Privacy Policy

Last updated 6/16/2026

What PASSIM collects

To operate, PASSIM stores: your account email, the URL of the Shopify store you connect, metadata about the articles we generate (titles, word count, publish status), and OAuth tokens needed to publish to Shopify and submit URLs to Google Search Console.

We do not collect Shopify customer PII. We read blog content and shop metadata only — never order, checkout, or customer records.

How we use it

Exclusively to operate PASSIM for you: generating articles that match your brand, publishing them to your blog, and reporting indexing status. We do not sell data. We do not use your content to train third-party models.

Subprocessors

Supabase (Postgres + auth hosting)
Vercel (application hosting)
Anthropic (Claude API for content generation)
Google (Search Console + Indexing APIs, for your site only)
Shopify (Admin API, for the shops you connect)
Stripe (billing)
Resend (transactional email)

Google API Services

PASSIM uses Google APIs (Search Console, Indexing) to provide service to customers who explicitly connect their Google accounts. Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We do not transfer Google user data to third parties, do not use it for advertising, and do not allow humans to read it except (a) as necessary for security or to comply with applicable law, or (b) with the connected user's explicit consent.

We request only the minimum scopes needed: webmasters.readonly (read-only Search Console performance data) and indexing (submit PASSIM-published article URLs for indexing on the customer's verified property). PASSIM never modifies Search Console settings, sitemaps, or properties, and never submits URLs that PASSIM did not itself publish.

Storage & encryption

Data lives in Supabase Postgres (AWS us-east). OAuth tokens are stored in the database and access is restricted to the PASSIM service role key. We do not store payment card details — Stripe handles those directly.

Deletion

Uninstall the PASSIM Shopify app and we immediately invalidate and remove your access token. Request full account deletion by emailing hello@usepassim.co — we remove your sites, keywords, articles, and tokens within 30 days. Shopify's shop-redact webhook triggers the same cascade 48 hours after uninstall.

Contact

Questions, or to exercise rights under GDPR / CCPA: hello@usepassim.co.