Data security and privacy

This page summarizes how LingoVae handles your data. For the legal version, see the Privacy Policy, the Cookie Policy, and the Data Deletion page on the marketing site.

What we read from your Shopify store

Only what we need to render a draft:

  • Titles, descriptions, and product types for the products you choose to style
  • Shopify product IDs (GIDs) for those products
  • Metafield values we write under the commstyles namespace

We don’t read order data, customer data, payment information, or analytics from your Shopify store. We have no access to your shop’s customer list.

What we send to AI providers

When you generate a styled draft, the product context (title, current description, product type) is sent to an AI provider that produces the rewritten text. We don’t send any other data.

LingoVae currently routes through a multi-provider mix that may include Anthropic, OpenAI, Google, and xAI. Each provider processes requests according to its own terms. We don’t train models on your data, and we don’t enrol you in any provider’s training pipelines.

How styled content reaches your storefront

LingoVae writes approved styled content to Shopify metafields under the commstyles namespace. A theme app extension reads those metafields and renders the styled text on your storefront.

Your original Shopify product descriptions are never modified. They sit alongside the styled metafields, untouched. If the theme app extension can’t read styled content for any reason — subscription lapsed, app uninstalled, network error — your original Shopify descriptions render in their place automatically. Customers see no transition.

What we set in your customers’ browsers

Nothing. The theme app extension that renders styled descriptions doesn’t set cookies, set pixels, collect IP addresses, or store any identifying information about your shop’s visitors.

The LingoVae embedded admin app (the one you interact with in your Shopify admin) sets a small number of session and CSRF cookies needed to keep you signed in and protect sensitive actions. Listed in the Cookie Policy.

Where your data lives

LingoVae operates from the United States on Google Cloud. Data at rest is encrypted; data in transit is TLS-encrypted. OAuth tokens are stored encrypted in the database.

Aggregate logs and metrics are retained for diagnostic and security purposes. We don’t keep raw request payloads beyond what’s needed for active job state.

How to delete your data

Two paths:

  1. Uninstall LingoVae from your Shopify admin. Shopify notifies us automatically. We mark your data for deletion within 48 hours, fully delete from production databases within 30 days, and fully delete from backups within 90 days. Your storefront is unaffected — the theme app extension stops reading styled content the moment you uninstall.

  2. Email privacy@lingovae.com from your registered address. Useful for partial deletions or for requests that can’t go through uninstall (for example, you’ve used LingoVae as a staff member rather than the shop owner).

Detailed timeline at data deletion.

What we retain after deletion

  • Billing records for the period required by tax and accounting law (typically 7 years). Stored in Shopify’s billing system, not ours.
  • Aggregate analytics with no link back to your shop.
  • Security logs for 90 days for fraud prevention, then deleted.

Compliance

We comply with GDPR, the California Consumer Privacy Act, and Shopify’s data-processing requirements for embedded apps. For a DPA, email privacy@lingovae.com.

Reporting a vulnerability

Email security@lingovae.com with details. We respond within 48 hours. We don’t currently run a paid bounty program but will credit researchers who report responsibly.