Privacy Policy

Information collected through Shopify APIs

PulpoAR processes Shopify shop and product information required to operate the app, including the shop domain, app session state, installation state, billing status, product and variant identifiers, supported category mappings, and configuration data needed to enable product sync and storefront virtual try-on behavior.

Information collected directly from merchants

Merchants may provide configuration choices through the app interface, such as onboarding selections, billing decisions, storefront widget configuration, and support requests. PulpoAR also generates operational logs and state records related to a merchant's use of the app so the product can function correctly, recover from failed setup, and support reinstall continuity after app uninstall.

Information collected directly from merchants' customers

When a merchant enables the storefront virtual try-on experience, a shopper's browser may request camera permissions. PulpoAR may process the camera images, storefront usage signals, and related session data needed to render the try-on experience, operate analytics, and support the feature. Merchants remain responsible for any shopper-facing disclosures required for their storefront and for configuring the theme app embed or app block correctly.

How information is used

PulpoAR uses the data above to authenticate merchants, provision app access, manage billing and subscription entitlements, sync supported products and variants, render the storefront virtual try-on experience, provide support, prevent paid-trial abuse, and maintain service continuity when a merchant reinstalls the app after uninstall.

Retention and deletion lifecycle

• App uninstall performs a soft deactivation. Sessions are removed and the shop is marked uninstalled so reinstall can continue with the existing billing and setup context.
• Shopify shop/redact requests trigger hard deletion of shop-owned data in the Shopify app and associated PulpoAR project data.
• After hard deletion, a minimal irreversible hashed marker may be retained solely to prevent paid-trial abuse.

Data retention period

PulpoAR retains merchant operational data only as long as needed to operate the app, support billing and reinstall continuity, respond to support issues, and comply with deletion or redaction requests. After hard deletion, only the minimal anti-abuse marker described above may remain.

Browser storage and operational tracking

PulpoAR storefront and embedded experiences may use browser storage such as localStorage or sessionStorage to preserve temporary operational state, support session continuity, and buffer usage or analytics events needed for service operation.

International processing and service providers

PulpoAR and service providers that support hosting, infrastructure, analytics, and operational delivery may process data in the jurisdictions where the service is operated. Merchants with region-specific privacy or transfer questions should contact PulpoAR through the support channel listed below before using the app in production.

Questions and data rights requests

For privacy questions or deletion requests related to your merchant account, use the support channel listed on the Support page. Shopify GDPR webhooks are used for platform deletion workflows, and merchant support requests can be used for follow-up questions about operational data handling.