Last Updated: February 1, 2026
Visibility Kit commits to protecting user privacy. This policy outlines how the company collects, uses, discloses, and safeguards information when users access the AI Engine Optimization service.
The platform gathers email addresses and profile details users voluntarily provide. Google OAuth sign-ups result in receipt of name and email from Google.
For Shopify stores, we collect product information including:
For non-Shopify brands, product data is uploaded via CSV or API integration.
We collect performance data including:
Stripe handles payment processing. The service collects encrypted card details and billing addresses. Full payment credentials are not stored by Visibility Kit.
The platform automatically collects interaction data including pages visited, features used, browser type, IP address, and device information.
EEA users' data processing relies on:
Data is shared with:
Personal information is not sold. Disclosure occurs only when legally required or to protect rights.
Data may be transferred to the United States where service providers operate. EEA users benefit from Standard Contractual Clauses and safeguards.
Anonymized or aggregated data may be retained after account deletion.
When you uninstall the VisibilityKit app from your Shopify store, your store data follows this retention path:
shop/redact webhook, we hard-delete all data associated with your store — synced products, audit history, recommendations, competitor lists, prompts, and OAuth session tokens.shop/redactwebhook is never received (e.g. delivery failure), an internal daily job automatically hard-deletes any store still marked as uninstalled past 60 days. No store data persists beyond that window.customers/data_request and customers/redactwebhooks by logging the request and confirming we hold no such data.Reinstalling within the 60-day window restores access to your existing store record. After deletion you start with a fresh sync.
Security measures include:
No transmission method guarantees absolute security.
We acknowledge complaints within 2 working days, resolving within 10 business days. Escalation to India's Data Protection Board available.
The company notifies affected users via email within 72 hours of discovering breaches, per GDPR and DPDPA requirements. Regulatory authorities, including India's Data Protection Board, receive notification where required.
Services are not directed to children under 16. The company does not knowingly collect information from minors.
Updates occur periodically with notification via email or the service. Continued use constitutes acceptance of changes.
Questions or rights exercise requests: support@visibilitykit.app
GDPR inquiries may be directed to local data protection authorities.