Privacy Policy

Last updated: April 15, 2026

1. Who We Are

Xyle is a product of NavyaAI ("we", "us", "our"). This policy explains how we collect, use, and protect information when you use xyle.app, our Shopify app, and related services.

2. Information We Collect

Account information

  • Name and email address (via Google or GitHub sign-in)
  • Profile picture from your authentication provider

Shopify store data

  • Store domain, name, and plan information
  • Product titles, descriptions, images, and metafields
  • Page and blog article content
  • Theme file contents (for structured data injection)
  • Redirect URLs

We access this data through Shopify's Admin API using OAuth tokens that you explicitly authorize. We only request scopes necessary for the features you use.

Usage data

  • Pages visited and features used within Xyle
  • Scan results and fix history
  • IP address and browser information (for rate limiting and security)

3. How We Use Your Information

  • To scan your Shopify store for SEO and AI visibility issues
  • To generate and apply fixes to your store content
  • To display scan results, scores, and recommendations
  • To authenticate you and manage your account
  • To enforce rate limits and prevent abuse
  • To improve our services and fix bugs

4. Data Sharing

We do not sell your personal information or store data. We share data only in the following cases:

  • AI providers — We send store content (product descriptions, page text) to AI language models to generate fix suggestions. This data is processed ephemerally and not stored by the AI provider.
  • Infrastructure providers — We use Vercel (hosting), Neon (database), and Trigger.dev (background jobs) to operate the service.
  • Legal requirements — If required by law, subpoena, or legal process.

5. Data Storage and Security

  • Data is stored in encrypted databases hosted in the United States.
  • Shopify access tokens are stored securely and refreshed automatically. We use expiring tokens with refresh token rotation.
  • All connections to our services use HTTPS/TLS encryption.
  • We implement rate limiting, input validation, and access controls to protect against unauthorized access.

6. Data Retention

We retain your account data and scan history for as long as your account is active. Shopify store data (products, pages, themes) is fetched on-demand during scans and not permanently cached. Fix changesets and their history are retained so you can review and roll back changes.

You can request deletion of your account and all associated data by emailing support@navyaai.com.

7. Shopify App Permissions

When you connect a Shopify store, we request the following OAuth scopes:

  • read_products, write_products — To read and optimize product content
  • read_content, write_content — To read and optimize pages and blog articles
  • read_themes, write_themes — To read theme files and inject structured data

You can revoke access at any time from your Shopify admin under Settings → Apps and sales channels.

8. Cookies

We use essential cookies only — for session authentication and OAuth state validation. We do not use advertising or tracking cookies.

9. Your Rights

You have the right to:

  • Access the data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Revoke Shopify store access at any time
  • Export your scan history and fix records

To exercise any of these rights, contact us at support@navyaai.com.

10. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised "Last updated" date.

11. Contact Us

If you have questions about this privacy policy or our data practices, contact us: