Privacy Policy

Last updated: April 29, 2026

Duxly Translate ("the App") is developed and operated by Duxly (support@duxly.nl), based in the Netherlands. This policy describes how we collect, use, and protect your data when you install and use the App on your Shopify store.

1. What data we collect

When you install the App, we collect:

• Shop domain — your *.myshopify.com address, used to identify your store and communicate with the Shopify API.
• Shopify access token — an OAuth token that grants the App permission to read and write product data, translations, and locale settings on your behalf. This token is stored encrypted in AWS Systems Manager Parameter Store.
• Product content — product titles, descriptions, and other translatable fields are read at translation time, sent to the configured translation engine (DeepL or OpenAI), and the resulting translations are written back to Shopify via the Translations API. We do not store product content after translation.
• Translation configuration — your preferred translation engine, source and target languages, glossary terms, and plan selection are stored in AWS DynamoDB.
• Usage metrics — we track the number of products translated per month for billing and plan-limit enforcement.

2. What we do NOT collect

• We do not collect customer data (names, emails, addresses, payment information, or order details).
• We do not use cookies or tracking scripts.
• We do not sell or share your data with third parties for marketing purposes.

3. Third-party services

Product content is sent to the translation engine you select:

• DeepL (privacy policy)
• OpenAI (privacy policy)

These services process text solely for the purpose of translation. We recommend reviewing their privacy policies for details on how they handle data.

4. Data storage and security

• Access tokens are stored as encrypted SecureString parameters in AWS Systems Manager (SSM) in the eu-central-1 (Frankfurt) region.
• Configuration data is stored in AWS DynamoDB in the same region.
• All communication between the App and Shopify, and between the App and translation engines, uses HTTPS/TLS encryption in transit.
• Access to AWS resources is restricted via IAM policies following the principle of least privilege.

5. Data retention and deletion

When you uninstall the App:

• Your Shopify access token is deleted from AWS SSM immediately.
• Your configuration and usage data are deleted from DynamoDB.
• Shopify sends us a shop/redact webhook, and we delete any remaining data associated with your shop within 48 hours.

You can also request data deletion at any time by contacting us at support@duxly.nl.

6. Your rights

Under the GDPR, you have the right to:

• Request access to the data we hold about your store.
• Request correction of inaccurate data.
• Request deletion of your data.
• Withdraw consent for data processing.

To exercise any of these rights, contact us at support@duxly.nl.

7. Changes to this policy

We may update this policy from time to time. Changes will be reflected on this page with an updated "Last updated" date.

8. Contact

If you have questions about this privacy policy, contact us at:
Duxly
Email: support@duxly.nl