Contona Privacy Policy
Last updated: 14 May 2026 Effective date: 14 May 2026
This Privacy Policy explains how Contona ("Contona", "we", "us", "our") collects, uses, stores, and shares information when you and your customers use the Contona application (the "App") on Shopify or any other supported platform, and the Contona dashboard at https://contona.ai (the "Service").
If you have questions about anything in this policy, contact us at privacy@contona.ai.
1. Who we are
Contona is an AI-powered content personalization and image generation platform for e-commerce stores. We help merchants generate product imagery, lifestyle scenes, promotional banners, and short product videos, and personalize storefront content for different shopper audiences.
Data controller (this policy applies to data we control):
Contona
[Registered business address — replace before publishing]
Email: privacy@contona.ai
For merchant data we process on behalf of a Shopify merchant (products, customers, orders accessed via Shopify APIs), the merchant is the data controller and Contona is the data processor under GDPR / UK GDPR. See section 7.
2. What information we collect
2.1 Information collected via Shopify APIs
When you install Contona on a Shopify store, we receive the following through Shopify's authenticated APIs:
| Category | Examples | Why |
|---|---|---|
| Shop information | Shop domain, shop ID, shop name, currency, timezone, locale, plan, country | Identify the installation and tailor regional behaviour |
| Product catalog | Products, variants, descriptions, images, prices, tags, vendor, product type, collections, metafields | Generate product imagery, lifestyle scenes, and promotional content against the merchant's actual inventory |
| Customer data | Customer ID, email, name, phone, address (where the merchant has granted the relevant scope) | Only used to satisfy GDPR webhook requests (see section 5); not used for personalization, marketing, or any other purpose |
| Order data | Order IDs and line items referenced in GDPR data requests | Only used to satisfy GDPR webhook requests |
| Theme assets | Read-only access to theme files for App Embed installation | Install the Contona JavaScript loader into the storefront |
We request the minimum Shopify OAuth scopes required to deliver the features you enable. You can review the current scopes at any time in Shopify Admin → Settings → Apps and sales channels → Contona.
2.2 Information collected directly from the merchant
When you sign up for or use Contona, we collect:
- Account contact information (name, email, password hash, optional business name).
- Billing information (handled by Stripe — see section 4). Contona stores only a Stripe customer ID, the subscription tier, and usage counts; we do not store full card numbers.
- Communications you send us (support tickets, emails, in-app messages).
- Persona definitions and campaign briefs you create inside Contona (which may include demographic descriptors, brand language, marketing prompts).
- Reference and product imagery you upload to the Contona dashboard or the Shopify embedded app (e.g. lifestyle reference photos, mood boards, product photos you want regenerated).
- Generated content metadata (which AI model produced an image, which persona was active, when it was generated, how many credits it used).
2.3 Information collected from merchants' customers (shoppers)
When a shopper visits a merchant's storefront with Contona installed, the Contona JavaScript loader may collect:
- The current product / page URL and basic page metadata (product handle, collection, vendor) so we can match content rules.
- The
utm_personaquery string parameter, if present in the URL — this is a persona identifier (e.g.?utm_persona=141), not the shopper's personal data. - Anonymous device / browser metadata required for caching and performance (user-agent string, viewport dimensions, accept-language header).
- An anonymous session identifier stored in browser storage for the duration of the visit, used to keep the personalized content stable during a single browsing session. This identifier is not linked to a user account, email, or any other directly-identifying data.
Contona does not place advertising or third-party tracking cookies on the shopper's device. Contona does not sell or share shopper data with advertising networks.
If a merchant operates in a jurisdiction that requires cookie or
consent banners (e.g. the EU, UK, California), the merchant is
responsible for obtaining the required consent before activating
Contona's personalization. Contona honours standard consent signals
(navigator.doNotTrack, common consent-management-platform APIs)
where present.
3. How we use information
We use the information described above to:
- Provide the Service — generate product images, lifestyle scenes, videos, banners, and personalized text content for the merchant's storefront.
- Process payments — charge subscription and usage fees through Stripe, manage refunds and dispute responses.
- Enforce usage limits and credit balances — track AI-generation usage against the merchant's plan.
- Support and communicate — respond to your support requests, send service-related updates (transactional emails, security alerts, billing receipts).
