Privacy Policy

1. Information We Collect

1.1 Account Information

When you sign up, we collect:

• Email address: For account authentication, login, and communication
• Password: Securely hashed (we never store plain-text passwords)
• Shop name (optional): To personalize your dashboard
• Shop URL (optional): To help you organize your account
• Account metadata: Registration date, last login, email verification status

1.2 Content You Upload

To provide search services, we store:

• Product/post data: Titles, descriptions, URLs, categories, tags
• Custom attributes: Any metadata you sync (SKU, price, stock status for WooCommerce)
• Vector embeddings: AI-generated semantic representations of your content

You own your content. We only process it to provide search functionality. You can delete it anytime.

1.3 Search & Usage Data

To improve the service and provide analytics:

• Search queries: What your users search for
• Search results: Which results were returned
• API requests: Number of API calls, endpoints used, response times
• Usage statistics: Number of records, searches per month, active features

Search logs are retained for 90 days, then aggregated and anonymized for analytics.

1.4 Technical Information

For security and service operation:

• IP address: Temporarily for rate limiting and abuse prevention (not stored long-term)
• Browser/device info: Only in server logs for debugging
• Cookies: Session cookies for authentication (see Section 5 below)

1.5 Payment Information

For paid plans:

• Payment data: Processed by a PCI-DSS compliant payment processor
• We do NOT store: Credit card numbers, CVV codes, or full payment details
• We store: Payment processor customer ID, subscription status, plan type, billing dates

Your payment information is handled securely by our payment processor and subject to their privacy policy.

1.6 WordPress Plugin Analytics (Anonymous)

When you install our WordPress plugin, we automatically collect anonymous usage data to improve the product. This happens before you create a Queryra account.

Data collected:

• Random installation ID (UUID) - not linked to you personally
• Plugin events (activated, wizard opened, setup completed, sync completed)
• Environment type (local, staging, or production)
• WordPress and PHP version
• Plugin version
• Whether WooCommerce is active
• Content counts (number of posts, pages, products)

What we DON'T collect:

• Your IP address
• Your domain name, site URL, or site name
• Any personal information
• Your actual content (product names, post titles)

Legal basis (GDPR): Legitimate interest (Article 6.1.f). Data is fully anonymous and cannot identify you.

Retention: 12 months, then deleted.

Opting out: Add this line to your wp-config.php file:

1.7 Plugin Deactivation Feedback (Optional)

When you deactivate the Queryra WordPress plugin, you may be shown an optional feedback survey. If you choose to submit feedback, the following data is collected:

Data collected (only if you click "Submit"):

• Deactivation reason (selected from predefined options)
• Optional comment (if you choose to provide one)
• Site URL
• Plugin version and WordPress version
• Date of deactivation

What we DON'T collect:

• Your email address or any personal contact information
• Your name or company name
• Any content from your website

Purpose: To understand why users leave and improve our product. This data is never used for marketing or outreach.

Legal basis (GDPR): Consent (Article 6.1.a) — submitting feedback is entirely voluntary. You can skip the survey by clicking "Skip & Deactivate".

Retention: 12 months, then deleted.

1.8 Shopify App Integration

When you install and use the Queryra Shopify app, we collect and process the following data:

Data we collect from your Shopify store:

• Store URL and store name
• Product catalog data: titles, descriptions, prices, images, tags, vendor, product type, SKU, and inventory status
• Queryra API key (stored securely to authenticate requests)

Data we do NOT collect:

• Customer personal information (names, emails, addresses)
• Order or transaction data
• Payment or billing information from your store
• Browser or tracking data from your store's visitors

How we use Shopify store data:

• Product data is indexed in our database to power AI-powered semantic search on your storefront
• Search queries from your storefront visitors are processed to return relevant results (queries are logged anonymously for 90 days)
• Store URL is used to identify your account and route search requests

Real-time synchronization:

• When you add, update, or delete products in Shopify, changes are automatically synced to Queryra via webhooks
• Products set to "draft" or "archived" status are automatically removed from search results

Data deletion:

• On app uninstall, all session data is deleted immediately
• Within 48 hours of uninstall, all store settings and associated data are permanently deleted via Shopify's mandatory shop/redact webhook
• You can request full data deletion at any time by contacting contact@queryra.com

Permissions (API scopes):

• read_products — to read your product catalog for search indexing
• write_products — to support future product management features

2. How We Use Your Data

2.1 Service Provision

We use your data to:

• Provide semantic search functionality (indexing, querying, results)
• Authenticate your account and API requests
• Display your dashboard and analytics
• Sync content from WordPress/WooCommerce automatically
• Generate search embeddings with AI models

2.2 Communication

We send transactional emails only (no marketing):

• Email verification after signup
• Password reset links
• Important service updates (Terms changes, security notifications)
• Billing notifications (payment success, failure, renewal reminders)

You cannot opt-out of transactional emails (they're required for service operation).

2.3 Analytics & Improvement

We use aggregated, anonymized data to:

• Understand search quality and relevance
• Identify popular features and usage patterns
• Improve AI models and search algorithms
• Debug errors and optimize performance

We do NOT use your individual data for training AI models. Our models are pre-trained on general datasets.

