Simple Product Feeds

Privacy Policy

Effective date: 2026-04-28 · Last updated: 2026-04-28

1. Who we are

Simple Product Feeds (the "Service", "app", "we", "us", "our") is a Shopify app operated by Simple Product Feeds, LLC (1383 Haddon Road, Columbus, OH 43209). The Service syncs Shopify product catalogs into product feeds for advertising channels including Google Merchant Center, Meta, Microsoft Advertising, and Pinterest.

This policy explains what data we collect from Shopify merchants who install our app, how we use it, who we share it with, and what rights you have under applicable privacy laws including the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

2. Data we collect

When you install Simple Product Feeds, we receive the following data via Shopify's Admin API, scoped to the permissions you grant at installation:

Shop information

  • Shop ID, Shopify domain (e.g., your-store.myshopify.com), shop name, and primary locale
  • Shop subscription plan and billing status (via Shopify Billing API)

Product catalog data

  • Products and variants, including titles, descriptions, prices, SKUs, images, vendor, product type, tags
  • Inventory levels (via the read_inventory scope)
  • Translated product content where merchants enable language feeds (via the read_translations and read_locales scopes)
  • Custom metafields you choose to include in your feed

Configuration you provide

  • Feed configuration: rules, column mappings, settings, and channel selections you create inside the app
  • Connected channel credentials (e.g., Google Merchant Center OAuth tokens) for channels you choose to connect
  • Support communications you send through the in-app Support tab

Operational metadata

  • API request logs (timestamps, paths, response codes) for debugging and rate limiting
  • API key usage data when you generate developer keys: request count, last-used timestamp, last-used IP address

3. Data we do NOT collect

  • Customer personal data. We do not access your customers' names, addresses, emails, order history, or any other customer-level information. The app does not request the read_customers or read_orders Shopify scopes.
  • Payment card data. All billing is handled by Shopify's Billing API. We never see card numbers, CVV codes, or bank account details.
  • Shopify staff personal data. Beyond the shop owner email already exposed by Shopify on app install, we do not collect personal information about your staff.

4. How we use your data

  • Generate product feeds and serve them to your connected advertising channels
  • Apply transformation rules and column mappings you configure
  • Categorize products against the Google product taxonomy via AI categorization (when you opt in)
  • Provide support when you contact us
  • Operate the Service (logging, error monitoring, rate limiting)
  • Bill subscriptions and manage plan changes (via Shopify Billing)
  • Improve the Service in aggregate (we do not train AI models on your individual product data)

5. Sub-processors and third parties

We rely on the following third-party processors. Each processes data only as necessary to provide their service to us, under contractual data processing terms:

  • Shopify, Inc. — origin of merchant and product data; billing
  • Heroku (Salesforce, Inc.) — application hosting
  • Amazon Web Services, Inc. (AWS S3) — feed file storage
  • Anthropic, PBC — AI categorization (when enabled)
  • Google LLC — Merchant Center sync (only for shops that connect Google as a channel)
  • Meta Platforms, Inc. — Meta catalog sync (only for shops that connect Meta as a channel)
  • Microsoft Corporation — Microsoft Advertising sync (only for shops that connect Microsoft)
  • Pinterest, Inc. — Pinterest catalog sync (only for shops that connect Pinterest)
  • Papertrail (SolarWinds Worldwide, LLC) — log aggregation

We do not sell your data to third parties. We do not share data with advertisers, data brokers, or marketing networks beyond the channels you explicitly connect.

6. Data retention

We retain your shop and product data for as long as the app is installed on your shop, plus 90 days after uninstallation. After 90 days, your data is permanently deleted, except where we are required to retain it longer for legal, audit, or regulatory reasons (for example, billing records).

When you uninstall the app, Shopify automatically sends us a shop/redact webhook. We honor that webhook by initiating deletion of your shop's data on the schedule above.

Support tickets and communications are retained for up to two years after the last interaction, then deleted.

7. Your rights under GDPR

If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have the following rights under GDPR:

  • Right of access — request a copy of personal data we hold about you
  • Right to rectification — correct inaccurate or incomplete data
  • Right to erasure ("right to be forgotten") — request deletion of your data
  • Right to restrict processing — limit how we use your data
  • Right to data portability — receive your data in a machine-readable format
  • Right to object — object to processing based on legitimate interests
  • Right to lodge a complaint with your local data protection authority

To exercise any of these rights, contact support@simpleproductfeeds.com. We will respond within 30 days. Note: most data the Service holds belongs to shops (your business), not to individual data subjects. Customer-level personal data is not in scope because we don't collect it.

As a Shopify Partner, we also honor the customers/data_request, customers/redact, and shop/redact compliance webhooks Shopify sends on behalf of merchants and their customers.

8. Your rights under CCPA (California)

If you are a California resident, the California Consumer Privacy Act gives you the right to:

  • Know what categories of personal information we collect and how we use it (this section explains that)
  • Request deletion of personal information we hold about you
  • Opt out of the sale of personal information — we do not sell personal information
  • Be free from discrimination for exercising your privacy rights

To exercise these rights, email support@simpleproductfeeds.com.

9. Security

We protect your data with reasonable and appropriate technical and organizational measures:

  • Encryption in transit — all traffic uses TLS 1.2 or later
  • Encryption at rest — database and S3 storage encrypted using AES-256
  • Scoped API access — Shopify access tokens are stored encrypted; merchant API keys are stored hashed
  • Access controls — production systems are accessible only to authorized personnel using multi-factor authentication
  • Audit logging — administrative actions are logged and reviewed

No system is completely secure. If you believe your data has been compromised, contact us immediately at support@simpleproductfeeds.com.

10. International data transfers

Our servers are operated by Heroku in the United States. If you are located outside the U.S., your data will be transferred to and processed in the U.S. We rely on Standard Contractual Clauses (SCCs) and other lawful transfer mechanisms where required by GDPR.

11. Children's data

The Service is not directed to individuals under the age of 16, and we do not knowingly collect personal information from minors. If you believe we have collected such data, contact us at support@simpleproductfeeds.com and we will delete it.

12. Changes to this policy

We may update this privacy policy from time to time. Material changes will be communicated to active merchants via email or in-app notification at least 30 days before they take effect. The "Last updated" date at the top of this page reflects the most recent revision. Continued use of the Service after a policy update constitutes acceptance of the revised terms.

13. Governing law

This privacy policy is governed by the laws of Ohio, without regard to conflict-of-law principles.

14. Contact us

For privacy questions, data-rights requests, or to report a concern: