Curated For You

Privacy Policy

Curated For You and its subsidiary and affiliate companies and/or identities (collectively, “Curated For You” “we,” “us” or “our”) recognize the importance of protecting the information collected from users in the operation of its services, and take reasonable steps to maintain the security, integrity and privacy of any information in accordance with this Privacy Policy. By submitting your information to Curated For You you consent to the practices described in this policy. If you are less than 18 years of age, then you must first seek the consent of your parent or guardian prior to submitting any personal information.

Curated For You will seek to ensure that any identifiable personal information it collects during the registration and purchasing processes will be adequate, relevant and not excessive for purposes of operating its websites or any of its services and it will be kept accurate and up-to-date based on the information provided.

How We Collect Information

Curated For You collects information from you in two ways: directly from your input and automatically through Curated For You’s website technologies.

Information You Provide

The types of personal information that Curated For You collects directly from you may include:

  • Contact details, such as your name, email address, postal address and telephone number;

  • IP addresses;

  • Demographic and background information;

  • Usernames and passwords;

  • Payment information, such as a credit or debit card number;

  • Assessment and survey responses

  • Comments, feedback, posts and other content you submit to a Curated For You service; and

  • Communication preferences.

In order to access certain content and to make use of additional functionality and features of Curated For You’s websites and services, we may ask you to register for an account by completing and submitting a registration form, which may request additional information.

Information We Receive From Other Sources 

Curated For You may hold information about you if you use any of the other websites we operate or the other services we provide. We also work closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, content management agencies) and may receive information about you from them.

Use Of Your Information  

Curated For You may use your personal information in the following ways:

  • To carry out our obligations arising from any contracts entered into between you and us and to provide you with information about products and services that you request from us;

  • To provide you with information about other products, events and services we offer that are similar to those you have already purchased or inquired about or other communications containing information about new products and services or upcoming events of ours, our affiliates and non-affiliated third parties such as societies and sponsors, if you have consented to receive this information;

  • For internal business and research purposes and to help enhance, evaluate and develop our websites, products and services and to develop new products and services;

  • To notify you about changes or updates to our websites;

  • To notify you about changes or updates to our products and services if you have consented to receive this information;

  • To respond to your requests, inquiries, comments or concerns;

  • To administer our services and for internal operations, including troubleshooting, data analysis, testing, statistical and survey purposes;

  • To allow you to participate in interactive features of our service, when you choose to do so; and

  • As part of our efforts to keep our site safe and secure;

  • For any other purpose that we may notify you of from time to time, providing that we have sought your consent.

Curated For You may use your assessment responses to further our research and in some cases we make this available to third parties, but only in the form of anonymous, aggregated data that does not reveal your identity or personal information. 

Disclosure Of Your Information

Curated For You will not disclose your personal information to any third party except as follows:

  • Where necessary in connection with services provided by intermediaries, who are required to comply with this policy. These service providers provide us with a wide range of office, administrative, information technology, production and business management services;

  • If you voluntarily provide information in response to an advertisement, with the third party serving the advertisement;

  • In order to comply with the law or requests by law enforcement agencies, to enforce our Terms and Conditions or to protect the rights, property or safety of our services, users or others; and

  • In the event that all or substantially all of the business or assets of Curated For You relating to this service are sold or otherwise assigned to another entity, personally identifiable information may be transferred to such entity; and

  • Where necessary in connection with providing services on behalf of third parties, such as your identified advisors, institutions, and societies, providing we have your consent.
    Curated For You may disclose to carefully chosen third parties navigational and transactional information in the form of anonymous, aggregate usage statistics (including “page views” on this website and the products therein) and demographics but only in forms that do not reveal your identity or personal information.

Cross Border Transfers  

Curated For You may transfer your personal information outside of your country of residence for the following reasons:

  • In order to process your transactions.

This may occur on servers in countries other than the country where you live. Curated For You has sub-contractor partners in several countries, Such processing may include, among other things, the fulfillment of your order, the processing of your payment details and the provision of support services.

