Privacy Policy

LumaBeacon · Last updated June 27, 2026

LumaBeacon (“the app”, “we”, “us”) generates a machine-readable AI layer for Shopify stores — a structured product catalog (llms.txt), an AI sitemap, and per-product agentic pages — so that AI assistants and crawlers can discover and accurately describe a merchant’s products. This policy explains what data the app handles and how.

Data we collect and store

When a merchant installs LumaBeacon, the app stores:

• Shopify session data — access tokens and shop identifiers required to authenticate with the Shopify Admin API.
• Store configuration — per-shop settings such as the selected plan and the “Block all AI” toggle.
• Product-derived content — generated agentic page content built from your public product catalog (titles, descriptions, prices, inventory, handles).
• AI crawler access logs — the user agent and request path of AI agents that fetch the public AI layer, used for analytics. These logs do not contain end-customer personal data.

Customer personal data

LumaBeacon does not collect, request, or store any personal data about your store’s customers. The app operates only on product, inventory, and theme data. It does not access customer records, orders, or any personally identifiable information.

How we use data

Data is used solely to provide the app’s functionality: generating and serving the AI layer, keeping it in sync with product and inventory changes, and showing sync status in the admin dashboard. We do not sell data or share it with third parties for advertising.

Third-party services

• Shopify — the source of product, inventory, and theme data, accessed via the Admin API under the scopes you authorize.
• OpenRouter — when configured, product information (titles, descriptions, prices) is sent to OpenRouter to generate agentic page prose. No customer personal data is sent.
• Railway — hosting and PostgreSQL database where the data described above is stored.

Data retention and deletion

When you uninstall the app, LumaBeacon automatically deletes the shop’s session, configuration, and generated content. We also honor Shopify’s mandatory compliance webhooks:

• shop/redact — purges all stored data for the shop.
• customers/redact and customers/data_request — acknowledged; because the app stores no customer personal data, there is no customer data to redact or export.

Contact

For privacy questions or data requests, contact the app developer through the listing on the Shopify App Store.