Privacy Policy

Last updated: 2026-05-21

This Privacy Policy describes how BlockPress ("BlockPress", "we", "us", or "our") collects, uses, and shares information when you install and use the BlockPress app for Shopify (the "App") and visit related websites (collectively, the "Service"). By installing the App you agree to this policy.

1. Information we collect

1.1 Information from your Shopify store

When you install BlockPress, Shopify grants the App access to the following resources based on the permissions you approve:

  • Blog articles, blogs, and metafields (write_content) — to create, edit, and publish posts you author through BlockPress.
  • Files (write_files) — to upload images and other media you attach to posts.
  • Products (read-only) (read_products) — so you can pick products to reference in product-card and product-slider blocks.
  • Themes (read-only) (read_themes) — to render previews that approximate your storefront's styling.

We do not request and do not access customer-side personal information (orders, customer records, contact information, payment details).

1.2 Information generated through the App

When you use BlockPress, we store:

  • Article drafts, autosaved revisions, and saved layout templates.
  • Author profiles you create within the App (name, role, bio, avatar, social links you provide).
  • AI usage events (timestamp, action type, model used) for plan-quota enforcement and billing.
  • Subscription state (active plan tier, status, billing-period dates) returned by Shopify Billing.
  • Per-article analytics events submitted by the tracking pixel embedded in published articles: page views, session-scoped scroll depth, time on page, anonymous session id, referrer, and a coarse device classification (mobile/tablet/desktop). The session id is randomly generated and stored in the visitor's browser sessionStorage; it is not linked to any personal identifier.

1.3 Information from your interactions

  • App usage telemetry (page views inside the App, error logs) to diagnose issues.
  • Account contact information you provide directly (e.g. via support email).

2. How we use information

We use the information we collect to:

  • Provide, operate, and maintain the App.
  • Generate AI-assisted content suggestions through Anthropic's API on your explicit request.
  • Bill you according to your selected plan (via Shopify Billing).
  • Render analytics and the Article Health dashboard back to you inside the App.
  • Communicate with you about service updates, billing, and support.
  • Detect, prevent, and address abuse, fraud, or technical issues.

We do not sell your information or your customers' information. We do not train AI models on your content.

3. How we share information

We share information only with the following categories of recipients:

  • Anthropic, PBC — your prompts and the content you submit to AI features are sent to Anthropic's API to generate completions. Anthropic processes the data per its commercial usage terms and does not train on API inputs.
  • Shopify — as required to operate inside the Shopify Admin and process billing.
  • Vercel — our hosting provider (United States). Data in transit is encrypted with TLS.
  • Supabase / our database provider — encrypted at rest.
  • Legal and regulatory authorities — when required by law or to enforce our rights.

We do not share information with advertising networks, data brokers, or marketing partners.

4. Data retention

  • Article drafts, revisions, and templates persist while your subscription is active.
  • Analytics events are retained for 12 months and then automatically purged.
  • AI usage ledger rows are retained for 24 months for billing reconciliation, then purged.
  • Upon uninstallation, Shopify fires a shop/redact webhook to us 48 hours later. We delete all shop-scoped data within 7 days of that webhook firing (well under the 30-day GDPR deadline).
  • Author profiles you publish as standalone author pages (via Shopify Pages) remain in your Shopify store until you delete them; BlockPress's local copy is purged with the rest of your data on uninstall.

5. Your rights

If you are a resident of the EU, EEA, UK, California, or any jurisdiction with similar laws, you may have the following rights:

  • Access — request a copy of personal data we hold about you.
  • Rectification — request correction of inaccurate data.
  • Deletion — request deletion of your data.
  • Portability — receive your data in a portable format.
  • Withdraw consent — uninstall the App at any time.

Shopify provides built-in GDPR workflows for the customers/data_request, customers/redact, and shop/redact topics. We honor all such requests within the timeframes Shopify mandates.

To exercise any of these rights directly, email privacy@blockpress.app. We will respond within 30 days.

6. Security

  • All data in transit is encrypted with TLS 1.2+.
  • Database connections require authenticated, TLS-encrypted sessions.
  • Anthropic API keys, Shopify session tokens, and database credentials are stored as encrypted environment variables.
  • The App is reviewed against the OWASP Top 10 during development.

No system is 100% secure. If we become aware of a breach affecting your data, we will notify you and the relevant authorities as required by law.

7. Children's privacy

BlockPress is a B2B SaaS tool for Shopify merchants. We do not knowingly collect information from anyone under 16.

8. International transfers

BlockPress is operated from the United States. By using the App, you consent to your information being transferred to and processed in the United States.

9. Changes to this policy

We may update this policy from time to time. Material changes will be announced in the App and via email to the support contact on your account at least 30 days before they take effect.

10. Contact

Questions about this Privacy Policy? Email privacy@blockpress.app.