By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy and all applicable data protection laws.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to us; any transmission is at your own risk. Once we have received your information, we will use all commercially reasonable efforts to prevent unauthorized access to such information.

Links

Curated For You’s websites or services may include links to third party websites. In using such links, please be aware that each third party website is subject to its own privacy and data protection policies and is not covered by our privacy policy.

Changes To This Privacy Policy 

Please note that Curated For You’s Privacy Policy is reviewed periodically. Curated For You reserves the right to modify its Privacy Policy at any time without notice. Any changes to the policy will be posted on this page. 

Your Rights

You have the right to ask us not to process your personal data for marketing purposes. We will inform you (before collecting your data) and shall seek your consent to use your data for such marketing purposes or to disclose your information to any third party for such marketing purposes. You can exercise your right to prevent such processing by checking certain boxes on the consent forms we use when collecting your personal data. If at any point you wish to access your personal information to (1) change your preferences, (2) review the accuracy, or (3) correct, supplement or modify your information, you may do so by using our online contact form. 

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

Contact Us

If you have any questions about our privacy policy please contact us.

Curated For You – Privacy Policy & Terms of Service

Privacy Policy

Curated For You: Curations  |  Developer: Curated For You, Inc. ("CFY", "we", "us", "our")  |  Effective date: March 2026

1. Introduction

This Privacy Policy describes how the Curated For You: Curations Shopify app ("the App") collects, uses, stores, and deletes data when installed on a Shopify merchant store. This policy applies exclusively to merchants and authorized store operators who install the App through the Shopify App Store. For our general corporate privacy practices beyond this App, see curatedforyou.io/privacy-policy.

The App accesses merchant data through Shopify's APIs, subject to Shopify's API License and Terms of Use and Shopify's Privacy Policy.

Curated For You, Inc. acts as an independent data controller for the merchant business data described in this policy — we determine how and why this data is processed to provide the App's services. We do not act as a data processor for end-customer personal data, because the App does not collect such data.

The App is a B2B integration tool. It is operated by and for Shopify merchants — it does not interact directly with end consumers.

2. Information We Collect Through Shopify's APIs

Through Shopify's APIs, we collect and store the following data when you install the App:

  • Store domain — your .myshopify.com domain (e.g., yourstore.myshopify.com)
  • Shopify store ID — the numeric identifier Shopify assigns to your store
  • OAuth access token — received through Shopify's OAuth flow during installation; authorizes the App to read and write collections on your behalf. Stored in GCP Secret Manager, never written to our application database in plaintext.
  • Collection metadata — names, handles, and product counts for Shopify collections you request CFY to manage

The App requests only the API scopes necessary for its function: reading and writing product collections. It does not request access to orders, customers, payments, or any other store data.

Providing store data is a contractual requirement for using the App. Without it, the App cannot authenticate to Shopify or sync collections on your behalf.

3. Information We Collect Directly from Merchants

When you use the App or contact our support team, we may also collect:

  • Support communications — emails or messages you send to our support address, including any store details you share in those communications. Support communications are retained for no more than 24 months after the relevant issue is resolved.
  • App usage preferences — any settings or configuration choices you make within the App

4. Information We Collect from Merchants' Customers

The App does not collect, access, store, or process any end-customer personal data.

Specifically, the App does not access:

  • Customer names, email addresses, or contact information
  • Order history or transaction data
  • Payment information
  • Customer browsing behavior, session data, or analytics
  • Any data accessible via Shopify's Customer or Order APIs

The App does not use cookies or similar tracking technologies. Authentication is handled via Shopify's session token mechanism.

This policy applies exclusively to data collected through the Curated For You: Curations Shopify app. Data collected through the Shopify app is not shared with or used by CFY's other services.

5. How We Use Collected Information

We use the data described above solely to provide the App's core functionality: syncing AI-curated product collections from Curated For You into your Shopify store's collections.

The legal basis for processing your store data is the performance of our contract with you (GDPR Article 6(1)(b)) — specifically, providing the collection-syncing service you install the App to use. For processing not strictly necessary for service delivery, the legal basis is our legitimate interest (GDPR Article 6(1)(f)) in improving App functionality, ensuring service reliability, and maintaining platform security.