- Improve the Service — analyse aggregate, de-identified usage patterns to improve our models, prompts, and user interfaces. Individual merchant inputs and outputs are not used to train third-party foundation models. See section 4.
- Detect, prevent, and respond to abuse, fraud, security incidents, and policy violations.
- Comply with legal obligations — including tax, accounting, and responding to lawful requests from authorities.
We do not use merchant customer data (section 2.1) for any purpose other than satisfying GDPR webhook requests. We do not sell any personal information.
4. Subprocessors — who we share information with
To deliver the Service we share specific information with the following processors. We have appropriate contractual and technical safeguards in place with each of them (DPAs / SCCs as applicable).
| Subprocessor | Purpose | Data shared | Location |
|---|---|---|---|
| Shopify | Source platform and storefront delivery | Shop / catalog / customer data per Shopify APIs | USA |
| Stripe | Subscription billing and payment processing | Email, billing address, card details (collected directly by Stripe) | USA, EU |
| Mailjet | Transactional email (receipts, password reset, team invitations) | Recipient email, subject, message body | EU (France) |
| DigitalOcean (Spaces / CDN) | Storage and CDN for generated images and uploaded references | Image files only | USA (NYC region) |
| Google (Gemini API) | AI image generation and image analysis | Product / reference / generated images, text prompts | USA |
| Replicate | AI image and video model hosting (Flux 2 family, GPT-image, nano-banana, others) | Product / reference / generated images, text prompts | USA |
| BytePlus (Seedream / Seedance) | AI image and video generation | Product / reference / generated images, text prompts | Singapore |
| Anthropic (Claude API) | Reference-image description and structured analysis (where enabled) | Reference images, text prompts | USA |
| Runway | AI video generation | Product / reference / generated images, text prompts | USA |
| OpenAI | Text content transformation | Text prompts and source content | USA |
| Linear / GitHub / similar | Internal engineering and support tooling | Diagnostic data only, no production customer data | USA |
No subprocessor is permitted to use merchant or shopper data to train its own foundation models. Where a vendor offers a "no training" mode (e.g. OpenAI's enterprise tier, Anthropic's no-training default), we have it enabled.
If we add a new subprocessor that materially changes the categories of data shared or the regions involved, we will update this page and (for significant changes) notify subscribed merchants by email at least 30 days in advance.
5. Data retention and deletion
| Data | Retention |
|---|---|
| Generated images and videos (output) | Until the merchant deletes them, or 90 days after the merchant uninstalls the App, whichever is earlier |
| Uploaded reference images | Until the merchant deletes them, or 90 days after uninstall |
| Persona definitions and campaign content | Until the merchant deletes them, or 90 days after uninstall |
| Shop / catalog data accessed via Shopify APIs | Cached only for the duration required to process a request; persistent records are removed within 30 days of uninstall (or 48 hours via shop/redact) |
| Merchant customer data accessed via Shopify APIs | Not retained beyond what is required to satisfy a specific API request or a GDPR webhook |
| Billing records, invoices, and tax records | Retained for the period required by law (typically 6–10 years depending on jurisdiction) |
| Anonymous shopper session identifiers | Up to 24 hours |
| Server logs | 30 days |
| Backups | Encrypted, rotated, fully expired within 90 days |
5.1 GDPR / privacy webhooks
Contona implements the three Shopify-mandated privacy webhooks. All three respond within the 30-day window required by Shopify and within the timeframes mandated by GDPR / UK GDPR / CCPA:
| Webhook topic | What happens |
|---|---|
customers/data_request |
We compile any data we hold associated with the named customer (typically: none, because we do not retain customer data) and return it to the store owner within 30 days. |
customers/redact |
We delete any data we hold associated with the named customer within 30 days. |
shop/redact |
48 hours after the merchant uninstalls the App, we delete all data associated with the shop — generated images, uploaded references, personas, campaign content, persona-attribution analytics, and any cached catalog data. |
If you uninstall the App and want your data removed immediately rather
than waiting for the 48-hour shop/redact window, email
privacy@contona.ai with your shop domain and we will action the
deletion within 5 business days.
