Privacy policy

How Citewise uses Shopify merchant data.

This policy explains what data Citewise processes when merchants install and use our Shopify app.

Effective date: June 7, 2026

Citewise is built for merchant AI visibility workflows. We do not need checkout, payment card, order, customer address, or protected customer data to provide the core app.

1. Who we are

Citewise, also referred to as GEO for Shopify in product materials, is a Shopify app that helps merchants understand and improve how AI assistants and search experiences interpret their store.

For privacy questions, contact us at support@citewise.cc.

2. Data we collect from merchants

When a merchant installs or uses Citewise, we may process:

  • Shop domain, Shopify shop ID, app installation status, locale, and billing status.
  • Brand profile settings such as brand name, aliases, competitors, and preferred language.
  • Keywords or prompts that the merchant chooses to track across AI platforms.
  • AI scan results, detected brand mentions, citations, competitors, timestamps, and usage counters.
  • llms.txt drafts, published llms.txt content, regeneration history, and merchant edits.
  • Schema.org configuration such as organization name, logo URL, contact details, and social profile URLs.
  • Page audit inputs, generated recommendations, and copy-ready AI fix suggestions.

3. Data we access from Shopify

Citewise uses Shopify APIs only to provide app functionality. Based on the merchant's enabled features and approved permissions, we may read store information such as products, collections, pages, themes, locales, and app-owned metafields. We may write app-owned metafields, web pixel settings, or billing subscription records when required by the feature the merchant uses.

4. Customer and visitor data

Citewise is not designed to read protected customer data such as customer names, email addresses, phone numbers, shipping addresses, payment details, orders, or checkout contents.

If the merchant enables AI traffic attribution, the app's Shopify web pixel may process limited storefront event data such as an anonymous client or session identifier, page URL, referrer, country or region, device category, and event timestamp. This data is used to help merchants understand AI-referred storefront traffic. It is not used to identify individual shoppers.

5. How we use data

We use merchant and store data to:

  • Run AI visibility scans for merchant-selected keywords.
  • Generate dashboard metrics, recommendations, and content briefs.
  • Generate and publish llms.txt files through Shopify app proxy.
  • Render Schema.org JSON-LD through the theme app extension.
  • Measure plan quotas, billing status, and monthly usage.
  • Provide support, security, debugging, abuse prevention, and service reliability.

6. AI and third-party processors

Citewise may send merchant-provided prompts, public storefront content, product or page metadata, and app-generated context to AI model providers so the app can produce scans, summaries, audits, and recommendations. We avoid sending protected customer data to AI providers.

We also use infrastructure and service providers for hosting, database storage, queues, security, DNS, and app delivery. These may include Shopify, Cloudflare, cloud hosting providers, database providers, and AI model providers.

7. Data sharing

We do not sell merchant or shopper personal data. We share data only with service providers needed to operate Citewise, when a merchant directs us to publish app-generated storefront content, or when required by law, platform rules, security, or fraud prevention.

8. Data retention and deletion

We retain data while the app is installed and as needed to provide the service, comply with legal obligations, resolve disputes, enforce agreements, and maintain security. After uninstall, we stop processing new Shopify data and delete or anonymize app data within a reasonable period unless retention is required for legal, billing, security, or audit purposes.

Citewise supports Shopify privacy webhooks for customer data requests, customer deletion requests, and shop deletion requests.

9. Security

We use administrative, technical, and organizational safeguards designed to protect app data. These include HTTPS, signed Shopify requests, session validation, access controls, and operational logging. No online service can guarantee absolute security.

10. International processing

Citewise and its processors may process data in countries other than the merchant's country. Where required, we use appropriate safeguards for cross-border processing.

11. Changes to this policy

We may update this policy to reflect product, legal, or operational changes. The effective date above shows when the current version took effect.

12. Contact

Questions or requests can be sent to support@citewise.cc.