Privacy Policy

Last updated: June 6, 2026 - OpenAI ChatGPTs Ads Pixel CAPI by Comercio Services

This Privacy Policy describes how Comercio Services collects, uses, and protects information when you install or use the OpenAI ChatGPTs Ads Pixel CAPI Shopify app. By installing or using the app, you agree to this Privacy Policy.

1. Introduction

Comercio Services operates OpenAI ChatGPTs Ads Pixel CAPI, a diagnostic helper that lets Shopify merchants check whether an OpenAI/GPTs ads pixel script appears to be present, initialized, and sending expected browser requests from a storefront page. The app is not an official OpenAI app and does not guarantee ad performance, attribution accuracy, conversions, or sales.

2. Information we collect

From the merchant

The app stores the shop domain, Shopify session records, OAuth access token, granted API scopes, and app settings needed to authenticate Shopify requests and run the detector. Settings include report collection status, storefront widget status, widget position, display mode, and captured item limits.

From your store or catalog

The app does not read or modify products, collections, orders, customers, discounts, checkout, or catalog content for its V1 diagnostic workflow. It uses Shopify app proxy access and a theme app extension so merchants can enable the storefront detector without manual theme code edits.

From storefront visitors or customers

The storefront detector observes diagnostic signals only: script tags, OpenAI pixel SDK presence, oaiq calls, requests to bzr.openai.com, detected pixel IDs, debug mode, the __oppref cookie status, known tracking globals, page URL, optional user agent summary, and beacon or call summaries.

Report collection is off by default. If a merchant enables report collection, the app submits only sanitized diagnostic snapshots to the app backend. Before information is shown, copied, or stored, the detector redacts emails, phone numbers, passwords, tokens, secrets, addresses, customer names, customer-like fields, and similar sensitive values. The app does not collect payment details, checkout data, raw customer payloads, or full customer profiles.

3. How we use information

• Authenticate Shopify API and app proxy requests.
• Provide the embedded admin dashboard, setup, reports, and settings.
• Run the storefront diagnostic widget through the theme app extension.
• Create, display, and delete sanitized diagnostic reports if enabled.
• Provide merchant support and troubleshoot detector behavior.
• Comply with Shopify platform, security, and legal obligations.

We do not sell, rent, or share app data for third-party advertising or unrelated marketing.

4. Where data is stored

Shopify session records, app settings, and optional sanitized diagnostic reports are stored in the app database. Merchant-created Shopify resources are not created by this V1 diagnostic workflow. The detector runs in the browser through a Shopify theme app extension and sends report data to the app backend only when report collection is enabled by the merchant.

The app may also process limited operational logs and diagnostics through the app hosting environment. The detector does not call external analytics services and does not send diagnostic reports to OpenAI or other AI providers.

5. Data retention

The app keeps Shopify session records while the app is installed and needed to operate the app. Settings are kept while the app remains installed. If report collection is enabled, the app keeps only the latest 20 diagnostic reports per shop by default. Merchants can delete one report or all reports from the Reports page.

When the app is uninstalled or a shop/redact webhook is processed, the app deletes stored reports, settings, and session records for that shop where legally allowed.

6. Shopify mandatory compliance webhooks

The app is configured to receive Shopify compliance webhook topics: customers/data_request, customers/redact, and shop/redact. Because the app does not store customer personal data, customer data request and customer redact webhooks are acknowledged and no customer data is returned or deleted. For shop/redact, the app deletes stored shop settings, reports, and session records associated with the shop.

7. Your rights

Merchants and eligible individuals may request access, correction, export, deletion, objection, or restriction of personal information where applicable. Contact us at servicescomercio@gmail.com to make a request.

8. Security

The app uses HTTPS, Shopify OAuth token protection, Shopify webhook HMAC verification, access controls, redaction before report storage, and reasonable technical and organizational safeguards. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.

9. Sub-processors

The app relies on Shopify APIs and Shopify app infrastructure to operate inside merchant stores. The app hosting provider and database provider may process session records, settings, logs, and optional sanitized diagnostic reports. Email or support providers may process information you send when requesting help. The app does not send diagnostic reports to an AI provider.

10. Changes to this policy

We may update this Privacy Policy from time to time. When we make changes, we will update the Last updated date above. If we make material changes, we may provide notice in the app or by email when supported.

11. Contact us

• Comercio Services
• Nha Trang, VN
• Email: servicescomercio@gmail.com
• Website: https://apps.shopify.com/partners/comercio-services

© 2026 Comercio Services. All rights reserved.