Simlyst

Privacy Policy - Proof

Last updated: 29 June 2026

This Privacy Policy explains how Simlyst ("we", "us", "our") collects, uses, and protects information in connection with Proof, our application for Shopify ("the App"). Proof publishes SEO blog content grounded in a merchant's product catalog and attributes store revenue to that content.

This policy applies to merchants who install the App and to the store data the App processes on their behalf. If you have questions, email us.

1. Who we are

Proof is operated by Simlyst. For the purposes of data protection law, when we process store and customer data on behalf of a merchant, the merchant is the data controller and Simlyst acts as a data processor. For account and billing data relating to the merchant themselves, we act as a controller.

2. Information we collect

When you install and use Proof, we may collect and process:

  • Store and account information - your Shopify store domain, store ID, and the access scopes you grant on installation.
  • Product catalog data - product titles, descriptions, and related catalog details, used to ground generated blog content in your real products.
  • Content data - the blog posts the App generates, schedules, and publishes, including their status and publishing history.
  • Order-level attribution data - order identifiers, order dates, and order totals, used solely to calculate the organic revenue attributed to published content. We do not collect or store customer names, email addresses, phone numbers, or other direct customer identifiers.
  • Search performance data - where you connect Google Search Console, we process impressions, clicks, and related search metrics for your store's content.
  • Billing information - subscription plan and billing status. Payment is handled by Shopify; we do not receive or store your payment card details.
  • Technical and usage data - basic logs needed to operate the App reliably and securely.

3. How we use information

We use the information above to:

  • generate, schedule, and publish blog content grounded in your catalog;
  • calculate and display revenue attributed to your published content;
  • provide search-performance insights where Search Console is connected;
  • operate, maintain, secure, and improve the App;
  • manage your subscription and provide support.

We do not sell your data, and we do not use it for advertising.

4. Legal bases for processing

Where data protection law applies, we rely on the following legal bases: performance of our contract with you to provide the App, our legitimate interests to operate and improve the App securely, your consent where required, such as connecting third-party services, and compliance with legal obligations.

5. Sharing and sub-processors

We share data only as needed to operate the App, with the following sub-processors:

  • [PLACEHOLDER: actual hosting provider] - hosting and infrastructure used to run the App and store data securely.
  • [PLACEHOLDER: actual LLM/content provider] - AI/content-generation services used to generate blog content from catalog inputs.
  • Google Search Console - only where you choose to connect it, to retrieve your store's search performance data.
  • Shopify - the platform on which the App runs and through which billing is processed.

We require our sub-processors to protect data and to use it only to provide services to us. We do not sell personal data to third parties.

6. Data retention and deletion

We retain data only for as long as you have the App installed and as needed to provide the service, or as required by law.

Proof implements Shopify's mandatory data-protection (GDPR) webhooks:

  • Customer data request - if a merchant requests a customer's data on a customer's behalf, we respond with the data we hold. Because Proof does not store direct customer identifiers, the App typically holds no personal customer data to return.
  • Customer redaction - on a redaction request, we remove any data associated with the affected customer. As the App does not store direct customer identifiers, this generally requires no data removal.
  • Shop redaction - when a store uninstalls the App, we permanently delete all data associated with that store, including settings, content records, attribution records, search-connection data, and related logs.

You may uninstall the App at any time from your Shopify admin, which triggers deletion of your store's data as described above.

7. Data security

We use technical and organizational measures to protect data, including verifying the authenticity of all incoming webhooks, restricting access to data, and securing data in transit and at rest. No method of transmission or storage is completely secure, but we work to protect your information using industry-standard practices.

8. International transfers

Your data may be processed in countries other than your own. Where we transfer data internationally, we take steps to ensure it is protected in line with applicable data protection law.

9. Your rights

Depending on your location, you may have rights to access, correct, delete, or restrict the processing of your personal data, and to object to certain processing or request portability. To exercise these rights, email us. Where Simlyst processes data on a merchant's behalf, requests from a merchant's customers should be directed to the merchant.

10. Children's privacy

The App is intended for use by businesses and is not directed to children. We do not knowingly collect personal data from children.

11. Changes to this policy

We may update this policy from time to time. When we do, we will revise the "Last updated" date above. Material changes will be communicated through the App or by other reasonable means.

12. Contact us

If you have any questions about this Privacy Policy or how we handle data, email us.