Data handling
What HYGO Shop stores, why, and how long.
What gets stored
| Category | Examples | Why |
|---|---|---|
| Catalog data | Product titles, descriptions, prices, images, variants, inventory levels | To power AI rewriting + multi-channel publishing |
| Customer data (PII) | Customer name, email, shipping address (when imported from connected stores) | To power abandoned-cart recovery + reorder reminders |
| Order data | Line items, totals, dates, status — line items reference product IDs only | To predict reorder cadence + lifetime value |
| Generated content | AI-written copy, generated images, video assets | Cached so each tenant can reuse and regenerate |
| Adapter tokens | OAuth tokens for Shopify, Amazon, Ayrshare, etc. — encrypted | To call vendor APIs on the tenant's behalf |
| Audit log | Every approve / publish / disconnect action with timestamp + actor | For tenant-side compliance review |
What does NOT get stored
- Card / payment data. Card numbers and CVVs are never read or stored. Payments go through Stripe; HYGO Shop only sees Stripe Customer IDs.
- End-customer DMs or social messages. No vendor DM scope is requested.
- Content of customer email inboxes. We send transactional email; we don't read customer inboxes.
- Followers' private data on social platforms. No "read all followers" scopes are requested.
Retention
- Active data is retained for the lifetime of the tenant's connection.
- Disconnected / deleted data is fully purged within 30 days of the disconnect signal. The 30-day buffer exists so accidental disconnects can be recovered. Immediate-purge requests are honored on demand — email
privacy@hygoshop.com. - Audit log entries are retained for 12 months even after disconnect, then purged. We keep these so compliance reviews can reconstruct what happened.
- Backups roll forward 30 days; a deletion propagates to backups within that window.
Data residency
All canonical data lives in US-region infrastructure (Cloudflare's US edge for Workers + Pages; the Postgres droplet is provisioned in nyc1). EU residency is on the roadmap; contact privacy@hygoshop.com if this is a launch-blocking requirement for your store.
Customer rights (GDPR / CCPA)
- Right of access — request a complete export of your tenant's data via the HYGO Shop dashboard → Settings → Export My Data.
- Right of deletion — disconnect your store + email
privacy@hygoshop.comto request immediate (rather than 30-day) purge. - Right of portability — exports are delivered as JSON + CSV.
- Right of correction — edit data inline in the HYGO Shop dashboard or email
privacy@hygoshop.com.
End-customer rights (your store's customers, not the merchant) are documented at hygoshop.com/data-deletion.
Subprocessors
See hygoshop.com/subprocessors for the current list.
Contact
- General privacy questions:
privacy@hygoshop.com - Security disclosures:
security@hygoshop.com - Data subject requests:
privacy@hygoshop.com