Collaudo — Privacy Policy

Last updated: 20 June 2026

1. Introduction and scope

Collaudo is an embedded Shopify app that lets merchants write — or AI-generate — small automation functions that run against their store, with a mandatory dry run before any change goes live. This policy explains what data we handle when you install and use Collaudo, why, on what legal basis, who we share it with, how long we keep it, and the rights you have.

Our role. For the data inside your Shopify store that an automation reads or writes (products, inventory, and — only if you grant the optional scopes — orders, customers, draft orders, and fulfillments), Collaudo acts as a data processor and you, the merchant, are the data controller. We process that data only on your documented instructions, expressed through the automations you create and run. For the data of our direct relationship with you (your store domain, owner and notification email, billing status, and support correspondence), Collaudo is the controller.

2. Who we are

Collaudo is operated by WMIE S.r.l., Via Dante Alighieri 93, 09128 Cagliari (CA), Italy (VAT IT04014830923). Privacy contact: privacy@wmie.it. Support: support@collaudo.ai and our support page.

3. Information we collect

From the merchant and the install. Your store's myshopify.com domain, the store owner email and an optional notification email, your timezone, and your subscription/plan state.

Created in the app. The automation source code you write or generate, the plain-language descriptions and editor chat you send to the AI assistant, automation settings (schedules, triggers, safety guard), and a per-automation key–value store your automations may use.

Authentication. A Shopify offline access token (and a rotating refresh token) issued at install, held encrypted so the app can call the Shopify Admin API on your behalf. Sign-in uses Shopify App Bridge session tokens — there are no third-party cookies and no browser-stored login.

Run records. Each automation run is logged with its status, timing, structured output, and a mutation report. A run record stores the event that triggered it and the result your function returned. Where an automation is triggered by an order or customer event, or reads order/customer data, these run records may contain incidental customer personal data (such as names, email addresses, shipping addresses, or order details). We do not maintain a separate, customer-indexed database, and we do not collect customer data except as it incidentally appears in these run records. Run records carry a retention limit (see section 9).

What we do not collect. We never receive or store payment-card details (all billing runs through Shopify). We do not place advertising or analytics trackers on the embedded app, and we do not buy or enrich personal data from third parties.

Source of store data (GDPR Art. 14): your Shopify store, accessed through the Shopify Admin API and Shopify webhooks you configure.

4. Access scopes

Collaudo requests the minimum access it needs. At install it requests only read_products, write_products, and read_inventory. Additional scopes are optional and requested contextually — only when an automation or trigger you choose first needs them — and you approve each grant: read/write orders, read/write customers, read draft orders, and read fulfillments. Granting the order and customer scopes means Collaudo may access protected customer data; we apply the safeguards described in section 10.

5. How and why we use data

• Authenticate your install and keep your session valid.
• Generate, edit, and auto-fix automation code with AI assistance.
• Run your automations — dry runs (reads are real; writes are intercepted and reported) and live runs — and store run history and mutation reports so you can audit them.
• Send transactional notifications (e.g. when an automation is auto-paused or a live run first fails).
• Operate, secure, debug, and improve the service.
• Bill your subscription and any AI credit packs through Shopify.

We use your data solely to provide Collaudo to you. We do not sell it, we do not use it for cross-merchant analytics, and — see section 14 — we do not use it to train AI or machine-learning models.

6. Legal bases (GDPR Art. 6)

• Performance of a contract (Art. 6(1)(b)) — to provide the core service you signed up for.
• Legitimate interests (Art. 6(1)(f)) — to secure the service, prevent abuse, debug via run records, and ensure reliability, balanced against your interests.
• Consent (Art. 6(1)(a)) — only where we ask for it, for example optional product communications.

For personal data belonging to your own end customers, you (the controller) determine the legal basis; we process it as your processor.

7. Sharing and subprocessors

We do not sell personal data. We use the following subprocessors:

• Amazon Web Services (AWS) — hosting, compute, storage, and email, in the EU (eu-central-1, Frankfurt). All your store data and run records are stored here.
• Anthropic — AI code generation and editing. Anthropic receives only the text needed for that: your automation description, your editor chat, the code being edited, and our SDK's type context. It does not receive your store, order, or customer records. Anthropic does not use this content to train its models.
• Amazon SES — delivery of transactional email from notifications@collaudo.ai.