We do not:

  • Sell your data to third parties
  • Use your data for advertising or marketing purposes
  • Use your data for profiling or automated decision-making beyond app functionality
  • Share your data with third parties except as required to operate the service (e.g., GCP infrastructure providers)

6. How AI Curation Works

The App uses artificial intelligence algorithms to generate collection recommendations based on collection metadata and product attributes — not on end-customer personal data or behavior. The quality of recommendations depends on the completeness and accuracy of your product metadata. AI-generated recommendations are tools for merchant decision-making; they do not produce legal effects on any individual. Merchants retain full control over which recommendations to accept and can override any AI-generated curation at any time.

7. Data Storage, Security, and International Transfers

All data is stored and processed on Google Cloud Platform (GCP) infrastructure in the us-central1 (Iowa, United States) region. OAuth access tokens are stored exclusively in GCP Secret Manager — they are never logged or stored in plaintext.

Data is transmitted over encrypted connections (TLS/SSL). Access to stored data is restricted to authorized CFY personnel and automated systems required to operate the service.

For merchants in the European Economic Area (EEA) or United Kingdom: Your data is transferred to and processed in the United States. These transfers are protected by Standard Contractual Clauses (SCCs) approved by the European Commission, incorporated through our agreement with Google Cloud Platform. Google LLC holds EU-US Data Privacy Framework certification, which provides an additional transfer mechanism for EEA-to-US transfers. For UK merchants, transfers are additionally covered by the UK International Data Transfer Addendum to the SCCs. If you have questions about the specific safeguards in place, contact us at shopify@curatedforyou.io.

8. Data Retention and Deletion

While the App is installed and active, we retain your store data and collection metadata for as long as needed to provide the service. Collection metadata is refreshed on each sync and not retained beyond its operational purpose. OAuth tokens remain active until the App is uninstalled or you revoke access through your Shopify admin. Support communications are retained for no more than 24 months after resolution.

On uninstall, Shopify notifies us via the app/uninstalled webhook. Shopify subsequently sends a shop/redact webhook instructing us to delete your store's data. Upon receiving this request, we:

  • Delete your OAuth access token from GCP Secret Manager
  • Mark your store record as deleted in our database

All store data is fully deleted within 30 days of the shop/redact webhook.

9. GDPR Compliance

We support all three mandatory Shopify GDPR compliance webhooks. Upon receiving any of these webhooks, we respond immediately with a 200-series status code confirming receipt. Any required actions are completed within 30 days of receipt, consistent with Shopify's compliance requirements.

WebhookOur Response
customers/data_request Acknowledged immediately upon receipt with a 200 response. Because the App does not collect or store end-customer personal data, there is no customer data to export. No further action is required because no customer data exists.
customers/redact Acknowledged immediately upon receipt with a 200 response. Because the App does not collect or store end-customer personal data, there is no customer data to delete. No further action is required because no customer data exists.
shop/redact Acknowledged immediately upon receipt with a 200 response. OAuth token deleted from GCP Secret Manager; store record marked deleted in our database within 30 days of receiving this webhook.

10. Third-Party Service Providers

We share data only with the infrastructure providers required to operate the App:

  • Google Cloud Platform — compute, storage, and secret management (us-central1 region)

We do not use third-party analytics, advertising, or tracking services within the App.

11. Security Incident Notification

In the event of a data breach involving your store's data, we will:

  • Notify the relevant data protection supervisory authority within 72 hours of becoming aware of the breach, where the breach is likely to result in a risk to the rights and freedoms of natural persons, as required by GDPR Article 33.
  • Notify affected merchants without undue delay where the breach is likely to result in a high risk to their rights and freedoms, as required by GDPR Article 34. Notification will be sent to the email address associated with your Shopify account.

