Privacy Policy
Visibly — AI Brand Visibility Monitoring for Shopify
Effective Date: February 26, 2026 · Last Updated: February 26, 2026
1. Introduction
This Privacy Policy explains how what.digital (“we”, “us”, “our”) collects, uses, stores, and protects information when you use the Visibly application (“the App”) available through the Shopify App Store. By installing and using the App, you agree to the practices described in this policy.
Visibly is an AI-powered brand monitoring tool that tracks how your brand appears in AI-generated search results and compares your visibility against competitors.
Operated by: what.digital
Contact: support@what.digital
Website: https://what.digital
2. Information We Collect
2.1 Store Information
When you install and authenticate the App, we collect the following information about your Shopify store via the Shopify Admin API:
- Store identity: Shop name, myshopify domain, primary domain, and store description
- Account details: Store owner email address and currency code
- Plan information: Your current Shopify plan name and whether it is a partner development store
This information is collected during the initial authentication process and is used to identify your account and provide the service.
2.2 Product and Catalog Data
To generate relevant monitoring prompts tailored to your store, we access:
- Product information: Product titles, descriptions, product types, vendor names, tags, variant details, and featured image URLs
- Collection information: Collection titles, descriptions, handles, product counts, sort order, SEO metadata, and metafields
- Sales data: Aggregated best-selling product rankings (we query order data solely to identify your top-performing products — we do not store individual order details, customer information, or transaction amounts)
Product and collection data is used during onboarding to generate AI monitoring prompts and is not permanently stored in its raw form on our servers.
2.3 Brand and Competitor Information
You provide the following information directly:
- Your brand name (entered during onboarding, may be auto-populated from your store name)
- Competitor brand names and website URLs (entered manually by you on the Competitors page, Pro plan only)
2.4 Monitoring Prompts
We store the text of monitoring prompts — both those generated automatically based on your product catalog and those you create or edit manually. Prompts are the queries we use to monitor AI-generated search results for your brand.
2.5 Analytics and Execution Data
When monitoring prompts are executed, we collect and store:
- Execution records: Timestamp, status (success/failed), duration, and the AI model used
- Analysis results: Visibility percentage, sentiment score and classification (positive/neutral/negative), position ranking, mention count, contextual excerpts, and source citations
- LLM request logs: The full prompt sent to the AI provider and the full response received, along with token usage metrics
2.6 Shopify Session Data
To maintain your authenticated session within the Shopify admin, we store:
- OAuth session tokens: Session ID, access token, granted API scopes, and expiration
- Staff member details (provided by Shopify during OAuth): First name, last name, email address, locale, and whether the user is the account owner or a collaborator
2.7 App Preferences
We store your in-app configuration:
- Selected products (IDs, titles, and image URLs)
- Tags and target market selections
- Whether initial setup has been completed
- Subscription status and cancellation dates
3. How We Use Your Information
| Purpose | Data Used |
|---|
| Providing the service | Store identity, brand names, prompts, and execution results to deliver brand visibility analytics |
| Generating monitoring prompts | Product titles, descriptions, collections, and best-seller rankings to create relevant prompts during onboarding |
| AI brand analysis | Brand names, competitor names, and monitoring prompts are sent to AI language model providers to analyze brand visibility in AI-generated responses |
| Analytics and reporting | Execution results and analysis data to render dashboards, charts, and comparison tables |
| Subscription management | Store identity and subscription status to enforce plan limits |
| Authentication | Session tokens and staff member details to maintain your authenticated session within Shopify admin |
| Service improvement | Aggregated, anonymized usage patterns to improve prompt generation quality and analytics accuracy |
We do not use your data for advertising, profiling, or any purpose unrelated to providing the Visibly service.
4. Third-Party Services and Data Sharing
4.1 AI Language Model Providers
To perform brand visibility analysis, we send monitoring prompts containing your brand name, competitor names, and prompt text to third-party AI providers. The following providers may be used:
- OpenAI (OpenAI, L.L.C.) — Models including GPT-4o and GPT-4o with web search capabilities. When web search is enabled, OpenAI may perform real-time web searches related to the brands and queries in your prompts. OpenAI’s data usage policy applies: https://openai.com/policies/privacy-policy
- Anthropic (Anthropic, PBC) — Claude models. Anthropic’s privacy policy applies: https://www.anthropic.com/privacy
These providers receive the prompt text (which includes brand and competitor names) and return analysis responses. We do not send your store’s customer data, order details, financial information, or personal data of your customers to these providers.
4.2 Shopify
The App communicates with Shopify’s Admin API (GraphQL) and Billing API to access store data, manage subscriptions, and handle authentication. Shopify’s privacy policy applies: https://www.shopify.com/legal/privacy
4.3 Hosting Infrastructure
- The App backend is hosted on Laravel Forge managed servers in Europe
- The Shopify App frontend is hosted on containerized infrastructure
- Databases are hosted on the same infrastructure as the application servers
4.4 No Other Third-Party Sharing
We do not:
- Sell your data to third parties
- Share your data with advertising networks
- Use third-party analytics or tracking services (no Google Analytics, no tracking pixels)
- Share your data with any parties other than those listed above
5. Cookies and Tracking
The App does not use cookies for tracking or analytics purposes. The only cookies used are those required by Shopify’s App Bridge framework for session authentication within the Shopify admin. We do not deploy any third-party tracking scripts, pixels, or fingerprinting technologies.