Each subprocessor is bound by a data-processing agreement with equivalent protections, and we remain responsible to you for their handling of your data. We will give advance notice of any new subprocessor so you can object. We may also disclose data where required by law.

8. International data transfers

Your store data and run records are stored and processed exclusively in the European Union (AWS eu-central-1), with no cross-region replication. The limited text sent to our AI subprocessor (Anthropic) for code generation — your description, editor messages, and the code being edited, and never your store, order, or customer records — may be processed outside the EEA under appropriate safeguards such as the European Commission's Standard Contractual Clauses.

9. Data retention

• Access tokens and store configuration — for the life of your install.
• Automation code and settings — until you delete the automation or uninstall the app.
• Run records (which may contain incidental customer data) — automatically deleted after up to 90 days.

When you uninstall, Shopify sends us a shop-redaction request (typically 48 hours later) and we erase all data we hold for your store — sessions, tokens, automations, run records, the key–value store, and your owner email — within 30 days, including from logs and backups.

10. Security

We apply appropriate technical and organisational measures (GDPR Art. 32), including: encryption in transit (HTTPS) and at rest (access tokens in a secrets manager; encrypted databases); HMAC verification of every Shopify webhook (invalid signatures are rejected); least-privilege access scopes; isolated, credential-less execution environments for automation code so a function never sees your Shopify token; and EU-only infrastructure. Because the optional order and customer scopes involve protected customer data, we apply the corresponding heightened controls (encrypted backups, environment separation, restricted and logged staff access, and an incident-response process), and we will notify Shopify of a relevant data breach within 24 hours as required. Collaudo's mandatory dry-run barrier is itself a safeguard: no automation can change your store until you have reviewed a report of exactly what it would do.

11. Your rights (GDPR / EEA)

Where Collaudo is the controller, you may request access, rectification, erasure, restriction, objection, and portability, and may withdraw consent at any time. Contact privacy@wmie.it and we will respond within one month. You also have the right to lodge a complaint with a supervisory authority — in Italy, the Garante per la protezione dei dati personali, or your local authority. For data belonging to your end customers, where Collaudo is your processor, we assist you in responding to their requests.

12. California privacy rights (CCPA/CPRA)

In the prior 12 months we have collected these categories of personal information: identifiers (e.g. email), internet/usage activity (run logs), and — incidentally, within run records — customer identifiers your automations process. We do not sell or share personal information, and have not in the prior 12 months. California residents may request to know, delete, and correct their personal information, and are free from discrimination for exercising these rights; we honor recognised opt-out preference signals where applicable. Where we process information on a merchant's behalf we act as a service provider. Submit requests to privacy@wmie.it.

13. Cookies and tracking

The embedded app authenticates with Shopify App Bridge session tokens and does not rely on third-party cookies or browser local storage for login — it works in incognito mode with third-party cookies blocked. We do not run advertising or analytics trackers on the embedded surface.

14. Automated decisions and AI

The AI assistant generates and edits automation code from your instructions. This is an inference step on your non-store text and code; it does not make legally significant automated decisions about individuals. We do not use merchant or customer data (including aggregated or derived data) to train or develop AI or machine-learning models — our use of AI is inference only.

15. Data-subject requests and Shopify webhooks

Collaudo implements and HMAC-verifies the three Shopify compliance webhooks: customers/data_request, customers/redact, and shop/redact. Because we keep no customer-indexed datastore, there is no per-customer record to export or delete on demand; any incidental customer data in run records auto-expires under our retention limit and is fully erased on shop redaction. As the controller of your store's customer data, you fulfil access and deletion requests from your own Shopify records, and we assist as your processor.

16. Payments and billing

All charges — subscriptions and one-time AI credit packs — are processed through the Shopify Billing API. Collaudo never receives or stores your payment-card details.

17. Children's privacy

Collaudo is a business tool and is not directed to children. We do not knowingly collect personal data from anyone under 16 in the EEA (or under the minimum age in your jurisdiction).

18. Changes to this policy

We may update this policy. We will revise the "last updated" date above and, for material changes, notify you in the app or by email. Continued use after the effective date constitutes acceptance.

19. Contact

WMIE S.r.l., Via Dante Alighieri 93, 09128 Cagliari (CA), Italy. Privacy and data-protection enquiries: privacy@wmie.it. For product help, see our support page.