12. Your Rights

As a merchant, you have the following rights regarding your data:

  • Access — request a copy of the data we hold about your store
  • Correction — request correction of inaccurate data
  • Deletion — request deletion of your store's data at any time (uninstalling the App also initiates deletion per Section 8)
  • Portability — request your data in a structured, machine-readable format

To exercise any of these rights, contact us at shopify@curatedforyou.io. We will respond within 30 days.

EEA and UK merchants: You also have the right to lodge a complaint with your local data protection supervisory authority if you believe your data has been processed unlawfully. A list of EEA supervisory authorities is available at edpb.europa.eu. UK merchants may contact the Information Commissioner's Office (ICO) at ico.org.uk.

13. US State Privacy Rights

We do not sell personal information or share it for cross-context behavioral advertising as defined under the California Consumer Privacy Act (CCPA/CPRA).

For California merchants: You may request access to or deletion of your data by contacting shopify@curatedforyou.io. We will not discriminate against you for exercising these rights.

For merchants in other US states with applicable privacy laws (Virginia, Colorado, Connecticut, and others): equivalent rights apply. Contact us at the address below to exercise them.

14. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through the App's interface or via the email address associated with your Shopify account at least 30 days before taking effect. If you do not agree to the modified policy, you may uninstall the App within that 30-day period without penalty. Continued use of the App after the effective date constitutes acceptance of the updated policy. The effective date at the top of this page reflects the most recent revision.

15. Contact

For privacy questions related to the Curated For You: Curations Shopify app:

Email: shopify@curatedforyou.io
Company: Curated For You, Inc.

Terms of Service

Curated For You: Curations  |  Developer: Curated For You, Inc. ("CFY", "we", "us", "our")  |  Effective date: March 2026

1. Agreement to Terms

By installing the Curated For You: Curations app through the Shopify App Store, you ("Merchant") agree to these Terms of Service. You must be an authorized operator of the Shopify store on which the App is installed. If you do not agree to these terms, do not install the App.

Shopify is not a party to this agreement. The App operates under Shopify's Partner Program and is subject to Shopify's API License and Terms of Use, which may independently affect service availability. Nothing in these Terms creates any obligation or liability for Shopify.

2. Description of Service

The App syncs AI-curated product collections from Curated For You's platform into your Shopify store's collections. It operates as an embedded app within the Shopify Admin interface. Core functionality — reading and writing Shopify collections — depends on an active Shopify OAuth authorization.

AI disclaimer: The App uses artificial intelligence algorithms to generate collection recommendations. These recommendations are automated suggestions based on product metadata and may not account for all factors relevant to your business. Merchants are responsible for reviewing all AI-generated curations before publishing them to customers.

3. Account and Access

Installation requires granting the App OAuth authorization to read and write your store's collections. You are responsible for maintaining the security of your Shopify account and for any activity that occurs under your authorization. Notify us immediately at shopify@curatedforyou.io if you suspect unauthorized access.

4. Permitted Use and Restrictions

You may use the App solely for its intended purpose: managing AI-curated product collections in your Shopify store. You agree not to:

  • Attempt to reverse engineer, decompile, or extract the App's source code
  • Use the App for any unlawful purpose or in violation of Shopify's Partner Program policies
  • Attempt to gain unauthorized access to CFY's systems or other merchants' data
  • Resell, sublicense, or distribute access to the App

5. Intellectual Property

CFY retains all ownership of the App, its underlying algorithms, AI models, and software. You retain ownership of your Shopify store data, product catalog, and collection content. By using the App, you grant CFY a limited license to access and modify your Shopify collections solely as necessary to provide the service.

6. Data Handling

Data collection and use are governed by the Privacy Policy above, which is incorporated into these Terms by reference. You are responsible for your own compliance with applicable privacy laws regarding your customers' personal data.

CFY acts as an independent data controller for merchant data as described in the Privacy Policy. Because CFY does not process personal data on behalf of the merchant, a separate data processing agreement under GDPR Article 28 is not required.

7. Collection Modifications and Backup

The App performs write operations on your Shopify store's collections — adding, modifying, and reorganizing products within collections based on AI-generated recommendations. We recommend that merchants maintain backups or records of their collection configurations before enabling CFY-managed curation.