6. Data Storage and Security
6.1 Where Data Is Stored
- Session data and app preferences are stored in a database associated with the Shopify App frontend
- Brand data, prompts, execution results, and analytics are stored in a database on the backend application server
- All infrastructure is hosted on servers managed in Europe
6.2 Security Measures
We implement the following security measures:
- HMAC-SHA256 request signing: All communication between the Shopify App and our backend is cryptographically signed and verified to prevent tampering
- Encrypted connections: All data in transit is protected with TLS/HTTPS encryption
- Access token security: Shopify OAuth access tokens are stored securely and are never exposed to the frontend
- Scope limitation: We request only the minimum Shopify API scopes necessary to provide the service
- Authentication enforcement: All backend API endpoints require valid HMAC signatures; unauthenticated requests are rejected
6.3 API Scope Justification
| Scope | Purpose |
|---|
read_products | Access product titles, descriptions, types, and collections to generate relevant monitoring prompts |
read_orders | Identify best-selling products to prioritize monitoring prompts (aggregated rankings only — no individual order or customer data is stored) |
write_products | Reserved for upcoming product enhancement features based on AI visibility insights |
7. Data Retention
7.1 While the App Is Installed
- Analytics data is retained for up to 90 days (the maximum history period available on the Pro plan)
- Monitoring prompts and brand configurations are retained for as long as the App remains installed
- LLM execution logs (prompts sent and responses received) are retained for operational and debugging purposes
- Session data is retained for the duration of your active Shopify session
7.2 After App Uninstallation
When you uninstall the App:
- Shopify session tokens are deleted immediately
- App preferences (selected products, tags, target market) are retained temporarily to allow seamless re-installation
- Backend data (brand configurations, prompts, analytics history, and execution logs) is retained for 30 days following uninstallation to allow for re-installation without data loss, after which it is permanently deleted
To request immediate deletion of all your data, contact us at support@what.digital.
8. Children’s Privacy
The App is intended for use by Shopify merchants (business users) and is not directed at individuals under the age of 16. We do not knowingly collect personal information from children.
9. Your Rights
9.1 For All Users
- Access: Request a copy of all data we hold about your store
- Correction: Request correction of inaccurate data
- Deletion: Request deletion of all data associated with your store
- Data portability: Request your data in a structured, machine-readable format
- Withdrawal of consent: Uninstall the App at any time to stop all future data collection
9.2 For Users in the European Economic Area (EEA) and Switzerland
Under the General Data Protection Regulation (GDPR) and the Swiss Federal Act on Data Protection (FADP), you additionally have the right to:
- Restrict processing: Request that we limit how we use your data
- Object to processing: Object to data processing based on legitimate interests
- Lodge a complaint: File a complaint with your local data protection authority
Legal basis for processing:
- Contractual necessity: Processing store data, brand information, and prompts is necessary to provide the Visibly service you have requested
- Legitimate interest: Processing execution logs and analytics data to maintain service quality and debug issues
- Consent: You consent to data processing by installing the App and completing the onboarding flow
9.3 For Users in California (CCPA)
California residents have the right to:
- Know what personal information is collected and how it is used
- Request deletion of personal information
- Not be discriminated against for exercising privacy rights
We do not sell personal information to third parties.
9.4 How to Exercise Your Rights
To exercise any of the above rights, contact us at support@what.digital. We will respond to all requests within 30 days. To verify your identity, we may ask you to confirm your Shopify store domain.
10. GDPR Compliance and Shopify Webhooks
We handle the following mandatory Shopify compliance webhooks:
| Webhook | Our Response |
|---|
| Customer Data Request | We respond confirming that we do not store any end-customer personal data. Brand analysis is performed on publicly available AI-generated content and does not involve your customers’ personal information. |
| Customer Data Erasure | We acknowledge and confirm no customer personal data is stored that requires deletion. |
| Shop Data Erasure | We delete all data associated with the requesting shop, including session records, store settings, brand configurations, prompts, execution history, and analytics data. |
11. Data We Do NOT Collect
For clarity, Visibly does not collect or store:
- Customer names, email addresses, physical addresses, or phone numbers
- Payment or financial transaction details
- Credit card or billing information (subscriptions are handled entirely by Shopify’s billing system)
- Individual order contents or line items
- Customer browsing behavior or purchase history
- IP addresses of your store’s visitors
- Any data from your store’s frontend or storefront
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. When we make material changes:
- We will update the “Last Updated” date at the top of this policy
- For significant changes, we will notify you through the App interface or via the email associated with your Shopify store
13. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, contact us at:
what.digital
Email: support@what.digital
Website: https://what.digital
14. Shopify App Store
This App is distributed through the Shopify App Store. By using the App, you also agree to Shopify’s Terms of Service and Privacy Policy.