Safora — Privacy Policy

Effective date: [fill at launch]

1. Who we are

Safora is a Shopify application operated by [SRL legal name once formed] ("we", "us"). We are based in Romania and act as a data controller for the limited data described below, and as a data processor for product data we read on your instructions through the Shopify Admin API.

For questions, e-mail safora@tandor.eu.

2. What data we process

a) Data we collect when you install the app

Shop domain (e.g. your-store.myshopify.com)
Shopify access token (encrypted)
Session metadata (locale, scope grants, timestamps)

We never receive the store owner's password, payment method, or banking information.

b) Data we read from your store

Through the Shopify Admin API, Safora reads:

Product titles, descriptions, product types, and featured images
Product metafields under the gpsr namespace
Subscription status (for plan gating)

Safora does not read or request customer data, order information, or payment information. The Shopify scopes Safora requests reflect this: write_products only.

c) Data we send to third-party AI providers

When you use the AI auto-fill feature, the following is sent to Anthropic, PBC:

Product title
Product type
Plain-text product description (HTML stripped)

Personal data is never sent to the AI. See Anthropic's policies at anthropic.com/legal/privacy.

d) Data we write to your store

When you save GPSR fields, Safora writes them as product metafields in your store, under the gpsr namespace. This data is yours and lives in your Shopify store — we do not maintain a separate copy.

3. Legal basis for processing (GDPR)

Contract performance — to provide the App's functionality
Legitimate interest — to maintain App security, prevent abuse, and improve service quality

We do not process special-category personal data and do not engage in automated decision-making with legal effect on data subjects.

4. Sub-processors

Sub-processor	Purpose	Location
Shopify	Hosting our API session, billing	Canada / Ireland
Anthropic	AI auto-fill	United States
Fly.io	App backend hosting	Frankfurt, EU

5. International transfers

Anthropic is based in the United States. Product title + description data sent to Anthropic is transferred under the EU Standard Contractual Clauses incorporated into our sub-processor agreement.

6. Data retention

Data	Retention
Shop session record	Until uninstall, then deleted within 48h
GPSR metafields	Stored in your Shopify store; we keep no separate copy
AI request logs	Up to 30 days for debugging, then purged
Billing records	As required by Shopify and Romanian tax law (typically 10 years)

7. Your rights (GDPR)

You can:

Access the data we hold
Rectify inaccurate data
Erase your data (uninstall)
Object to processing
Lodge a complaint with the Romanian Data Protection Authority (ANSPDCP — dataprotection.ro)

To exercise these rights, e-mail safora@tandor.eu. We respond within 30 days.

8. Security

TLS 1.2+ for all data in transit
Access tokens encrypted at rest
Production access restricted to authorized personnel only
No customer PII ever stored or processed

For security incidents, contact safora@tandor.eu.

9. Children's data

Safora is a B2B tool. We do not knowingly collect data from anyone under 16.

10. GDPR webhooks (Shopify mandatory)

customers/data_request — responds immediately with no content (Safora stores no customer data)
customers/redact — responds immediately with no content
shop/redact — deletes the session record and all shop-tied data

11. Changes

We may update this Privacy Policy. Material changes will be announced with 30 days' notice.

12. Contact

[Legal entity once SRL formed]
E-mail: safora@tandor.eu
Romanian DPA: dataprotection.ro