Who we are
Nexis CRO provides Nexis CRO: AI SEO & AEO Audit, a Shopify embedded app that audits stores for AI search readiness, surfaces issues, and offers optional AI-powered fixes and visibility tools. Our marketing site is nexiscro.com; the app is hosted at app.nexiscro.com.
For general privacy inquiries, contact us using the details in the Contact section below.
Information we collect
We may collect:
- Website and marketing. Technical data (IP address, browser type, pages viewed), cookies or similar technologies where permitted, and information you submit through contact forms (name, email, message).
- Shopify apps. Data required to operate the app for your store — only to the extent necessary and as permitted by Shopify APIs and the scopes you approve at install. This can include products, collections, pages, policies, theme and storefront signals, images, and shop configuration.
- Support. Content you send when you contact us, including email threads and attachments you choose to provide.
- Billing. Subscription and usage metadata processed through Shopify managed billing or App Pricing; we do not store full payment card numbers.
How we use information
We use information to:
- Provide, maintain, and improve our websites and apps
- Run audits, rank checks, reports, and features you request
- Authenticate users, prevent abuse, and protect security
- Respond to support requests and communicate service changes
- Comply with law and enforce our terms
We do not sell your personal information and we do not rent or share customer data accessed through our apps with third parties for their own marketing.
Shopify apps & customer data
For data our app accesses through Shopify to serve your store, we use it only to deliver app functionality. We follow Shopify’s requirements for protected customer data and implement mandatory GDPR webhooks (customer data request, customer redact, shop redact).
We apply the following practices:
- Minimal access — we request only the scopes needed for stated features.
- Shopify’s guidelines — we follow Shopify’s rules for managing protected customer data.
- Security in transit — API interactions use encryption (HTTPS/TLS).
- No standalone customer database — we do not build a separate marketing database of your end-customers from Shopify data.
If you uninstall Nexis CRO, API permissions are revoked. We process uninstall and redaction webhooks and do not retain Shopify customer data for ongoing use beyond what is required for legal, security, or billing records.
AI features & subprocessors
When you use optional AI features (rewrites, rank tracker, query lab, alt text, buying guides, FAQ generation, etc.), relevant store content may be sent to our AI provider layer for processing.
- OpenAI — processes AI requests using models such as GPT-4o-mini (configured on the app host).
Only enable AI features if you are comfortable with this processing. Merchants remain responsible for ensuring they have appropriate rights to submit content for AI processing.
For more detail on in-app data use, see Data & AI privacy inside the embedded app (requires install).
Legal compliance
We design our services to comply with applicable data protection laws, including, where relevant, the GDPR and the CCPA (and similar U.S. state laws). As part of Shopify’s ecosystem, we help merchants meet technical requirements; merchants remain responsible for their storefronts and customer relationships.
Retention
Shopify app data is retained only as long as needed to provide the service, comply with law, resolve disputes, or enforce agreements. Audit results, settings, and usage logs may persist while your shop remains installed; uninstall and GDPR webhooks trigger deletion or anonymization where applicable.
Website, support, and security log data may be retained for shorter operational periods unless a longer period is required by law.
Your rights
As a Shopify merchant, you control much of your store data in Shopify Admin. Depending on where you live, you may have rights to access, correct, delete, or export personal data about you, or to object to or restrict certain processing.
To exercise rights with respect to data Nexis CRO processes, contact support@nexiscro.com. You may lodge a complaint with your local supervisory authority.
Children
Our services are directed to businesses and are not intended for children under 16. We do not knowingly collect personal information from children.
Changes
We may update this Privacy Policy to reflect changes in our apps, websites, or legal requirements. We will post the revised version at https://nexiscro.com/privacy and update the “Last updated” date. Material changes may require additional notice where required by law.
Contact
For questions about our privacy practices or how customer data is used:
- Email: support@nexiscro.com
- Website: https://nexiscro.com
- Contact form: https://nexiscro.com/#contact