Privacy policy
Effective: [DATE] · Last updated: [DATE]
Who we are
[LEGAL ENTITY] operates Descriva, a Shopify app published under the lunalink.ai brand. This policy explains what data Descriva accesses, why, and how it's handled. Questions: hello@lunalink.ai.
What Descriva accesses (Shopify permissions)
- Write products — to publish the descriptions, SEO titles, meta descriptions, handles, and tags it generates back to your products, when you choose to publish.
Descriva does not request access to customers, orders, payments, or store financial data.
What we store
In Descriva's database we keep: your shop domain and session; your settings (including the brand-voice profile and target keywords you provide, and your tone/length defaults); monthly usage counts (to enforce plan limits); your generation history (the description and SEO text produced, by product, for the review-and-restore feature); bulk-job records and their results; any support conversations you start in-app; and your billing state (plan and trial status). Image analysis is stateless — an image is sent to the AI provider per request and is not stored by Descriva.
What we do not collect
Descriva does not collect or store your customers' personal information — no names, emails, addresses, or order history. It works only with your product content and the settings you provide.
AI processing
Descriva uses OpenAI to generate descriptions, SEO, and (on higher plans) to analyse product images. What's sent is your product content, your brand-voice profile, your target keywords, and product images you choose to analyse — never customer data. OpenAI does not use this data to train its models (standard API terms). Model tiers: Starter uses a smaller model; Pro and Scale use a larger model, including for image analysis.
Sub-processors
Descriva shares data with these providers only as needed to operate:
| Provider | Purpose |
|---|---|
| Render | Application hosting, background workers, and managed PostgreSQL (US). |
| OpenAI | Description, SEO, and image-analysis generation. |
| Resend | Transactional email (welcome, usage alerts, bulk-completion, support, trial reminders). |
| PostHog | Product analytics (shop domain only, no customer data), if enabled. |
| Sentry | Error monitoring (no customer data), if enabled. |
| Shopify | The platform Descriva runs on; Shopify handles billing. |
Data retention
Generation history is kept for 90 days by default (you can change this in settings); after that it's archived and then deleted. Bulk-job records are kept for 30 days by default, then archived and deleted. Sessions are cleared when you uninstall. When you uninstall, we process Shopify's shop/redact request (sent about 48 hours later): we clear your session and usage records. [Confirm whether generation history and settings are hard-deleted at this point or retained in an archived state, and state that here — see README open item #4.]
Your rights and data deletion
You can request access to or deletion of data we hold. Because Descriva stores no customer personal data, Shopify's customers/data_request and customers/redact webhooks have nothing customer-related to return or erase, and we respond accordingly; shop/redact removes your shop's data as described above. To make a request directly, email hello@lunalink.ai.
Data location and security
Descriva's data is stored in the United States on Render infrastructure, encrypted at rest and in transit. Access is limited to the running application and the maintainers who operate it.
Billing
Billing is handled by Shopify. Descriva does not see or store your payment-card details.
Changes
We'll post any changes to this policy on this page and update the date above.