Blustar
LEGAL

Privacy Policy

Last updated: May 16, 2026

Blustar (“we”, “us”) provides an AI assistant that helps Shopify merchants edit their store through natural-language chat. This policy explains what data we collect when you install Blustar, why we collect it, how long we keep it, who we share it with, and how you can delete it.

Blustar is a data processor on behalf of the merchant for any visitor data captured through optional analytics integrations (see section 3). The merchant is the data controller for that visitor data and is responsible for surfacing this policy (or an equivalent disclosure) to their own customers.

1. What we collect from merchants

When you install Blustar and connect your Shopify store, we collect:

  • Shop identification: shop domain (e.g. myshop.myshopify.com), shop email, plan name, currency, primary locale.
  • OAuth access token issued by Shopify, stored encrypted at rest. Used only to call the Shopify Admin API on your behalf.
  • Catalogue + theme data: products, collections, pages, theme files, templates, theme settings — read and (when you instruct us) written.
  • Chat history: the prompts you send Blustar, the assistant’s replies, and the tool calls it made. Retained so you can revisit past conversations.
  • Brand kit + memories you provide explicitly: brand voice, audience description, flagship products, “remember this for next time” notes.
  • Billing: subscription plan, monthly usage, top-up balance — needed to operate the credit system.

We do not collect personally identifiable information about your customers from the Shopify Admin API beyond what is strictly required to fulfil your instructions (e.g. order analytics for revenue attribution). We do not access customer payment card data, ever.

2. What we collect from visitors of your store (optional)

If you enable the CRO Insights module, Blustar provisions a PostHog project linked to your shop and injects a tracking snippet into your storefront theme. PostHog then records, on your shop’s behalf:

  • Pageviews, click events, rage clicks, scroll depth, and session timing.
  • Optionally, screen recordings of anonymous visitor sessions.
  • An anonymous PostHog distinct ID; no IPs are stored by default (PostHog client SDK strips them before transmission).

Because this data is captured on YOUR storefront, the merchant is the data controller and must update their own shop’s privacy policy to mention PostHog analytics. Blustar will refuse to activate the CRO module unless the merchant explicitly confirms this in the dashboard. The module can be uninstalled at any time, which removes the snippet from theme.liquid.

3. Sub-processors

Blustar relies on the following sub-processors. Each is bound by their own DPA and processes data on documented instructions only:

  • Anthropic (Claude models) — chat reasoning, content generation. US-based, SOC 2 Type II. Data is not used to train models.
  • Google Gemini (vision + cheaper text routing) — image analysis, design specs, deterministic JSON extraction. Data is not used to train Gemini when accessed via the paid API.
  • Replicate + fal.ai — image and video generation when you explicitly request it.
  • PostHog (EU region by default) — analytics + recordings for the optional CRO module.
  • Groq — cheap text rewriting on bulk operations.
  • Cloud infrastructure provider — hosting the Blustar backend (region: EU).

A current list with addresses and DPAs is available on request: privacy@blustar.app.

4. How we use your data

  • To execute the actions you request through chat (edit a theme, generate a section, rewrite a product description, etc.).
  • To run the credit + billing system.
  • To diagnose bugs and improve the product, using aggregated, non-identifying telemetry.
  • To send service-related emails (billing receipts, important changes to this policy).

We do not sell your data. We do not use your store content or your customers’ data to train AI models. We do not share your data with advertising networks.

5. Data retention

  • While your subscription is active: shop config + chat history retained.
  • After uninstall: Shopify fires the app/uninstalled webhook. We immediately pause all scheduled tasks and mark the subscription cancelled. Your data is retained for 30 days in case you reinstall.
  • 48 hours after uninstall: Shopify fires shop/redact. We purge all shop data including chat history, brand kit, memories, and the OAuth token.
  • Customer redaction (Shopify customers/redact webhook): when a Shopify customer requests deletion, we purge any analytics records keyed to that customer. Most Blustar data has no customer-level PII to redact.

6. Your rights under GDPR / CCPA

If you are in the EU/UK (GDPR) or California (CCPA), you have the right to:

  • Access the personal data we hold about you (request via privacy@blustar.app).
  • Request correction or deletion of your data.
  • Object to processing or request restriction.
  • Data portability — receive your data in a machine-readable format.
  • Lodge a complaint with your local data protection authority.

Shopify also exposes standard GDPR webhooks that we honour automatically: customers/data_request, customers/redact, and shop/redact.

7. Security

Access tokens are encrypted at rest. All HTTP traffic uses TLS 1.2+. Shopify webhooks are verified with HMAC-SHA256 (timing-safe comparison). Admin endpoints require a bearer token with rate limiting. We do not log access tokens or chat content in production logs.

8. Children

Blustar is not directed at children under 16. We do not knowingly collect data from minors.

9. Changes to this policy

If we make material changes, we will email you at least 14 days before they take effect and update the “Last updated” date above. Continued use after the change constitutes acceptance.

10. Contact

Questions, complaints, or data requests: privacy@blustar.app. For Shopify-related billing or technical support: support@blustar.app.