Safefield

Privacy Policy

Last updated: 20 April 2026

This Privacy Policy describes how Safefield (“we”, “us”, “the app”) collects, processes, and stores data when a Shopify merchant installs and uses the app. We are operated by Michal Bajcar, a sole trader based in Prague, Czech Republic (EU).

1. What we collect

When you install Safefield on your Shopify store, we receive and store:

  • Your shop domain (e.g. your-store.myshopify.com) and the OAuth access token Shopify issues to the app, so we can call the Admin API on your behalf.
  • Product data we need to perform GPSR extraction: product titles, descriptions, product types, tags, vendor, options, and featured image URLs. We only read products from your store; we do not read customers, orders, inventory, or any other objects.
  • Extraction results — the structured GPSR fields Claude AI returns (manufacturer, warnings, safety instructions, CE directives, material composition, etc.) plus per-field and overall confidence scores.
  • Merchant settings you configure in the app: default manufacturer, default EU Responsible Person, default languages.
  • Billing state — the Shopify AppSubscription ID associated with your shop (if you subscribe to a paid plan).

We do not collect customer personal data from your store. We do not read orders, carts, customer records, checkouts, or any personally identifiable information about your shoppers.

2. How we process product data

To extract GPSR-required fields from your product listings, we send selected product data (title, description with HTML stripped, product type, tags, vendor, options, featured image URL) to Anthropic PBC via the Claude API. Anthropic processes the data to generate the structured GPSR output and does not use Safefield customer data to train its models (see Anthropic’s privacy policy).

We cache extraction inputs as a SHA-256 hash so that re-running extraction on an unchanged product returns the cached result instead of a new API call. Cached entries expire after 7 days.

3. Where data is stored

All merchant and extraction data is stored in a PostgreSQL database hosted on Railway in the europe-west4 (Amsterdam, EU) region. The application itself also runs on Railway europe-west4. DNS and the CDN in front of safefield.app are provided by Cloudflare, which may route traffic through Cloudflare edges worldwide while terminating TLS within the EU when possible.

4. Data retention

  • Extraction records remain in our database until you delete them by re-editing the product in Shopify (our products/update webhook clears the stored extraction and the metafields on the product) or until you uninstall the app.
  • Cached extraction hashes expire after 7 days.
  • Shop records and sessions are deleted within 48 hours of uninstall, in line with Shopify’s shop/redact webhook.

5. Third-party processors

We use the following sub-processors to operate Safefield:

  • Anthropic PBC — Claude AI extraction (product data processing).
  • Railway Corporation — application hosting and database (EU region).
  • Cloudflare Inc. — DNS, TLS, and edge caching for safefield.app.
  • Resend — transactional email (for support replies and compliance notifications).
  • Shopify Inc. — the platform on which Safefield operates.

6. Your GDPR rights

If you are a merchant based in the EU/EEA or UK, you have the right to access, rectify, erase, restrict processing of, and port your data under the GDPR. You can exercise these rights by emailing [email protected]. We will respond within 30 days.

You can also uninstall the app at any time from your Shopify admin; all shop-scoped data is deleted within 48 hours via the shop/redact webhook.

7. We do not sell data

We do not sell, rent, or trade merchant data with third parties. Product data is shared only with Anthropic for the purpose of GPSR extraction, as described above. We do not use your data to train any models.

8. Cookies

The Safefield admin app runs as an embedded Shopify app and does not set its own cookies. Shopify may set session cookies in the admin context to support authentication; these are governed by Shopify’s privacy policy. Our public marketing pages (homepage, FAQ, privacy, terms, support) do not set tracking cookies.

9. Data subject requests via Shopify

Safefield implements the three mandatory Shopify compliance webhooks:

  • customers/data_request — acknowledged with a 200 response; Safefield does not store customer data.
  • customers/redact — acknowledged with a 200 response; Safefield does not store customer data.
  • shop/redact — deletes all shop-scoped data (Shop record, Extraction records, Sessions) in a database transaction.

10. Security

OAuth access tokens and all merchant data are stored encrypted at rest by Railway Postgres. Transport security is provided by TLS. HMAC signatures are verified on every Shopify webhook before the request is processed. We do not store any payment information — billing is handled entirely by Shopify’s AppSubscription API.

11. Changes to this policy

We may update this policy as the app evolves. The “Last updated” date above reflects the most recent change. For material changes we will notify merchants via email (to the shop owner address on file with Shopify) before the changes take effect.

12. Contact

For privacy questions, data subject requests, or any other inquiry, email [email protected].