Privacy Policy

Last updated: April 11, 2026

Prana is a Shopify app operated by Rohit Sharma, based in India, trading as Prana AI ("we", "us", "our"). Prana helps merchants optimise product descriptions for AI-powered search engines. This privacy policy explains what data we collect, how we use it, and your rights.

1. What data we collect

We collect and store the following data when you install and use Prana:

• Merchant account information: Your email address (used for authentication), Shopify store domain, and store name.
• Product data: Product titles, descriptions, handles, categories, images, and metadata from your Shopify store. This is used to generate AI-optimised descriptions.
• Public storefront content: We fetch content from your public product pages — including structured data (JSON-LD), ingredient lists, specification tables, and customer review summaries — to improve the quality of AI-generated descriptions. We only access pages on your own store, never third-party sites.
• Generated content: Rewritten product descriptions, meta titles, meta descriptions, and FAQ content that Prana creates for you.
• Transaction records: Credit purchase history and usage records for billing and audit purposes.

2. What data we do NOT collect

Prana does not collect, store, or process any end-customer (buyer) data. We have no access to your customers' names, emails, addresses, payment information, or order history. All customer data remains in Shopify's systems.

3. How we use your data

• Product optimisation: We read your product data and storefront content to generate AI-optimised descriptions, meta tags, and FAQ content.
• Publishing: We write optimised content back to your Shopify store via the Shopify Admin API.
• Scoring: We analyse your product descriptions to provide AI-readiness scores and improvement recommendations.
• Billing: We use Shopify Billing API for credit purchases. Transaction records are kept for financial compliance.
• Authentication: Your email address is used to identify your account and enable login.

Legal basis for processing (GDPR): We process your data on the following bases: to perform our contract with you (product optimisation, publishing, billing); to comply with legal obligations (financial record-keeping); and for our legitimate interests in operating and improving the service (security, analytics). You may object to processing based on legitimate interests at any time by contacting us.

4. Data sharing

We do not sell, rent, or share your data with third parties, except:

• AI processing: Product descriptions are sent to Anthropic's Claude API for rewriting. We do not send customer data to Anthropic — only product content. Anthropic does not use data submitted via its commercial API to train its models: your product content is used solely to generate the response. Review Anthropic's data usage policy.
• Infrastructure: Your data is stored on Supabase (hosted on AWS, US East). If you are based in the EU, this constitutes a transfer of personal data outside the EEA. Supabase processes EU data under Standard Contractual Clauses. See Supabase's privacy policy.
• Analytics: We use PostHog to understand how merchants use Prana (e.g., which features are used most). PostHog may collect usage events, page views, and anonymised device information. See PostHog's privacy policy.
• Shopify: We interact with your store through Shopify's APIs. See Shopify's privacy policy.

5. Data retention

• Active accounts: We retain your data as long as your account is active and the app is installed.
• After uninstall: When you uninstall Prana, we revoke our access token immediately. Your generated content (descriptions, FAQs, meta tags) is preserved in case you reinstall — this is work you paid for with credits. Public storefront content we fetched (structured data, review text, specification tables) is deleted within 30 days of uninstall.
• Financial records: Credit transaction records are retained as required by applicable financial regulations.
• Account deletion: To request full deletion of your account and all associated data, contact us at support@pranaai.pro. We will process your request within 30 days.

6. International data transfers

Your data is processed and stored in the United States (via Supabase on AWS). If you are located in the European Economic Area (EEA), United Kingdom, or other jurisdiction with data transfer restrictions, your data will be transferred to the US under appropriate safeguards, including Standard Contractual Clauses where applicable.

7. Your rights

Under GDPR, CCPA, and similar regulations, you have the right to:

• Access: Request a copy of the data we hold about you.
• Correction: Request correction of inaccurate data.
• Deletion: Request deletion of your data (subject to legal retention requirements for financial records).
• Portability: Request an export of your account data and generated content. We will provide this in JSON or CSV format within 30 days.
• Object: Object to processing based on legitimate interests.

To exercise any of these rights, contact us at support@pranaai.pro.

8. Security

We use industry-standard security measures to protect your data:

• All data is transmitted over HTTPS.
• Shopify access tokens are stored server-side and never exposed to the browser.
• Row-level security policies restrict data access to authorised users only.
• Webhook signatures are verified using HMAC-SHA256 to prevent unauthorised access.

Data breach notification: In the event of a personal data breach affecting your data, we will notify you without undue delay and, where we are acting as controller, we will notify applicable supervisory authorities within 72 hours of becoming aware of the breach, as required by GDPR Article 33.

9. Cookies and local storage

Prana uses session cookies and browser local storage to maintain your login state. Our analytics provider (PostHog) may also set a cookie to track usage across sessions. We do not use advertising or tracking cookies.

10. Age of users

Prana is a B2B tool for Shopify merchants and is not directed at children under 16. We do not knowingly collect data from anyone under 16. If you believe we have inadvertently collected such data, contact us and we will delete it.

11. Changes to this policy

We may update this privacy policy from time to time. We will notify you of significant changes via the app or email before they take effect. For material changes affecting how your data is processed, we will seek your acknowledgement before continuing.

12. Contact and data processing agreement

For questions about this privacy policy or your data, or to request a Data Processing Agreement for your own GDPR compliance, contact us at:
support@pranaai.pro

A Data Processing Agreement is available on request for merchants who act as data controllers and require a signed DPA under GDPR Article 28.