6. Where we process information
Contona is operated from the United Kingdom and the United States. Data is stored and processed in:
- United States — primary infrastructure (DigitalOcean NYC, Stripe, AI subprocessors).
- European Union — Mailjet (France) for email delivery.
- Singapore — BytePlus (Seedream, Seedance) for AI image and video generation, where the merchant has selected those models.
When personal data is transferred outside the UK / EEA, we rely on the following transfer mechanisms as applicable:
- The UK International Data Transfer Addendum.
- The EU Standard Contractual Clauses (2021/914).
- The UK and EU adequacy decisions where they apply.
Copies of our standard contractual clauses are available on request to privacy@contona.ai.
7. Your rights
Under UK GDPR, EU GDPR, CCPA / CPRA, and similar laws, you and your customers may have the following rights with respect to personal data:
- Access — request a copy of the personal data we hold.
- Rectification — ask us to correct inaccurate data.
- Erasure — ask us to delete data ("right to be forgotten").
- Restriction — ask us to limit how we use data.
- Portability — receive data in a portable, machine-readable format.
- Objection — object to certain uses of data.
- Withdraw consent — where processing relies on consent.
- Lodge a complaint with your supervisory authority (in the UK, the Information Commissioner's Office at ico.org.uk).
For merchant customers (shoppers): Contona is a data processor
acting on the merchant's instructions for any customer data accessed
through Shopify APIs. To exercise rights over that data, please contact
the merchant directly. Shopify's standard customers/data_request and
customers/redact webhook flows are honoured by Contona — see section 5.1.
For merchants and Contona dashboard users: to exercise your rights, email privacy@contona.ai with enough information for us to verify your identity. We respond within 30 days; complex requests may take up to 90 days, in which case we will tell you.
8. Security
Contona uses industry-standard technical and organisational measures to protect data:
- TLS 1.2+ for all data in transit.
- Encryption at rest for image storage (DigitalOcean Spaces server-side encryption) and database backups.
- Role-based access control internally; access logs reviewed.
- Two-factor authentication required for all Contona staff with access to production systems.
- Regular dependency and infrastructure security review.
- Incident response: in the event of a personal data breach that presents a risk to data subjects, we will notify affected merchants and the relevant supervisory authority within 72 hours of discovery, in line with GDPR Article 33.
No method of transmission or storage is 100% secure; we cannot guarantee absolute security, but we work continuously to maintain a high standard.
9. Children's privacy
Contona is not directed at children under 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, contact privacy@contona.ai and we will delete it.
10. Automated decision-making and profiling
Contona's image and content generation features use AI models to produce visual and textual content based on merchant inputs. These processes do not produce legal or similarly significant effects on individuals. Contona does not use shopper data for credit-scoring, profiling for material decisions, or any other form of automated decision-making with legal or significant effects.
11. Changes to this policy
We may update this policy from time to time. The "Last updated" date at the top reflects the most recent revision.
For material changes that affect how we collect or use personal data, we will notify subscribed merchants by email at least 30 days before the change takes effect, and surface a notice in the Contona dashboard and Shopify embedded app. Continued use of the Service after a change takes effect constitutes acceptance of the revised policy.
12. Contacting us
If you have questions, concerns, or requests under this policy:
Privacy contact: privacy@contona.ai
General support: support@contona.ai
Postal address: [Registered business address — replace before publishing]
If you are based in the EU and would like to contact our EU representative under GDPR Article 27, write to the privacy address above and we will respond with the appointed representative's details.
Appendix A — Quick reference for Shopify reviewers
This section maps Shopify's published privacy-policy requirements (https://shopify.dev/docs/apps/launch/privacy-requirements) to where each requirement is addressed in this document, for ease of review.
| Shopify requirement | Addressed in |
|---|---|
| What information do you collect through Shopify's APIs? | Section 2.1 |
| What information do you collect directly from the merchant? | Section 2.2 |
| What information do you collect from merchants' customers? | Section 2.3 |
| How do you use the information you collect? | Section 3 |
| For how long do you store the data you collect? | Section 5 |
| Are you established in Europe? Are you processing outside Europe? | Section 6 |
| How can merchants contact you? | Section 12 |
| Mandatory GDPR webhooks (customers/data_request, customers/redact, shop/redact) | Section 5.1 |