Gravitate

Privacy Policy

This Privacy Policy explains how Car Tech Studio Ltd ("Gravitate", "we", "our", "us") collects, uses, shares, and protects information in connection with our Shopify app and web properties (collectively, the "Service").

By using the Service, you agree to the practices described here. If you do not agree, please do not use the Service.

Last updated: 8 August 2025 (Version 1.0)

Who we are and how to contact us

  • Legal entity: Car Tech Studio Ltd
  • Address: 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom
  • Email: hello@usegravitate.com

We provide an AI-powered SEO app for Shopify merchants. This policy applies to the Gravitate web app at usegravitate.com and our Shopify app listing.

Scope and audience

  • This policy applies to merchants and users of our Service in the US, UK, Canada, Australia, and Europe (and elsewhere, as applicable).
  • The Service is designed for business users and is not directed to children.

Summary (quick read)

  • We collect merchant account data, Shopify store metadata and content required to operate the app (e.g., products, collections, selected analytics), and Google Search Console metrics if you connect it.
  • We do not process buyer/customer PII and do not use it in our AI or analytics. While our app requests Shopify read_orders access, we do not process or retain buyer PII.
  • We use trusted processors: Supabase (hosting, database, Edge Functions), Shopify (APIs & webhooks), Google (GSC), PostHog (analytics, session replay, heatmaps), n8n Cloud EU (workflow automation), and OpenRouter (LLM routing limited to OpenAI, Anthropic, Google Gemini, and Perplexity).
  • We delete store data when you uninstall and honor Shopify's mandatory compliance webhooks.
  • We use a cookie/consent banner and maintain reasonable technical and organizational security measures.

Information we collect

We only collect the minimum information necessary to provide and improve the Service.

1) Account and authentication

  • Merchant account (email, user ID) via Supabase Auth.
  • Shopify shop domain, access token, granted scopes, and shop profile info when you connect your store.

2) Store data from Shopify (as permitted by scopes)

  • Product and collection data (titles, descriptions, handles, images, SEO fields), online store pages metadata, product feeds/listings.
  • Limited analytics and reports, themes metadata where required for features.
  • Orders access scope (read_orders) is requested for app operations, but we do not process buyer/customer PII and do not use this data in AI, analytics, or storage.

3) Google Search Console (optional)

  • Verified sites for your property and aggregated page-level metrics (clicks, impressions, CTR, position) when connected.
  • OAuth tokens are stored as secrets (not in plain tables). We do not ingest Google account profile data beyond what's required for OAuth.

4) Product analytics and telemetry

  • PostHog Cloud: event analytics, session replay, and heatmaps to improve UX.
  • Technical telemetry (e.g., request metadata, performance) necessary to operate the Service.

5) Device, cookies, and local storage

  • First‑party cookies for UI preferences (e.g., sidebar state) and consent.
  • Local/session storage for transient UI/flow state (e.g., OAuth state); we do not store sensitive data in browser storage.

Information we do not collect

  • We do not process buyer/customer PII for our features or models, and we do not send such data to analytics or AI providers. Although read_orders is an installed scope, we do not ingest or use buyer PII.
  • We do not collect special categories of personal data.

Legal bases (EEA/UK where applicable)

  • Performance of contract: to provide the Service you requested.
  • Legitimate interests: product analytics (PostHog), security, fraud prevention, and Service improvements—with safeguards and opt-outs where required.
  • Consent: cookies/consent where applicable in your region and for optional features.

How we use information

  • Provide and operate the Service, including analyzing SERPs, generating SEO suggestions, applying changes with your approval, and displaying GSC metrics.
  • Improve UX and reliability through analytics, session replay, and heatmaps (with masking; see Security & Privacy Controls below).
  • Communicate about Service updates, security, or support.

Sharing and processors

We use carefully selected service providers who act as processors on our behalf. We do not sell personal data.

We restrict OpenRouter routing to the providers listed above and do not use China-based model providers.

Cookies and similar technologies

  • We use a cookie/consent banner for regional compliance.
  • First‑party cookies are used for UI preferences and analytics.
  • You can manage preferences through the banner or your browser settings. Some functionality may be limited if cookies are disabled.

Your rights

Depending on your location, you may have rights to access, correct, delete, restrict, object, or port certain data, and withdraw consent where applicable. We will respond within 30 days.

How to submit a request: email hello@usegravitate.com using the email associated with your account and include your shop domain to help us verify identity.

Children

The Service is intended for business users. We do not knowingly collect data from anyone under 18. If you believe a minor has provided data, contact us to delete it.

Billing

All merchant charges go through the Shopify Billing API. We do not process card details.

Changes to this Policy

We may update this Policy from time to time. If we make material changes, we will notify active users by email and/or through the Service. The "Last updated" date at the top will reflect the latest version.

Contact

Car Tech Studio Ltd

71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom

Email: hello@usegravitate.com