Privacy Policy

The data controller is Waël Bendou, operating Modifea (Modify), 2 rue Étienne Dolet, Romans-sur-Isère, France. This policy explains what personal data we collect, why, how long we keep it, and the rights you have under the EU General Data Protection Regulation (GDPR).

• Account data — your email address and a user identifier, via our authentication provider (Clerk).
• Shopify store data — your store domain, an OAuth access token, and store content read to run audits and apply fixes (products, themes, orders metadata).
• Billing data — subscription status and customer identifier managed by Stripe. We never store your card number.
• Usage & browsing data — technical logs and limited analytics needed to operate and secure the service.

• Provide the service: connect your store, run audits, apply and roll back fixes, report results.
• Manage your account, subscription and billing.
• Send service and report emails.
• Secure the service, prevent abuse and comply with our legal obligations.

• Performance of a contract — to deliver the service you subscribed to.
• Legitimate interest — to secure, maintain and improve the service.
• Legal obligation — to keep accounting and billing records.
• Consent — for any optional analytics cookies (see our Cookie Policy).

We keep account and store data for as long as your account is active. After you delete your account or disconnect your store, associated data is deleted within a reasonable period, except where we must retain billing records to meet legal obligations (typically up to 10 years for accounting documents under French law).

We share data only with the processors strictly necessary to run the service:

• Shopify — store connection and data source for audits and fixes.
• Stripe — payment and subscription management.
• Clerk — authentication and account management.
• Supabase — database and storage hosting.
• Anthropic — AI generation of content and recommendations (Claude).
• Resend — transactional and report emails.
• Vercel — application hosting.

Some of these providers may process data outside the EU; in that case, transfers are governed by appropriate safeguards such as the EU Standard Contractual Clauses. We do not sell your personal data.

Under the GDPR, you have the right to:

• Access the personal data we hold about you.
• Rectify inaccurate or incomplete data.
• Erase your data (right to be forgotten).
• Restrict or object to certain processing.
• Data portability — receive your data in a structured, machine-readable format.

To exercise these rights, contact our Data Protection contact at wael@modifea.com. You may also lodge a complaint with the French supervisory authority (CNIL).

Modify uses essential cookies required for authentication and session management, and may use optional analytics cookies subject to your consent. Full details are available in our Cookie Policy.

We apply reasonable technical and organisational measures to protect your data, including encryption in transit and access controls. No method of transmission or storage is completely secure, but we work to protect your information against unauthorised access.

For any question relating to your data: wael@modifea.com.