Privacy Policy

Last updated: 2026-05-09

Gohigher ("we", "us", "our") provides an automated revenue-optimization auditing service for Shopify merchants. This Privacy Policy explains what data we process, why, how long we keep it, and what choices you have. It applies to the gohigher.ai website and to the Gohigher Shopify app.

Who controls the data

The merchant is the data controller for any customer or order data exposed by their Shopify store. Gohigher is a data processor acting on the merchant's instructions for the purpose of generating audit findings and recommendations. We do not sell, rent, or share merchant or customer data with third parties for marketing.

We are based in [JURISDICTION TO BE FILLED IN BEFORE LAUNCH]. Personal data may be processed in [REGION] using infrastructure providers (Vercel, Railway) whose sub-processor agreements are listed below.

What we collect from the Shopify Admin API

When a merchant installs the Gohigher Shopify app and grants the requested scopes, we read the following data via the Shopify Admin API. Each scope is requested only because the audit cannot be performed without it.

| Scope | Why we need it | |---|---| | read_products | Enumerate the catalog to detect products missing subscription, missing reviews, thin descriptions, missing alt text, etc. | | read_orders, read_all_orders | Compute average order value, conversion patterns, and dollar-impact estimates for findings. read_all_orders lets us look at orders older than 60 days for trend analysis. | | read_customers | Aggregate customer counts and retention metrics for context in dollar-impact estimates. We do not store customer name, email, address, or phone number outside of the in-task scope of an active audit. | | read_themes | Parse the published theme to detect deprecated Liquid filters, performance issues, and the absence of subscription pickers, upsell sections, etc. | | read_content, read_online_store_pages | Audit content pages for SEO and conversion gaps. | | read_discounts, read_price_rules | Detect discount-strategy gaps. | | read_inventory, read_locations | Detect out-of-stock ratios that depress conversion. | | read_publications, read_product_listings | Detect catalog gaps across sales channels. | | read_purchase_options, read_own_subscription_contracts | Confirm the subscription state per product. | | read_marketing_events, read_reports | Build the recommendations pipeline. | | read_locales, read_shop | Basic store metadata for localization and currency formatting. | | read_legal_policies | Audit whether the store has a privacy policy and terms (an audit signal). |

We do not request any write_* scope in the current version of the app. Recommendations are surfaced to the merchant for manual application.

What we collect from merchants directly

  • Account email, name, password hash (hashed via the auth provider's bcrypt-equivalent)
  • Organization name and basic profile information
  • Billing details (handled by Polar; we receive an opaque customer reference, not raw card numbers)
  • Self-reported store metadata (e.g., target product categories, optimization goals)

What we collect from merchants' customers

We do not directly collect data from a merchant's customers. Customer data we encounter is read from the merchant's Shopify Admin via the scopes above. When data passes through our pipeline during an active audit, we hold it in memory for the duration of the audit task and do not persist customer name, email, address, or phone number to long-term storage.

We do not use any merchant's customer data for direct marketing. We do not contact a merchant's customers.

How we use the data

  • To generate audit findings and revenue-optimization recommendations for the merchant
  • To estimate dollar-impact for each finding using benchmark data
  • To send the merchant in-app and email notifications about audit progress and findings (only to the merchant's account email, never to the merchant's customers)
  • To compute the merchant's monthly GMV for billing tier evaluation
  • To improve the audit detector library (using only aggregate, anonymized signals — never customer-identifying data)

We do not use customer data for automated decision-making with legal or significant effects on the customer.

Retention

| Data | Retention | |---|---| | Raw Shopify Admin API responses fetched during an audit | Discarded at task completion (held in memory only during the audit) | | Audit findings and reports | Retained while the merchant's subscription is active; deleted within 30 days of cancellation or shop/redact | | Cached product/theme/order summaries (no per-customer fields) | Refreshed on each audit; old versions deleted within 30 days of replacement | | Account / billing data | Retained while the account is active; deleted within 30 days of account deletion request | | Operational logs | 90 days, with PII fields redacted at write time |

GDPR webhook handling

The Gohigher app implements all three Shopify mandatory privacy webhooks:

  • customers/data_request — we log the request and respond to the merchant with the requested customer data within 30 days.
  • customers/redact — we log the request. Because the Gohigher database does not retain customer name, email, address, or phone number outside the in-memory scope of an audit task, no per-customer rows exist to delete; if any are ever introduced, this handler will cascade-delete them.
  • shop/redact — sent by Shopify 48 hours after a merchant uninstalls the app. We delete all data for that store from our database (the Shopify connection record, all audit runs, all findings, all reports, all recommendations) and notify our internal pipeline service to do the same.

Sub-processors

| Sub-processor | Purpose | Region | |---|---|---| | Vercel | Hosting for gohigher.ai web application | US | | Railway | Hosting for the audit pipeline service, Postgres database, Redis cache | US | | Anthropic | LLM inference for finding synthesis (signals are passed; customer PII is not) | US | | Polar | Subscription billing | EU | | Better Auth (provider) | Account authentication | (in-process) |

We will update this list as new sub-processors are added.

Security

  • All access tokens are encrypted at rest using AES-256-GCM
  • All transport between gohigher.ai, the audit pipeline, and Shopify Admin uses TLS 1.2+
  • Database backups are encrypted at rest by the managed database provider
  • Test and production environments are fully separated
  • Staff access to production protected customer data is limited to engineering on-call and is recorded in an access log
  • We have written incident response and data loss prevention policies

Your rights

If you are a merchant or a customer of a merchant whose data has been processed by Gohigher, you may have the right to access, correct, or delete your personal data, and to lodge a complaint with a data protection authority. Contact us at the address below.

Contact

For privacy questions, data requests, or any concern about how we handle data, email privacy@gohigher.ai.