Privacy Policy

Effective Date: April 6, 2026

Last Updated: April 6, 2026

1. Introduction

InstaFAQ ("we," "our," or "us") is an application designed to help merchants easily create, manage, and display FAQ sections on their online storefronts. The app offers AI-powered FAQ generation and enhancement, multi-language translation, customizable display widgets, category organization, and performance analytics.

This Privacy Policy describes how we collect, use, store, and protect information when you install and use InstaFAQ through the Shopify App Store. By installing the app, you agree to the practices described in this policy.

2. Information We Collect

2.1 Store & Account Information

  • Shopify Store Domain: Collected during installation and used to identify your store throughout all app operations.
  • Shopify Access Token: Issued by Shopify upon installation; used exclusively to authenticate API requests on your behalf. Stored securely and never exposed to third parties beyond what Shopify's platform requires.
  • Merchant Contact Details: Name and email address as provided through Shopify, used for support and service communications.

2.2 Content You Create

  • FAQ Content: Questions, answers, and rich-text formatting you author or import into the app.
  • Categories: Category names and ordering configurations you create to organize FAQs.
  • Translated Content: FAQ translations in languages you activate; including AI-generated translations and any manual edits you apply.
  • Widget Settings: Display preferences, styling configurations, and placement settings for your storefront FAQ widget.

2.3 Usage & Performance Data

  • Feature Usage Logs: Actions performed within the app such as FAQ creation, AI generation requests, translation triggers, exports, and widget configuration changes.
  • AI Credit Activity: Records of AI credit consumption per action (generation, enhancement, translation) and credit purchase history.
  • Error & Performance Logs: System error logs, API response times, and health metrics used to maintain app reliability.
  • Browser & Device Information: Browser type, operating system, and IP address when accessing the app admin panel within Shopify.

2.4 Storefront Analytics

  • FAQ View Counts: Aggregated, anonymized counts of how many times each FAQ is viewed on your public storefront.
  • No Visitor PII: We do not collect, store, or process any personally identifiable information about your store's end customers or visitors.

3. How We Use Your Information

3.1 Core App Functionality

  • Store and serve FAQ content on your Shopify storefront via the app widget and storefront proxy.
  • Manage FAQ categories, ordering, and publishing state.
  • Generate, enhance, and suggest FAQ content using AI (requires and deducts AI credits).
  • Translate FAQ content into multiple languages via AI-powered translation.
  • Enable export of FAQ data in supported formats.
  • Enforce plan-based limits (e.g., maximum FAQ count, language count) according to your active subscription tier.

3.2 Analytics & Insights

  • Display dashboard statistics including total FAQs, storefront view counts, active languages, and top-performing FAQs.
  • Provide trend data (7-day / 30-day) to help you understand how shoppers engage with your FAQ content.

3.3 Service Operations & Improvement

  • Diagnose and fix technical issues, errors, and performance bottlenecks.
  • Monitor system health and ensure uptime of the app and storefront widget.
  • Develop and test new features and improvements.

3.4 Communications

  • Respond to merchant support requests and technical queries.
  • Send transactional notifications related to your subscription, AI credit balance, or important service changes.
  • Notify you of material updates to this Privacy Policy.

4. Information Sharing & Disclosure

We do not sell, rent, or trade your personal information to any third party.

4.1 Service Providers

We share limited data with trusted providers who help us operate the app:

  • Shopify: Store authentication and session management as required by Shopify's platform.
  • AI Service Providers: FAQ content you submit for AI generation, enhancement, or translation is transmitted to our AI provider for processing. Content is processed transiently and not retained by the provider beyond the scope of the request.
  • Cloud Infrastructure Providers: App backend, database, and file hosting services used to run InstaFAQ.
  • Customer Support Tools: Platforms used to manage and respond to merchant support tickets.

All third-party providers are bound by data processing agreements that restrict use of your data to service delivery purposes only.

4.2 Legal Obligations

We may disclose information when required to:

  • Comply with applicable law, regulations, or legal process (e.g., court orders, subpoenas).
  • Respond to lawful requests from government or regulatory authorities.
  • Protect the rights, property, or safety of InstaFAQ, our users, or the public.

