Privacy Policy for Trustify: AI Reviews & SEO

Privacy Policy for Trustify: AI Reviews & SEO Last Updated: May 20, 2026

1. Introduction & Commitment to Privacy Welcome to Trustify AI Reviews & SEO ("we", "our", the "App"), an enterprise-grade application developed by Mango Labs. We hold ourselves to the highest global standards of data privacy. This Privacy Policy outlines how we securely collect, process, syndicate, and protect your data when you integrate our App with your Shopify store. By installing the App, you acknowledge and agree to these data practices.

2. Information We Collect To provide our services seamlessly, we access specific, strictly scoped data points from your Shopify environment:

  • Merchant Information: We collect your store name, domain, admin email, and localization settings strictly to provision your dashboard, deliver critical operational updates, and provide specialized technical support.

  • Customer Personally Identifiable Information (PII): We securely process customer names, email addresses, and order history strictly to act as your Data Processor. This data is used solely to trigger and deliver automated review requests on your behalf.

  • Google Integrations (OAuth): If authenticated, we request access to your Google Search Console and Google Analytics 4 accounts.

3. Google API Services User Data Policy Compliance Trustify relies on Google’s Application Programming Interface (API) Services to deliver advanced "Google Telemetry" and "SEO Radar" analytics. We disclose the following regarding how our application accesses, uses, stores, and shares Google user data:

  • Read-Only Access: We request strictly read-only scopes (analytics.readonly and webmasters.readonly). This data is exclusively used to visualize performance metrics and organic traffic within your isolated Shopify dashboard. Specifically, this data powers the "SEO Radar" dashboard, the "CTR Optimization Engine" for snippet analysis, and our "Keyword Performance" analytics tool. For our Keyword Discovery feature, we access the Search Console v1 API to read exclusively the search queries and pages that already index on your specific domain. This read-only access is processed to generate internal performance reports.

  • No Data Brokerage: We do not write, modify, or manipulate your Google configurations. Your Google data is never sold, rented, or transferred to third-party advertising networks or data brokers.

  • Limited Use Adherence: Trustify's use and transfer to any other app of information received from Google APIs will strictly adhere to the Google API Services User Data Policy, including the Limited Use requirements.

4. Review Syndication & Public Data As an application designed to optimize search engine visibility, we distinguish between private PII and public review content. When your customers submit a product review, the content of the review, the assigned rating, and the display name (e.g., "John D.") are considered public data. We use this public data to generate SEO-rich snippets and may syndicate this review content to search engines (including Google Seller Ratings and Google Shopping) to enhance your store's organic reach, provided you have enabled these features.

5. Artificial Intelligence Data Processing & SEO Optimization Trustify employs Artificial Intelligence to synthesize review summaries and generate SEO enhancements. We maintain a strict boundary for AI processing:

  • SEO Optimization & Suggestions: We analyze your Google Search Console and GA4 data to provide actionable insights, such as high-potential keyword identification, meta-tag improvements, and strategic content suggestions aimed at increasing your organic Click-Through Rate (CTR) and conversion rates. Specifically, for generating suggested SEO Keywords, our AI engine analyzes your product metadata (title, description, and average rating) to infer optimized keywords. This process is entirely generative; we do not perform web scraping, nor do we consult external search volume APIs or third-party data brokers.

  • Zero-PII Training: Customer emails, order details, and private merchant data are never used to train public or external AI foundational models. AI is utilized strictly as a secure processing layer to analyze public review text and authorized Google metrics to generate insights.

6. Mechanisms for Protecting Sensitive Data We implement enterprise-grade security protocols to protect all personal information and provide explicit mechanisms for protecting sensitive data, including data obtained through Google APIs:

  • Encryption In Transit & At Rest: All sensitive information and Google user data is securely transmitted using strict SSL/TLS encryption (HTTPS). Furthermore, all sensitive data and authentication tokens are encrypted at rest within our secure cloud databases.

  • Restricted Access Control: Access to our databases is strictly governed by the Principle of Least Privilege. Only authorized core infrastructure has access to authentication tokens and analytics data. We actively monitor and restrict unauthorized physical or digital access.

  • No Data Brokerage / Sub-processor Security: Data is processed exclusively for the operational functionality of the App (e.g., populating your isolated dashboard). We do not share, sell, rent, or transfer personal or sensitive data to third-party advertising networks, data brokers, or unauthorized entities under any circumstances. We only utilize vetted sub-processors (cloud infrastructure providers) bound by strict Data Processing Agreements (DPAs).

7. Data Subject Rights (GDPR, CCPA & Global Privacy Laws) We fully support your compliance with global privacy frameworks (including GDPR and CCPA).

  • Right to Erasure: If a customer requests the deletion of their personal data via your Shopify storefront, we automatically intercept Shopify's mandatory data-erasure webhooks and permanently purge the associated PII from our databases within the legally required timeframe.

  • Direct Requests: Merchants or customers may also initiate data access or deletion requests directly via our privacy team.

8. Contact Our Privacy Team For data deletion requests, GDPR/CCPA inquiries, or questions regarding this policy, please contact our compliance team at: support@mangolabs.icu

9. Data Retention Policy We do not store your data indefinitely. We adhere to strict data minimization principles. PII and OAuth tokens are retained only for as long as your Shopify store maintains an active subscription to our App. Upon uninstallation of the App, we automatically initiate a secure data purge protocol, deleting your store's sensitive configuration and customer PII from our active databases within 30 days, in compliance with Shopify’s mandatory data-erasure requirements. Aggregated, anonymized data may be retained solely for statistical and system improvement purposes.

10. International Data Transfers Our App is operated globally. If you are accessing our App from the European Economic Area (EEA), the UK, or other regions with comprehensive data protection laws, your data may be transferred to, stored, and processed in the United States or other jurisdictions. We safeguard these international transfers by implementing robust legal mechanisms, including Standard Contractual Clauses (SCCs) and strict Data Processing Agreements with our sub-processors, ensuring your data receives an adequate level of protection regardless of where it is hosted.

11. Incident Response & Data Breach Notification While we implement enterprise-grade security, no system is completely impenetrable. In the unlikely event of a verified security breach that compromises the confidentiality of Merchant, Customer PII, or sensitive Google user data, Mango Labs is committed to a rapid response protocol. We will notify affected merchants via the administrative email on file without undue delay (and strictly within the timeframes mandated by applicable laws such as GDPR/CCPA), detailing the nature of the breach, the data involved, and the mitigation steps taken.

12. Children's Privacy (COPPA Compliance) Our App is exclusively designed for business-to-business (B2B) use by Shopify merchants. It is not intended for, nor do we knowingly collect or solicit personal information from, children under the age of 13 (or the applicable age of consent in your jurisdiction). If we learn that we have inadvertently collected personal information from a child without verified parental consent, we will take immediate steps to permanently delete that information.