Privacy Policy
Evolut SEO app
1. Introduction
This Privacy Policy explains how Evolut-SEO (“we”, “us”, “our”, or “the App”) collects, uses, protects, and shares personal information when you use our Shopify application. Evolut-SEO provides tools for SEO management, structured data generation, local business configuration, instructional schemas, and product review integration for Shopify stores.
We are committed to transparency and responsible data handling. This policy outlines what data we collect, how we use it, and the rights you have regarding your data.
2. Data We Collect
2.1 Shopify Store Data
When you install Evolut-SEO, we collect and access:
Store ID, domain name, and store name
Store owner email address
Address, city, postal code, country
Store phone number and description
Currency and timezone
Product information (titles, descriptions, images, SKUs, prices, availability)
Product variants and inventory
Product categories, tags, and collections
Customer reviews and ratings
2.2 Google OAuth & Search Console Data
When you connect your Google account:
OAuth 2.0 access and refresh tokens
Verified domain information from Google Search Console
Search analytics (queries, CTR, impressions, average position)
Google site verification tokens
Google Account ID and email
2.3 Structured Data & SEO Configuration
Schema.org settings (Organization, Product, WebPage, BreadcrumbList, LocalBusiness, HowTo)
Local business settings (type, opening hours, address, phone, social media links)
HowTo instruction data (steps, tools, supplies, images)
Business metadata and custom fields
Google verification metadata
2.4 Subscription & Billing Data
Subscription plan and status
Subscription ID and creation date
Billing cycles and renewal dates
Payment method information (processed via Stripe)
Stripe customer and subscription IDs
2.5 Third-Party Integration Data
Judge.me review content, ratings, reviewer names and dates
Judge.me API tokens
Shopify installation tokens
2.6 Session & Authentication Data
Session tokens and IDs
Authentication cookies
Device and browser information
IP address (security)
2.7 Diagnostics & Analytics Data
App usage statistics
Error logs and performance metrics
Request logs
Feature configuration choices
3. How We Use Your Data
3.1 App Functionality
We use your data to:
Generate and publish Schema.org structured data
Retrieve Google Search Console metrics
Configure LocalBusiness structured data
Build HowTo instructional schemas
Display product review ratings
Create site verification meta tags
Manage breadcrumb structured data
3.2 Subscription & Billing
Process billing via Shopify and Stripe
Manage subscription renewals, cancellations, refunds
Issue receipts and billing confirmations
3.3 Authentication & Authorization
Authenticate users via OAuth 2.0
Maintain secure sessions
Authorize access to Shopify and Google APIs
3.4 Service Improvement
Monitor performance and reliability
Debug and fix issues
Improve user experience and interface
Conduct security audits
3.5 Legal Compliance
Process GDPR access and erasure requests
Fulfill Shopify GDPR webhook obligations
Maintain audit logs
3.6 Security & Fraud Prevention
Prevent unauthorized access
Detect suspicious activity
Enforce Terms of Service
4. How We Share Your Data
4.1 Essential Service Providers
Your data may be shared with:
Shopify
– Access to store and product data
– Subscription and billing management
Google
– OAuth authentication
– Search Console analytics retrieval
Judge.me
– Review data integration
Stripe
– Secure payment processing
– Subscription management
4.2 Hosting & Infrastructure
Evolut-SEO is hosted on Gadget (Google Cloud Platform):
Secure backend infrastructure
Encrypted database storage
Enterprise-grade security controls
4.3 No Selling of Data
We do not:
sell personal data
share data for advertising
use data for targeted marketing
4.4 Legal Requirements
We may disclose your data if required to:
Comply with court orders or legal processes
Respond to government or regulatory requests
Protect our legal rights and users
5. Data Security
5.1 Encryption
TLS 1.2+ for all data transmission
Sensitive data encrypted at rest
Stripe handles all PCI-compliant payment processing
5.2 Access Controls
Role-based access restrictions
Logged administrative access
Authentication required for all API interactions
5.3 Infrastructure Protection
Regular security updates
DDoS protection and intrusion detection
Physical data center security
5.4 Audits & Testing
Security assessments
Code reviews and vulnerability scanning
Compliance checks
5.5 Incident Response
Documented breach response plan
User notification procedures
Backup restoration and disaster recovery
6. Data Retention
6.1 Active Users
Data is retained while your subscription is active.
Search Console analytics: 12 months.
6.2 Uninstallation
After uninstalling Evolut-SEO:
Data is kept for 30 days for potential reactivation
Permanently deleted after 30 days
Backup data removed within 90 days
6.3 Retention Schedule
Session data: 6 months
Logs: 90 days
Backups: 30–90 days
Audit logs: 12 months
Stripe billing data: 7 years (required by law)
6.4 Legal Holds
We may retain data longer to comply with:
Ongoing investigations
Tax or accounting requirements
Court orders
7. Your Rights
7.1 GDPR (EU Residents)
You have the right to:
Access your data
Correct inaccurate data
Request deletion (“right to be forgotten”)
Restrict processing
Receive your data in a portable format
Object to processing
Avoid automated decision-making
7.2 CCPA (California Residents)
You have the right to:
Know what personal information is collected
Request deletion
Know whether data is sold or disclosed
Opt-out of data sale (we do not sell data)
Non-discrimination for exercising your rights
7.3 Submitting Requests
You can request your rights via:
Your Shopify admin privacy tools
Contacting us using the details in Section 14
We respond within 30 days.
8. Cookies & Tracking
8.1 Types of Cookies
Session cookies (authentication)
Preference cookies (settings)
Security cookies (fraud prevention)
8.2 Third-Party Cookies
Used by: Shopify, Google, Stripe.
8.3 Analytics
We use anonymized analytics to improve performance.
You may disable cookies, but some features may not function.
9. Shopify Requirements
9.1 API Compliance
We comply with Shopify API Terms of Service and request only necessary permissions.
9.2 App Installation
You can uninstall Evolut-SEO at any time.
All store data access is immediately revoked.
9.3 GDPR Webhooks
We automatically process:
customers/data_request
customers/redact
shop/redact
9.4 Data Processing Agreement
Available for merchants who require a DPA.
Contact us to request it.
10. Third-Party Links
Our App may contain external links.
We are not responsible for the privacy practices of those websites.
11. Children’s Privacy
Evolut-SEO is not intended for children under 13.
We do not knowingly collect children’s data; if discovered, it will be deleted immediately.
12. International Data Transfers
We rely on:
EU–US Data Privacy Framework
Standard Contractual Clauses (SCCs)
Data may be processed in various jurisdictions, including the EU and US.
13. Changes to This Policy
13.1 Updates
We may update this policy periodically.
Major changes will be announced in advance.
13.2 Notification
Significant updates will be communicated via email or in-app notifications.
Continued use of the App after changes means acceptance.
14. Contact Information
Evolut
Email: dev@evolut.nl
Website: www.evolut.nl
Address: Regulusweg 11, 2516AC, Den Haag
Response Time: Within 30 days
14.2 Regulatory Authorities
You may contact:
EU: Your local Data Protection Authority
UK: Information Commissioner’s Office (ICO)
US: Federal Trade Commission (FTC)
California: Attorney General
14.3 GDPR Representative
Available upon request.
15. Definitions
Personal Data: Information identifying an individual
Processing: Any operation performed on personal data
Controller: Entity that determines processing purposes and methods
Processor: Entity that processes data on behalf of the controller
Data Subject: Person whose data is processed