Legal

Privacy Policy

Safety Label helps you collect, display and export EU GPSR product-safety data — using only your product catalog and theme. It never reads your orders or customers.

Last updated: July 11, 2026

PCD LEVEL 0

Summary

Safety Label is a Shopify app that audits your products against the EU General Product Safety Regulation (GPSR) required fields, helps you fill any that are missing, and displays them on your storefront. It operates at Protected Customer Data Level 0: it does not request or read orders, customers, or checkouts, and it stores no customer personal data.

Data we collect

Product & safety data

Product titles & descriptions and the safetylabel metafields — read via the Shopify Admin API to audit GPSR completeness, and written back only when you save or approve a change.

Reusable entity records

Manufacturer and EU-Responsible-Person records you create (stored as metaobjects) so one entity can be attached to many products without retyping.

Shop & account data

Your shop domain, app settings, billing/subscription status, audit results, and encrypted Shopify access tokens — the operational data needed to run the app.

Theme embed status

Whether the Safety Label theme app-embed is enabled (read-only, via read_themes), so we can show an honest "displayed on storefront" indicator.

What we never collect

Names, emails, addresses, phone numbers, or any order / line-item data. Safety Label does not request read_orders or read_customers and is structurally unable to read them. It operates no tracking pixel and collects no shopper analytics.

How we use your data

  • Audit each product's GPSR data completeness and produce a prioritized fix list.
  • Draft safety fields from your own product text with AI, for you to review before saving (paid plans).
  • Write the safety data you save or approve to product metafields — all reversible.
  • Render the required safety information on your storefront via the theme app-embed.
  • Operate billing, support, and the app itself.

Content changes & reversibility

Writes go only to the product's safetylabel metafields — never to orders or customers. AI-generated values are always a draft you review before anything is saved, and every write is snapshotted so it can be reverted.

Third parties

  • Shopify — the platform that hosts your store and authorizes the app's Admin API access.
  • Anthropic — used for AI auto-fill, to draft safety fields from your product content only. No orders, customers, or personal data are ever sent to it, and generation runs zero-retention.

We do not sell your data or share it for advertising.

Retention & security

  • Encrypted at rest: Shopify access tokens are stored with AES-256-GCM encryption.
  • Zero-retention AI: the content sent to the generation model and its responses are not logged or retained; only coarse, non-content metadata (token counts, latency) is recorded.
  • Deleted on uninstall: on app uninstall and on a Shopify shop-redaction request, your data is removed. We honor the mandatory GDPR data-request / data-erasure webhooks.

Your rights (GDPR / CCPA)

Depending on where you operate, you may have the right to access, correct, export, or delete the data we hold. Because Safety Label holds no customer personal data, most data-subject requests concern only your merchant account data. To exercise any right, contact us at carcucatalin@gmail.com. We also respond to Shopify's customers/data_request, customers/redact and shop/redact compliance webhooks.

Honesty

The GPSR compliance score measures how complete your product's safety data is — it is not legal advice or a determination that a product is compliant or safe. You are responsible for the accuracy of the data you enter and for meeting your legal obligations.

Contact & support

Questions about this policy or your data? Email us at carcucatalin@gmail.com. We aim to respond within a few business days.