Privacy Policy

What PASSIM collects

To operate, PASSIM stores: your account email, the URL of the Shopify store you connect, metadata about the articles we generate (titles, word count, publish status), and OAuth tokens needed to publish to Shopify and submit URLs to Google Search Console.

We do not collect Shopify customer PII. We read blog content and shop metadata only — never order, checkout, or customer records.

How we use it

Exclusively to operate PASSIM for you: generating articles that match your brand, publishing them to your blog, and reporting indexing status. We do not sell data. We do not use your content to train third-party models.

Subprocessors

• Supabase (Postgres + auth hosting)
• Vercel (application hosting)
• Anthropic (Claude API for content generation)
• Google (Search Console + Indexing APIs, for your site only)
• Shopify (Admin API, for the shops you connect)
• Stripe (billing)
• Resend (transactional email)

Storage & encryption

Data lives in Supabase Postgres (AWS us-east). OAuth tokens are stored in the database and access is restricted to the PASSIM service role key. We do not store payment card details — Stripe handles those directly.

Deletion

Uninstall the PASSIM Shopify app and we immediately invalidate and remove your access token. Request full account deletion by emailing hello@passim.app — we remove your sites, keywords, articles, and tokens within 30 days. Shopify's shop-redact webhook triggers the same cascade 48 hours after uninstall.

Contact

Questions, or to exercise rights under GDPR / CCPA: hello@passim.app.