Privacy Policy

Effective: May 2026 · Compliant with GDPR (EU) 2016/679

TL;DR for merchants: We only read your product catalogue data to generate SEO content. We do not store your raw product data. AI providers process it in transit only, with zero retention and zero model training. Your customers' data is never touched.

1. Data Controller

The data controller responsible for the processing of your personal data is:

TunaApps / AntiGravity
Dao Anh Tuan
Tan Thoi Nhat 11 Street
Dong Hung Thuan Ward, Ho Chi Minh City, Viet Nam
Email: contact@tuna-apps.xyz
Phone: +84 902 416 840

Data Controller TunaApps determines the purposes and means of data processing for the AEO App service.
Data Processor Third-party AI API providers (Google Gemini) act as Data Processors under a strict Data Processing Agreement.

2. What Data We Collect and Process

Data Category What Purpose Stored by TunaApps?
Shop Credentials Shop ID, API token (encrypted), shop domain Authenticate API calls to your Shopware store Yes — encrypted at rest (AES-256)
Product Metadata Product name, description, price, category, SKU Generate optimized SEO content via AI Temporary pass-through only — not persisted
Bot Telemetry AI bot User-Agent strings, visit counts (aggregated) Dashboard analytics — which AI engines crawl your store Yes — anonymized/aggregated, 90-day retention
Usage Metrics AI credit usage, optimization actions, timestamps Billing, quota enforcement, audit log Yes — 12-month retention, then auto-deleted
Customer PII Not applicable Never collected

⚠️ End-customer data: AEO App operates exclusively on the merchant side. We never access, process, or store data about your end-customers (buyers), including names, email addresses, order history, or payment information.

3. AI Processing — Zero Data Retention

AEO App uses Google Gemini API to generate optimized product titles, descriptions, and JSON-LD structured data. The following commitments apply to all AI processing:

🔒 Pass-through architecture: Product data is encrypted in transit (TLS 1.3), sent directly to the AI API, the generated content is returned, and the raw product data is immediately discarded. TunaApps does not store a copy of your raw product data in our database.

  • Zero Retention by AI Provider: We use Google Gemini via the Google Cloud API. Under Google's enterprise API terms, data submitted through paid API access is not used to train, improve, or fine-tune any public AI model. This is governed by Google Cloud's Data Processing Addendum (DPA).
  • No Model Training: Your product catalogue, brand information, and content are never used to train, improve, or fine-tune any AI model — neither by TunaApps nor by Google.
  • Encryption in transit: All API calls use TLS 1.3. No data is transmitted over unencrypted channels.
  • EU infrastructure: Our backend is hosted on Cloudflare Workers and D1 (EU regions). AI API calls are routed through Google Cloud's EU endpoints where technically feasible.

4. Legal Basis for Processing (GDPR Art. 6)

Processing ActivityLegal Basis
App installation and account managementArt. 6(1)(b) — Performance of contract
AI content generation for your productsArt. 6(1)(b) — Performance of contract
Bot telemetry and analyticsArt. 6(1)(f) — Legitimate interest (service improvement)
Billing and credit usage trackingArt. 6(1)(b) — Performance of contract; Art. 6(1)(c) — Legal obligation

5. Third-Party Service Providers (Sub-processors)

ProviderPurposeLocationSafeguard
Google LLC (Gemini API) AI content generation (pass-through) USA / EU endpoints Google Cloud DPA — Standard Contractual Clauses (SCCs)
Cloudflare, Inc. Infrastructure, CDN, database (D1) EU regions Cloudflare DPA — SCCs
Shopware AG App marketplace, payment processing Germany Governed by Shopware partner agreement

6. Your Rights as a Data Subject (GDPR Art. 15–22)

As a user of AEO App, you have the following rights:

  • Right of access (Art. 15): You can request a copy of all personal data we hold about you.
  • Right to rectification (Art. 16): You can request correction of inaccurate data.
  • Right to erasure / "Right to be forgotten" (Art. 17): Uninstalling the app via Shopware Admin triggers an automated webhook that permanently deletes your shop data from our systems within 30 days.
  • Right to data portability (Art. 20): You can download your data via the CSV export functions in the dashboard at any time.
  • Right to object (Art. 21): You may object to processing based on legitimate interest at any time.
  • Right to lodge a complaint: You have the right to file a complaint with a supervisory authority. In Germany: Bundesbeauftragte für den Datenschutz (BfDI).

To exercise any of these rights, contact: contact@tuna-apps.xyz

7. Data Retention Periods

  • Shop credentials and settings: Retained for the duration of the active subscription + 30 days after cancellation/uninstall.
  • Bot telemetry and traffic data: Automatically purged after 90 days.
  • Optimization audit logs: Retained for 12 months, then auto-deleted.
  • Billing and credit records: Retained for 7 years as required by German tax law (§ 147 AO).
  • Raw product data passed to AI: Not stored — discarded immediately after generation.

8. Cookies and Local Storage

The AEO App admin interface (embedded in Shopware Admin) uses localStorage solely to remember your language preference (EN/DE). No tracking cookies, advertising pixels, or third-party analytics scripts are loaded on this website or in the admin app.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email (to the address associated with your Shopware account) or by displaying a notice in the app dashboard. Your continued use of the app after the effective date of a revision constitutes your acceptance of the updated policy.

10. Contact for Privacy Matters

For all data protection and privacy inquiries:
Email: contact@tuna-apps.xyz
Subject line: "Privacy Request — AEO App"

We commit to responding to all privacy requests within 30 days as required by GDPR Art. 12.