Lyros Privacy Policy

Introduction

Lyros ("we," "our," or "the App") provides AI-powered product tagging and SEO optimization services ("the Service") to merchants who use Shopify to power their stores. This Privacy Policy describes how we collect, use, store, and protect information when you install or use our App in connection with your Shopify store.

Information We Collect

Information from Shopify

When you install the App, we automatically receive access to certain information from your Shopify account through the Shopify API:

• Store Information: Store name, store ID, store URL, and store domain
• Product Information: Product titles, descriptions, images, tags, and product IDs
• Access Tokens: Shopify access tokens to authenticate API requests
• Billing Information: Subscription status and billing-related identifiers

Information We Generate

Through the use of our Service, we generate and store:

• AI-Generated Content: Product tags, SEO titles, and descriptions created by our AI models
• Usage Data: Token usage, API call counts, job processing statistics
• Transaction Records: Credit purchases, consumption records, and billing history
• Job Processing Data: Bulk job status, progress tracking, and error logs

Technical Information

We automatically collect certain technical information:

• Log Data: IP addresses, request timestamps, API endpoints accessed
• Performance Metrics: Response times, error rates, system health indicators
• Browser Information: When accessing any web interfaces we provide

How We Use Your Information

Primary Uses

• Service Delivery: Generate AI-powered product tags and SEO content
• Billing and Payments: Process credit purchases and usage-based billing through Shopify
• Job Processing: Execute bulk tagging and SEO optimization jobs
• Performance Monitoring: Track API usage to ensure service quality and availability

Secondary Uses

• Service Improvement: Analyze usage patterns to enhance AI model performance
• Customer Support: Respond to inquiries and troubleshoot issues
• Security: Detect and prevent fraudulent or abusive behavior
• Compliance: Meet legal obligations and enforce our Terms of Service

Data Storage and Security

Where We Store Data

• Primary Database: MySQL database hosted on secure cloud infrastructure
• Cache Layer: Redis for temporary storage of processing states
• Logging System: OpenSearch for operational logs and analytics

Security Measures

We implement industry-standard security measures including:

• Encrypted data transmission using HTTPS
• Secure storage of access tokens and sensitive data
• Regular security audits and monitoring
• Access controls and authentication mechanisms

Third-Party Services

We use the following third-party services to provide our Service:

• OpenAI: For AI-powered tag and content generation (GPT-4 API)
• AWS Rekognition: For image analysis and tag suggestions
• Google Cloud Natural Language: For text analysis and SEO optimization
• Shopify: For store integration, billing, and API services
• Mailjet: For transactional email communications

Each third-party service has its own privacy policy and data handling practices. We encourage you to review their policies.

Data Sharing and Disclosure

We do not sell, trade, or rent your personal information. We may share your information only in the following circumstances:

• With Your Consent: When you explicitly authorize us to share information
• Service Providers: With third-party services necessary to operate the App (as listed above)
• Legal Requirements: To comply with laws, regulations, court orders, or legal processes
• Protection of Rights: To protect our rights, property, safety, or that of our users
• Business Transfers: In connection with a merger, acquisition, or sale of assets

Data Retention

We retain your information for as long as necessary to provide the Service and comply with our legal obligations:

• Active Account Data: Retained while your Shopify store uses our App
• Transaction Records: Retained for 7 years for accounting and tax purposes
• Generated Content: Retained unless you request deletion
• Log Data: Retained for 90 days for operational purposes

Your Rights and Choices

Access and Control

You have the right to:

• Access: Request a copy of the information we hold about your store
• Correction: Request corrections to inaccurate information
• Deletion: Request deletion of your data (subject to legal retention requirements)
• Portability: Receive your data in a structured, machine-readable format
• Opt-out: Uninstall the App to stop data collection

For European Residents (GDPR)

If you are located in the European Economic Area, you have additional rights under GDPR:

• Right to object to processing
• Right to restrict processing
• Right to lodge a complaint with supervisory authorities

We process your information based on:

• Contract: To fulfill our service agreement with you
• Legitimate Interests: To operate and improve our business
• Legal Obligations: To comply with applicable laws

For California Residents (CCPA)

California residents have specific rights under the California Consumer Privacy Act, including the right to know, delete, and opt-out of the sale of personal information. We do not sell personal information.

Children's Privacy

Our Service is not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If we discover we have collected information from a child, we will delete it immediately.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. We will notify you of material changes by:

• Updating the "Effective Date" at the top of this policy
• Sending an email notification to store administrators
• Displaying a notice in the App dashboard

International Data Transfers

Your information may be transferred to and processed in countries other than your own. These countries may have different data protection laws. We ensure appropriate safeguards are in place for international transfers.