Back to Home

Privacy Policy

Last updated: January 2025

Introduction

Shopify Pagespeed Optimizer ("we," "our," or "us") operates as a Shopify application. This Privacy Policy explains how we collect, use, disclose, and otherwise handle your information when you use our application.

1. What Data We Collect

When you install and use Shopify Pagespeed Optimizer, we collect the following information:

Account Information

  • Your Shopify store domain
  • Your store name
  • Your email address (from Clerk authentication)

OAuth Credentials

  • Shopify access token (used to authenticate API requests)
  • Granted OAuth scopes (read_themes, read_products, read_content)

Performance Audit Data

  • Lighthouse audit results from your store's homepage
  • Performance metrics (scores, Core Web Vitals)
  • Full Lighthouse JSON report (used for AI analysis)

AI-Generated Data

  • Recommendations generated by Claude AI
  • Categories and impact levels assigned to recommendations

2. How We Use Your Data

We use the information we collect for the following purposes:

  • Running Lighthouse Audits: We use your store domain and access token to execute performance audits on your store's homepage
  • Generating Recommendations: We send your Lighthouse audit results to Claude AI to generate optimization recommendations
  • Displaying Results: We store and display audit results and recommendations in your dashboard
  • Improving the Service: We may use aggregated, anonymized data to improve app performance and features
  • Customer Support: We may use your information to respond to support requests

3. Data Storage & Security

Storage Location: Your data is stored in a PostgreSQL database hosted on Neon (serverless PostgreSQL).

Current Security: For our MVP (Minimum Viable Product), Shopify access tokens are stored in plaintext. This is a known limitation we plan to address in version 1.1 with full encryption.

Access Control:

  • All data access is authenticated through Clerk
  • You can only access your own store's data
  • Only you (the authenticated user) can trigger audits or view results

Planned Improvements: In version 1.1, we will implement token encryption at rest and enhanced security measures.

4. Data Sharing

We do not sell, rent, or trade your personal information. However, we share data with the following third parties to provide our service:

Shopify

We use your access token to authenticate requests to the Shopify API

Google PageSpeed Insights

We send your store URL to Google's PageSpeed Insights API to run Lighthouse audits

Anthropic (Claude AI)

We send your Lighthouse audit results to Claude AI to generate recommendations. We only send essential metrics, not sensitive business information

Clerk (Authentication)

We use Clerk to manage user authentication and store your email address

5. Data Retention

While Your Store is Connected: We retain all audit results and recommendations while your store remains connected to the app.

After Disconnection: When you disconnect your store, we:

  • Create a snapshot of your audit history for reference
  • Delete your Shopify access token immediately
  • Archive your audit data for 30 days
  • Permanently delete all data after 30 days

User Account Deletion: If you delete your Shopify Pagespeed Optimizer account through Clerk, all associated data is permanently deleted.

6. Your Privacy Rights

You have the following rights regarding your data:

  • Access: You can view all your data through the dashboard
  • Deletion: You can disconnect your store and delete all associated data at any time
  • Portability: You can export your audit results
  • Support Requests: You can request information about your data or request deletion by emailing support@taskon-ai.com

7. AI and Claude Processing

When we generate recommendations using Claude AI:

  • We send only essential Lighthouse metrics (no sensitive business data)
  • Claude processes the data to generate recommendations
  • Recommendations are stored in our database
  • We do not send personal information (email, store details) to Claude

For Anthropic's privacy practices, see Anthropic's Privacy Policy

8. Compliance & Legal

GDPR & CCPA: We are committed to complying with data protection regulations including GDPR (EU) and CCPA (California). If you have privacy rights requests, please contact us.

Shopify App Requirements: We follow Shopify's App Privacy Policy requirements and guidelines for handling merchant data.

9. Security Measures

We implement the following security practices:

  • HTTPS encryption for all data in transit
  • Secure OAuth implementation with CSRF protection
  • HMAC signature verification for request authenticity
  • Access control through Clerk authentication
  • Database access limited to authenticated users
  • No unauthorized API access or data sharing

10. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

Email: support@taskon-ai.com

Response Time: We aim to respond within 24-48 hours

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by updating the "Last Updated" date at the top of this page. Your continued use of the service after changes constitutes your acceptance of the updated policy.

Terms of ServiceSupportHome