2.4 Legal Compliance

We may use or disclose data when required by law:

• Responding to valid legal requests (subpoenas, court orders)
• Protecting our rights, property, or safety
• Preventing fraud or abuse
• Complying with GDPR, tax laws, and regulations

3. Data Storage & Security

3.1 Where We Store Data

Your data is stored securely in:

• Relational database: Account info, API keys, usage stats (encrypted at rest)
• Vector database: Content embeddings for semantic search
• Servers: Located in the European Union

3.2 Security Measures

We protect your data with:

• Encryption in transit: All connections use HTTPS/TLS
• Encryption at rest: Database files are encrypted
• Password security: Industry-standard hashing with salt
• API key security: Keys are hashed and rate-limited
• Access control: Limited admin access with 2FA
• Regular backups: Automated daily backups (retained 30 days)

3.3 Data Breach Notification

In the unlikely event of a data breach:

• We'll notify affected users within 72 hours (GDPR requirement)
• We'll report to relevant authorities as required
• We'll provide details on what data was affected and steps to protect yourself

4. Third-Party Services

4.1 Payment Processing

We use a third-party payment processor to handle all payments:

• PCI-DSS compliant (industry security standard for payment processing)
• Handles credit card processing securely
• We receive only: Customer ID, payment status, plan type
• Your payment data is subject to the processor's privacy policy

4.2 Email Delivery

We use an email service provider to send transactional emails. They only process email addresses and message content necessary for delivery.

4.3 What We DON'T Share

We never:

• Sell your data to third parties
• Share your data with advertisers
• Use your data for marketing or profiling
• Provide your data to data brokers

5. Cookies & Tracking

5.1 Essential Cookies (No Consent Required)

These cookies are strictly necessary for the service to function and do not require consent:

• Authentication token: Keeps you logged in (stored in localStorage)
• Session cookies: Maintains your session state
• Cookie consent choice: Remembers your cookie preferences

These cookies work even if you reject optional cookies. Without them, you couldn't log in or use the service.

5.2 Optional Analytics Cookies (Consent Required)

With your explicit consent, we use:

• Analytics: Helps us understand how users interact with our site
• Purpose: Improve user experience, identify bugs, understand feature usage
• Data collected: Page views, time on site, browser type, referrer URL
• Strict opt-in: Analytics do NOT load until you click "Accept" - GDPR compliant
• Your control: You can accept or reject these via our cookie banner

5.3 What We DON'T Use

We do NOT use:

• Advertising cookies or remarketing pixels
• Third-party tracking pixels (Facebook Pixel, etc.)
• Cross-site tracking or data brokers
• Selling or sharing data with advertisers

5.4 Managing Your Cookie Preferences

You have full control over optional cookies:

• Cookie banner: Choose "Accept" or "Reject" when you first visit
• Change anytime: Clear your browser's localStorage for queryra.com and refresh - banner will reappear
• Browser settings: You can also block cookies entirely in your browser

Important: Rejecting optional cookies does NOT affect your ability to use Queryra. You can still sign up, log in, use search, and access all features.

6. Your Rights (GDPR)

Under GDPR (and similar laws like CCPA), you have these rights:

6.1 Right to Access

You can request a copy of all data we hold about you:

• Email us at contact@queryra.com
• We'll provide data in JSON format within 30 days
• Future: Self-service "Download My Data" button in dashboard

6.2 Right to Rectification

You can update inaccurate data:

• Edit email, shop name, shop URL in your dashboard settings
• Update or delete indexed content via dashboard or WordPress plugin

6.3 Right to Erasure ("Right to be Forgotten")

To request account deletion, email us at contact@queryra.com from your registered email address.

Process:

• Send deletion request from your account email
• We'll send a confirmation link to verify your identity
• Click the confirmation link within 24 hours
• All data will be permanently deleted within 30 days (including backups)

Note: Deletion cannot be undone. Make sure to export any data you want to keep before requesting deletion.

6.4 Right to Portability

You can export your data:

• Request a data export (see 6.1 above)
• Receive data in JSON format for transfer to another service

6.5 Right to Object

You can object to data processing:

• Email us to opt-out of specific processing activities
• Note: Some processing is required to provide the service

6.6 Right to Withdraw Consent

You can withdraw consent anytime:

• Cancel your account (see 6.3 above)
• Delete your API keys to stop data collection

6.7 Right to Complain

If you're unhappy with how we handle your data:

• Contact us first: contact@queryra.com
• File a complaint with your local data protection authority

7. Data Retention & Deletion

7.1 Active Accounts

While your account is active:

• Account data: Retained indefinitely (until you delete account)
• Content data: Retained until you delete it
• Search logs: Retained 90 days, then aggregated/anonymized

7.2 Deleted Accounts

When you delete your account:

• Immediate: Account marked as deleted, search stops working
• Within 30 days: All personal data permanently deleted
• Backups: Overwritten after 30-day retention period
• Aggregated stats: May be retained (anonymized, no personal identifiers)

7.3 Inactive Accounts

If your account is inactive (no login, no API usage) for 2+ years:

• We'll email you to confirm you still want to keep the account
• If no response within 60 days, we may delete the account and data

8. International Data Transfers

8.1 EU Users

If you're in the EU:

• We comply with GDPR requirements for data transfers
• Data is protected by Standard Contractual Clauses (SCCs) where applicable

8.2 Global Availability

Queryra is available worldwide. By using the Service, you consent to data transfer to our servers.

9. Children's Privacy

Queryra is not intended for users under 18 years old:

• We do not knowingly collect data from minors
• If we discover a user is under 18, we'll delete their account
• Parents: Contact us at contact@queryra.com if your child created an account

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time:

• Minor changes: Updated "Last Updated" date, posted here
• Major changes: Email notification 30 days in advance

Continued use of the Service after changes means you accept the updated policy. If you don't agree, delete your account before changes take effect.

11. Contact Us

Questions about this Privacy Policy? Data requests?

• Email: contact@queryra.com
• Company: Queryra by Gronix
• Address: Poland
• Response time: Usually within 24-48 hours, GDPR requests within 30 days