4.3 Business Transfers

If InstaFAQ undergoes a merger, acquisition, or sale of assets, your data may be transferred to the successor entity. We will notify affected merchants in advance of any such transfer.

5. Data Security

5.1 Security Measures

We apply industry-standard safeguards to protect your data, including:

  • Encryption of all data in transit via HTTPS/TLS.
  • Encryption of sensitive data at rest.
  • Access controls ensuring only authorized personnel can access production systems.
  • API authentication using Shopify-issued session tokens, validated on every request.
  • Regular security reviews and dependency audits.

5.2 Data Retention

  • FAQ Content & Settings: Retained for as long as the app is installed on your store.
  • Analytics & Usage Logs: Retained on a rolling 90-day basis.
  • AI Credit Logs: Retained for the lifetime of your active subscription.
  • Post-Uninstallation: All store-associated data is permanently deleted within 30 days of app uninstallation, triggered by Shopify's app/uninstalled webhook.
  • Legal Hold: Data may be retained beyond the above periods if required to comply with applicable law.

6. Your Rights & Choices

6.1 Data Access & Control

As a merchant using InstaFAQ, you have the right to:

  • Access the FAQ content and settings stored for your store at any time through the app.
  • Export your FAQ data using the built-in export feature.
  • Request correction or deletion of your data by contacting our support team.
  • Request a copy of personal data we hold about you.

6.2 Managing Your Data In-App

  • Edit, reorder, publish, or delete any FAQ or category from the FAQ Manager.
  • Enable or disable languages and manage translations in the Translation settings.
  • Update widget appearance and placement in Widget Settings.

6.3 Uninstallation

  • Uninstalling the app from your Shopify admin immediately removes the storefront widget and initiates data deletion from our systems within 30 days.
  • You may contact us to request expedited deletion.

7. Storefront Visitors

The InstaFAQ widget is rendered on your public storefront through a Shopify storefront proxy. When your store's customers interact with the FAQ widget:

  • We record only an anonymized increment to the view counter for each FAQ item.
  • No names, emails, IP addresses, or any other personally identifiable information belonging to your store visitors is collected, transmitted to, or stored by InstaFAQ.
  • No tracking cookies or fingerprinting scripts are placed on your storefront by this app.

8. International Data Transfers

InstaFAQ is operated from India. Your data may be processed by cloud infrastructure or service providers located in other countries. Where such transfers occur, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses (SCCs) as approved by relevant data protection authorities.
  • Data processing agreements with all sub-processors establishing equivalent protection standards.
  • Compliance with applicable cross-border data transfer regulations including GDPR Chapter V requirements.

9. Children's Privacy

InstaFAQ is a business tool designed exclusively for Shopify merchants and is not directed at individuals under the age of 13. We do not knowingly collect personal data from children. If we become aware that such data has been collected, we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When material changes are made, we will:

  • Post the updated policy at this URL with a revised "Last Updated" date.
  • Display an in-app notice within the Shopify admin panel.
  • Where required by law, obtain your consent before applying changes.

Continued use of the app following the effective date of any update constitutes acceptance of the revised policy.

11. Compliance

This Privacy Policy is designed to comply with applicable data protection laws and platform requirements, including:

  • GDPR — General Data Protection Regulation (EU/EEA)
  • CCPA — California Consumer Privacy Act (USA)
  • PIPEDA — Personal Information Protection and Electronic Documents Act (Canada)
  • PDPB — India's Personal Data Protection framework
  • Shopify Partner Program Requirements — including data minimization, webhook-triggered deletion, and transparent disclosure obligations

GDPR Legal Bases for Processing

  • Contract Performance: Processing necessary to deliver the app services you have subscribed to.
  • Legitimate Interest: Service improvement, error monitoring, and security.
  • Consent: AI processing of your FAQ content for generation and translation.
  • Legal Obligation: Where retention or disclosure is required by law.

CCPA Data Categories Collected

  • Identifiers: Store domain, account email address.
  • Commercial Information: Subscription plan, AI credit purchases and balances.
  • Internet Activity: App feature usage, FAQ view analytics.
  • Professional Information: Business name and merchant contact details.