Privacy policy for the sichtbar GEO/SEO Shopify app.
This policy covers the sichtbar GEO/SEO Shopify app, an embedded Shopify admin app operated by getSichtbar GmbH. It explains what data the app processes when a merchant installs and uses it. Last updated: July 2026.
Controller
The controller responsible for data processing is:
getSichtbar GmbH
Rudolf-Diesel-Straße 22
73760 Ostfildern
Germany
Managing director: Felix-Sebastian Ament
E-mail: felix@getsichtbar.com
A data protection officer is currently not appointed. Privacy inquiries go to the e-mail address above.
What the app processes
The app processes the merchant's shop data — in particular products, collections, pages, blog articles and the status of the theme embed — to run GEO/SEO audits and generate AI content suggestions. Suggestions only take effect once the merchant reviews and applies them in the app. Legal bases are Art. 6(1)(b) GDPR and Art. 28 GDPR, insofar as we process shop data on the merchant's behalf.
To generate content suggestions we use AI language-model providers as processors under data-processing agreements. Product, collection, page and blog text of the shop is transmitted for generation. The current list of AI providers, recipients and third-country transfers is maintained in our German privacy policy.
Protected customer data (pending Shopify approval, currently inactive)
For extended analytics features, getSichtbar has requested access to protected customer data from Shopify. These features remain inactive until Shopify grants approval. Planned are, first, order data (order totals, refunds, attribution of orders to optimized content) for revenue attribution — buyer names, e-mail addresses or postal addresses of end customers are not surfaced in the app — and, second, a first-party web pixel that collects storefront events such as page views and purchases solely for the respective merchant's analytics. There is no advertising, no cross-site tracking and no sale of data.
Retention and security
Attribution data derived from orders is stored for at most 12 months from the order date and then deleted automatically; raw pixel events are deleted after 30 days. Pixel session identifiers are hashed before storage. All data is encrypted in transit (TLS) and encrypted at rest by our hosting providers; Shopify API access tokens are additionally encrypted at the application layer. Processing runs on our hosting and infrastructure providers under data-processing agreements (see the German privacy policy for the provider list and third-country transfer details).
Optional Google connections
Merchants can optionally connect Google Analytics 4 via OAuth directly in the app; the app requests only the read-only Google Analytics scope (analytics.readonly), and the merchant can revoke the connection at any time. The app has no Search Console connect flow of its own: where the merchant's organization has already connected Google Search Console through the getSichtbar platform, the app only reads search-performance reporting data from that existing connection.
Uninstall, GDPR webhooks and deletion requests
Upon app uninstall, shop data is deleted via Shopify's GDPR redaction webhooks (shop/redact and customers/redact). Data-access requests arriving via the customers/data_request webhook are handled by us within the statutory periods. Merchants can also request deletion at any time by e-mailing felix@getsichtbar.com.
Data subject rights
Under the GDPR, data subjects have the rights to access, rectification, erasure, restriction of processing, data portability and objection, as well as the right to lodge a complaint with a supervisory authority. Requests go to felix@getsichtbar.com. Details on rights, recipients, retention and international transfers are set out in the agency-wide German privacy policy, which is the authoritative version for getSichtbar GmbH.
Support for the app is available at www.getsichtbar.com/shopify/support.