Data Protection & Processing

Last updated: 12 July 2026

This page summarises how Ignite AI Reviews processes data on behalf of merchants (the "controller"). It complements our Privacy Policy and is written to support GDPR/UK-GDPR and CCPA obligations and Shopify's Protected Customer Data requirements.

Roles

The merchant is the data controller. Ignite is a data processor acting only on the merchant's documented instructions (installing the app and pressing Generate).

Scope of processing

Protected Customer Data

Because Ignite does not access Shopify's protected customer data, no customer PII is collected, stored, shared, or used for profiling, advertising or model training. Shopify's mandatory compliance webhooks are implemented; as no customer PII is retained, customers/data_request and customers/redact return "nothing on file", and shop/redact deletes the store's stored connection.

Security measures

Sub-processors

International transfers

Processing occurs on globally distributed edge infrastructure. Where personal data of the merchant (e.g. contact email) is involved, transfers rely on the providers' standard contractual clauses.

Retention & deletion

Generated content lives on the merchant's own store and is deleted by the merchant at will. Connection records are deleted on uninstall, on shop/redact, or on request to support@ignitehk.org.

Contact

Data protection enquiries: support@ignitehk.org.