Privacy Policy for b1: Bulk Product SEO Optimizer

Effective Date: July 27, 2025

Last Updated: July 27, 2025

1. Introduction

Welcome to b1: Bulk Product SEO Optimizer ("b1," "we," "us," or "our"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Shopify application.

By installing and using b1: Bulk Product SEO Optimizer, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with the terms of this policy, please do not access or use our application.

2. Information We Collect

2.1 Information Collected from Shopify

When you install our app, we receive certain information from Shopify, including:

• Store Information: Store domain, store name, store email, store phone number, store address
• Product Data: Product titles, descriptions, tags, types, handles, variants, SKUs, and other product-related metadata
• API Access Tokens: Necessary for authenticating requests between our app and your Shopify store

2.2 Information You Provide Directly

• Account Information: Email address and name when creating an account or contacting support
• Usage Data: Information about how you interact with our app, including features used, optimization settings, and preferences
• Support Communications: Any information you provide when contacting our support team

2.3 Automatically Collected Information

• Log Data: IP address, browser type, operating system, referring URLs, and pages visited
• Analytics Data: Performance metrics, error reports, and usage patterns (collected in aggregate)
• Cookies and Similar Technologies: Session cookies for authentication and user preferences

3. How We Use Your Information

We use the collected information for the following purposes:

3.1 Service Provision

• To provide and maintain the b1: Bulk Product SEO Optimizer functionality
• To process bulk edits and optimizations to your product data
• To save and manage your optimization templates and preferences
• To provide preview functionality before applying changes

3.2 Service Improvement

• To understand and analyze usage trends and preferences
• To improve our app's features and user experience
• To develop new features and functionality
• To monitor and prevent technical issues

3.3 Communication

• To send important updates about the service
• To respond to your inquiries and support requests
• To send occasional marketing communications (with your consent)

3.4 Legal and Security

• To comply with legal obligations
• To protect against fraudulent or illegal activity
• To enforce our Terms of Service

4. Data Storage and Security

4.1 Data Storage

• Your data is stored on secure servers
• We maintain data centers to ensure optimal performance
• Product data is temporarily cached during bulk operations and deleted after processing

4.2 Security Measures

We implement industry-standard security measures including:

• Encryption of data in transit using TLS/SSL protocols
• Encryption of sensitive data at rest
• Regular security audits and vulnerability assessments
• Access controls and authentication mechanisms
• Regular backups and disaster recovery procedures

4.3 Data Retention

• We retain your data only as long as necessary to provide our services
• Optimization history is retained for 90 days for undo functionality
• Account data is retained until you uninstall the app or request deletion
• Logs and analytics data are retained for 12 months

5. Information Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

5.1 Service Providers

We may share information with trusted third-party service providers who assist us in:

• Hosting and infrastructure services
• Analytics and performance monitoring
• Customer support tools
• Email communication services

All service providers are contractually obligated to maintain the confidentiality and security of your information.

5.2 Legal Requirements

We may disclose information if required to do so by law or in response to:

• Court orders or legal process
• Requests from law enforcement authorities
• Protection of our rights, property, or safety

5.3 Business Transfers

In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control.

6. Your Rights and Choices

6.1 Access and Portability

You have the right to:

• Access your personal information stored by our app
• Request a copy of your data in a portable format
• Review your optimization history and settings

6.2 Correction and Update

You can update or correct your information at any time through:

• Your app settings and preferences
• Contacting our support team

6.3 Deletion

You may request deletion of your data by:

• Uninstalling the app from your Shopify store
• Contacting us directly at lukas.knaebel@qlues.com

6.4 Opt-Out

You can opt-out of:

• Marketing communications by clicking "unsubscribe" in any email
• Analytics collection through your app settings
• Certain data processing activities by adjusting your preferences

7. International Data Transfers

If you are accessing our app from outside Germany, please be aware that your information may be transferred to, stored, and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers, including:

• Standard contractual clauses approved by relevant authorities
• Adherence to Privacy Shield principles (where applicable)
• Ensuring recipients provide adequate data protection

8. Children's Privacy

Our service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected such information, we will take steps to delete it promptly.

9. Third-Party Links and Services

Our app may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any information.

10. California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected
• Right to know whether personal information is sold or disclosed
• Right to say no to the sale of personal information
• Right to equal service and price

To exercise these rights, please contact us at lukas.knaebel@qlues.com.

11. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR) and related data protection laws:

11.1 Your Rights

• Right to be informed: Clear information about how we process your data
• Right of access: Obtain a copy of your personal data we hold
• Right to rectification: Correct inaccurate or incomplete data
• Right to erasure ("right to be forgotten"): Request deletion of your data in certain circumstances
• Right to restrict processing: Limit how we use your data
• Right to data portability: Receive your data in a machine-readable format
• Right to object: Object to certain types of processing, including direct marketing
• Rights related to automated decision-making: Not to be subject to purely automated decisions

11.2 Legal Basis for Processing

Under GDPR, we must have a lawful basis for processing your personal data:

Performance of Contract (Article 6(1)(b) GDPR)

• Providing the b1 app functionality
• Processing product optimizations
• Managing your account and preferences

Legitimate Interests (Article 6(1)(f) GDPR)

• Improving our services and features
• Ensuring security and preventing fraud
• Analyzing usage patterns (in aggregate)
• Sending service-related communications

Consent (Article 6(1)(a) GDPR)

• Marketing communications
• Optional analytics features
• Beta testing and feature previews

Legal Obligations (Article 6(1)(c) GDPR)

• Complying with tax and accounting requirements
• Responding to lawful requests from authorities

11.3 Data Protection by Design and Default

In accordance with Article 25 GDPR, we implement:

• Privacy considerations in all stages of development
• Default settings that protect your privacy
• Minimal data collection necessary for functionality
• Pseudonymization where possible

11.4 Data Processing Agreements

We maintain appropriate data processing agreements with:

• Shopify (as data controller)
• Our sub-processors (listed in Section 5.1)
• Any third parties handling personal data on our behalf

11.5 International Transfers

For transfers outside the EEA, we ensure adequate protection through:

• EU Standard Contractual Clauses (SCCs)
• Adequacy decisions by the European Commission
• Appropriate technical and organizational measures

11.6 Data Protection Officer

While we may not be legally required to appoint a DPO, we have designated a privacy contact:

Privacy Contact: lukas.knaebel@qlues.com
Address: Karl-Gruhl-Strasse 45, 14482 Potsdam, Germany

11.7 Supervisory Authority

You have the right to lodge a complaint with your local supervisory authority:

• List of EEA authorities: https://edpb.europa.eu/about-edpb/board/members_en
• UK: Information Commissioner's Office (ICO) - https://ico.org.uk
• Switzerland: Federal Data Protection and Information Commissioner (FDPIC)

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. We will notify you of any material changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last Updated" date
• Sending you an email notification (for significant changes)

13. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at:

b1: Bulk Product SEO Optimizer
Qlues
Karl-Gruhl-Strasse 45, 14482 Potsdam, Germany
Email: lukas.knaebel@qlues.com
Responsible Person: Lukas Knaebel

For Shopify-specific privacy concerns, you may also contact Shopify directly through their privacy portal.

14. Complaint Rights

If you believe we have not addressed your concerns adequately, you have the right to lodge a complaint with your local data protection authority. For users in the EEA, you can find your local authority at: https://edpb.europa.eu/about-edpb/board/members_en

15. Additional European Union Provisions

15.1 ePrivacy Directive Compliance

In accordance with the EU ePrivacy Directive (2002/58/EC) and related national implementations:

• We obtain consent before placing non-essential cookies
• We provide clear information about cookie usage
• We respect "Do Not Track" browser settings where technically feasible
• Electronic communications are sent only with appropriate consent

15.2 Data Breach Notification

In accordance with Article 33 and 34 GDPR:

• We will notify relevant supervisory authorities within 72 hours of becoming aware of a personal data breach (where feasible)
• We will notify affected individuals without undue delay when the breach is likely to result in high risk to their rights and freedoms
• We maintain records of all data breaches and remedial actions taken

15.3 Privacy by Design Implementation

Following Article 25 GDPR principles:

• Data Minimization: We only collect data necessary for specified purposes
• Purpose Limitation: Data is used only for stated, legitimate purposes
• Storage Limitation: Data is kept only as long as necessary
• Integrity and Confidentiality: We ensure appropriate security measures
• Accountability: We maintain documentation of our compliance efforts

15.4 Special Categories of Data

We do not intentionally collect special categories of personal data (Article 9 GDPR), including:

• Racial or ethnic origin
• Political opinions
• Religious or philosophical beliefs
• Trade union membership
• Genetic or biometric data
• Health data
• Data concerning sex life or sexual orientation

15.5 Automated Decision-Making

Our SEO optimization features may involve automated processing, but:

• No decisions with legal or similarly significant effects are made solely by automated means
• You can request human review of any automated optimization suggestions
• You maintain full control over implementing any recommended changes

15.6 Joint Controller Arrangements

For certain processing activities, we may act as:

• Data Processor: When processing data on behalf of your Shopify store
• Independent Controller: For our own business purposes (e.g., service improvement)
• Joint Controller: In limited circumstances with Shopify

15.7 European Representative

Our European Union representative for GDPR matters is:

Lukas Knaebel
Karl-Gruhl-Strasse 45, 14482 Potsdam, Germany
lukas.knaebel@qlues.com

15.8 Member State Specific Requirements

• Germany: We comply with the Federal Data Protection Act (BDSG) including enhanced employee data protections.
• France: We respect CNIL guidelines on cookies and tracking technologies.
• Italy: We follow the Italian Data Protection Authority's provisions on data breach notifications.
• Spain: We comply with LOPDGDD requirements for enhanced transparency.
• Netherlands: We adhere to Dutch implementation of GDPR including specific consent requirements.

15.9 Cross-Border Data Flows within EEA

Data may flow between EEA member states as part of our service provision. All such transfers are conducted in compliance with GDPR's free movement of data principles within the EEA.

Thank you for choosing b1: Bulk Product SEO Optimizer!
We appreciate your trust in Qlues and value your privacy.