ucpoptimizer

Privacy Policy

Last updated: 1 July 2026

UCP Optimizer ("the app", "we") is operated by Barikreativa srl. This policy explains what data the app processes when a merchant installs it on their Shopify store, and how that data is handled.

1. What we process

The app works on product catalog data to score and optimize it for AI shopping agents. We process:

  • Product data: titles, descriptions, variants, media metadata, tags, categories, metafields.
  • Shop metadata: shop domain, installed plan, access scopes, encrypted access token.
  • Derived visibility metrics: agentic rank, presence, competitor seller domains (aggregates only).

We do not collect or store customer personal data (names, emails, addresses, phone numbers, or order PII). The app does not require these to function.

2. How we use it

  • Compute the Agentic Readiness Score and generate grounded enrichment suggestions.
  • Monitor how products appear inside AI agents via the Shopify Catalog MCP.
  • Write approved attributes and copy back to the merchant's catalog (only on explicit action).

3. Subprocessors

  • Supabase (PostgreSQL, EU region — Frankfurt) — application database.
  • Render (EU region — Frankfurt) — application hosting.
  • OpenAI — LLM enrichment generation, under a data processing agreement with zero training on inputs.
  • Shopify — Admin API and Catalog MCP, per the Shopify API License and Terms of Use.

4. Catalog MCP data

In line with Shopify Catalog usage guidelines, the app does not cache catalog search results or third-party product images. Only derived metrics (rank, presence, seller domain) are stored.

5. Data location & retention

Data is stored in the EU. Visibility history is retained according to the merchant's plan (30–365 days) and older records are purged automatically. All data is deleted when the app is uninstalled and on receipt of a shop/redact request.

6. Security

Access tokens are encrypted at rest (AES-256-GCM). Access is least-privilege (product read/write only). All traffic is served over TLS.

7. Your rights (GDPR)

Merchants may request access, correction, export, or deletion of their data. We honor Shopify's mandatory compliance webhooks (customers/data_request, customers/redact, shop/redact). Since no customer PII is stored, customer redaction requests are acknowledged as no-ops.

8. Contact

Barikreativa srl — ivan@barikreativa.com.