
provider for smart import, AI block generation and the on-page chat widget. We send the
AI inputs listed in Section 4 to DeepSeek's API. DeepSeek states that API inputs are
not used to train their models when accessed via paid API tier. Servers operated in the
People's Republic of China.
- Google Fonts — only when the merchant chooses a Google-hosted font for a page.
6. Data retention
- Pages, components, fonts and settings: kept while the app is installed.
- Analytics events (page views, clicks): kept for the lifetime of the install; the merchant can request earlier deletion.
- Chat-widget messages: kept for the lifetime of the install; the merchant can request earlier deletion.
- On
app/uninstalled we delete sessions, pages, components, fonts, settings, conversions, page views, button clicks, chat messages and templates for the shop.
- On
shop/redact (sent by Shopify 48 hours after uninstall) we re-run the full deletion as a safety net.
- On
customers/redact we redact the customer's email from any conversion rows belonging to the merchant.
ImportAck records (ownership attestations) are kept for the lifetime of the install as part of the merchant's audit trail and are deleted on uninstall.
7. Security
- All traffic to and from the app uses HTTPS with TLS certificates issued by Let's Encrypt. HSTS is enforced (2 years, preload).
- Endpoints that perform writes are scoped to the authenticated merchant's shop.
- External-URL imports go through a server-side guard that blocks private and link-local addresses (e.g. cloud metadata endpoints) and non-http(s) protocols.
8. Your rights
Merchants can request access, rectification or deletion of their data at any time by emailing
us (see contact details below) or by uninstalling the app, which triggers automatic deletion.
Shoppers should contact the merchant directly for requests concerning data collected on the
merchant's store; the merchant can forward the request to us and we will assist.
9. International transfers
Primary data storage is in Germany (EU). When AI features are used, the relevant payload
(Section 4) is transferred to DeepSeek's servers in the People's Republic of China. Where
other sub-processors are located outside the EU (e.g. Shopify), the data transferred is
limited to what is strictly necessary to operate the feature the merchant has enabled.
10. Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be flagged in the
admin app or by email to the merchant of record.
11. Contact
Questions or requests: support@kiwipages.ecomx.pro.