CFY is not liable for unintended modifications to collections resulting from automated operations. See Section 10 for limitation of liability terms.

On termination: Collections created or modified by the App persist in your Shopify store after uninstall in their last-synced state. CFY does not delete or alter your Shopify collections upon termination — they remain under your full control.

8. Service Availability and Modifications

The App is provided on an "as available" basis. CFY reserves the right to modify, suspend, or discontinue the App at any time. We will provide at least 30 days' notice of material changes or discontinuation where reasonably possible. If you do not agree to modified Terms, you may uninstall the App within 30 days of notice without penalty. Continued use after the 30-day notice period constitutes acceptance of the modified Terms. CFY is not liable for any interruption or discontinuation of the service.

9. Disclaimer of Warranties

The App is provided "as is" and "as available" without warranties of any kind, express or implied. CFY does not guarantee specific business outcomes from AI-generated curations, a particular level of service uptime, or that the App will meet every merchant's requirements.

10. Limitation of Liability

To the maximum extent permitted by applicable law, CFY's total liability to you for any claims arising from the App shall not exceed the greater of $250 and the total fees paid by you to CFY in the twelve months preceding the claim. CFY is not liable for any indirect, incidental, special, consequential, or punitive damages.

Nothing in this section limits CFY's liability for: (a) death or personal injury caused by CFY's negligence; (b) fraud or fraudulent misrepresentation; (c) gross negligence or willful misconduct; or (d) any liability that cannot be excluded by applicable law.

In jurisdictions that do not permit limitation of liability for certain categories of damages, the limitations above apply to the maximum extent permitted by applicable law.

11. Indemnification

By Merchant: You agree to indemnify and hold CFY harmless from any claims, damages, or expenses (including reasonable legal fees) arising from your misuse of the App, your violation of these Terms, or your violation of any third-party rights.

By CFY: CFY will defend, indemnify, and hold you harmless from any third-party claims alleging that the App itself, as provided by CFY, infringes or misappropriates any patent, copyright, trademark, or trade secret, provided that you: (a) promptly notify CFY of the claim; (b) give CFY sole control of the defense; and (c) cooperate reasonably with CFY's defense. This indemnification does not apply to claims arising from your customization or misuse of the App.

12. Termination

Either party may terminate this agreement at any time — you by uninstalling the App through your Shopify admin, CFY by revoking API access. Upon termination, your data will be deleted per the timeline described in the Privacy Policy. Collections created or modified by the App persist in your Shopify store as described in Section 7. Sections 5, 9, 10, 11, 13, and 14 survive termination.

13. Governing Law and Dispute Resolution

These Terms are governed by the laws of the State of Delaware, without regard to conflict of law principles.

Arbitration: Any dispute arising from these Terms or the App will be resolved by binding arbitration administered by the American Arbitration Association under its Commercial Arbitration Rules, before a single arbitrator. Arbitration shall take place in Wilmington, Delaware, or remotely by videoconference at the arbitrator's discretion. Each party is responsible for its own costs unless the arbitrator determines otherwise.

Small claims exception: Either party may bring claims in small claims court for disputes within that court's jurisdictional limit, without first submitting to arbitration.

Opt-out: You may opt out of mandatory arbitration within 30 days of first installing the App by sending written notice to shopify@curatedforyou.io with the subject line "Arbitration Opt-Out." Opting out does not affect any other provision of these Terms.

Either party may seek injunctive or other equitable relief in a court of competent jurisdiction for claims involving intellectual property or unauthorized access.

14. General Provisions

These Terms, together with the Privacy Policy, constitute the entire agreement between you and CFY regarding the App. If any provision is found unenforceable, the remaining provisions remain in effect. CFY's failure to enforce any provision is not a waiver. You may not assign these Terms without CFY's written consent. These Terms do not create any third-party beneficiary rights.

15. Contact

Questions about these Terms:

Email: shopify@curatedforyou.io
Company: Curated For You, Inc.
Last updated: March 2026