Learn how Amethyst Applications collects, uses, and protects your store, platform, and partner data. Last Updated: May 22, 2026Documentation Index
Fetch the complete documentation index at: https://amethystapps.com/llms.txt
Use this file to discover all available pages before exploring further.
Operated by: Amethyst Applications
Privacy Snapshot: We collect only the metadata, tracking, and product data required to make our apps and platforms work. We never sell your data. Sensitive keys and authorization tokens are encrypted via AES-256. All e-commerce app data is purged within 48 hours of uninstallation.
1. Introduction
At Amethyst Applications, we build high-performance, AI-powered tools, affiliate infrastructure, and automation platforms for modern digital businesses, including BigCommerce and Shopify merchants. This Privacy Policy explains how we collect, use, and protect information when you install our apps or utilize our platforms (including Amethyst Grid). We operate on a “Security by Design” principle: sensitive credentials (like API keys) are encrypted immediately and are never stored or accessible in plain text. By installing our apps or using our services, you agree to the practices described in this policy.2. Information We Collect
Depending on which service or app you interact with, we collect the following categories of data:A. E-Commerce Store Platform Data
When you install an Amethyst App on a merchant store, we access specific information from your BigCommerce or Shopify account via the official APIs to provide our services:- Store Metadata: Store name, email, domain, locale, and platform plan details.
- Product & Media Data: Titles, descriptions, tags, categories/collections, and video/image metadata required for targeting, SEO, and automation.
- Sensitive Credentials: For apps requiring third-party integrations (OpenAI, Google, Cloud Storage), we collect the necessary API keys or OAuth tokens. These are subject to our strict Encryption Standard (see Section 5).
- What We Do NOT Collect: We do not collect customer storefront credit card data or customer storefront browsing profiles.
B. Affiliate Platform Data (Amethyst Grid & Services)
For users, software companies, and partners utilizing our standalone platforms, we collect:- Account Data: Name, email address, and password (stored exclusively as a secure, one-way cryptographic hash).
- Google Profile Data (Optional Sign-In): Name, email address, profile picture, and Google profile ID if authenticated via Google OAuth.
- Partner & Tracking Data: Company name, contact email, payment email, Stripe account details, merchant store name, store URL, shop domain, referral slugs, and timestamps.
- Traffic Attribution Metrics: IP addresses are collected strictly at the point of a referral click. These are utilized explicitly for fraud prevention and click attribution (verifying unique hits and authentic referral traffic) and are never used for cross-site tracking or profiling.
- Financial & Billing Metrics: Payout amounts, payout dates, Stripe customer IDs, subscription status, and transaction references.
3. How We Use Your Information
We use the collected information solely to:- Provide the core operational functionality and features of the installed app or affiliate platform.
- Attribute referrals correctly to platform partners and compute commissions accurately.
- Generate AI-powered content improvements and SEO metadata.
- Display storefront commerce elements via Shopify Metafields/Theme Extensions or BigCommerce Scripts/Metafields.
- Identify and mitigate fraudulent activity (such as click injection or false referrals).
- Provide technical engineering support and handle necessary system notifications.
- Maintain an activity log for merchant auditing and transparency.
4. App & Platform Specific Policies
The features below are active only if the respective application or platform is explicitly used or installed.Agent Ready
- AI Processing: Product data is sent to OpenAI’s GPT-4o API. In accordance with OpenAI’s enterprise policies, data sent via the API is not used to train their global models.
- BYOK Security: Your OpenAI API key is encrypted at rest using AES-256 standards.
Amethyst Grid
- Platform Operations: Operates as an affiliate marketing platform enabling software companies to manage partner programs, and for affiliates to track referrals and commissions.
- Financial Handling: Integrates with Stripe to handle platform subscriptions and distribute partner payouts securely.
IndexPulse
- Google OAuth: Access tokens for Google Search Console are stored encrypted and used solely for URL indexing and status checks.
- AI Content: Product details are sent to OpenAI to generate FAQ schema which is written directly back to your store’s Metafields.
IndexStream
- Google Authentication: Utilizes secure backend service account keys (
GOOGLE_SERVICE_ACCOUNT_KEY) to directly interact with Google APIs on behalf of the application environment. - Data Flow: Facilitates indexing automation safely managed through isolated environment engines without local file exposure.
Noticeable
- Data Collection: We store notice rules (text, styles, schedules) and shop-level configurations.
- Shopper Privacy: Dismiss states are stored in browser localStorage on the shopper’s device. This data never leaves their browser and is never transmitted to our servers.
OpticMatch
- AI Visual Matching: Product images are processed via Replicate (CLIP) and product metadata via OpenAI to generate visual recommendations. No shopper PII is collected.
- Interaction Data: We record anonymous widget impressions, clicks, and “add-to-cart” actions to provide performance analytics to the merchant.
- Data Privacy: We do not collect names, email addresses, or payment information from storefront visitors.
Search Pulse
- Data Access: We access product, category, and blog content to build a searchable index.
- Performance Logic: Search configurations are processed via Gadget. We do not track individual user IP addresses or personally identifiable search history.
Shipping Profile Automator
- Logic Execution: We process weights, prices, and tags to execute your custom shipping and UI rules.
- Performance: All toggle states and notice text are written to platform-native Metafields for high-speed storefront rendering.
Store Sentry
- Monitoring Logic: We access product, collection, theme, and inventory data to create a detailed audit trail of changes.
- Audit Logs: We store “before and after” snapshots (JSON diffs) of changed resources to allow for audit transparency and auto-reverts.
- Alerts: Merchant-configured alert rules (Slack/Email) and watch policies are stored in our secure database.
Toggleboard: Seller Connect
- Toggle Settings: We store which features you have enabled (e.g., Anti-Copy Shield, Free Shipping Bars) and their configurations.
- Referrer Data: When the Referrer Tracker is active, we record the traffic source (e.g., Google, Instagram) via
document.referrer. No cookies or fingerprinting are used. - Execution: Most features run entirely in the shopper’s browser. No shopper personal data is ever collected or transmitted to our servers.
VaultStream
- Credential Protection: All storage provider credentials (S3 Keys, SFTP passwords, etc.) are stored encrypted.
- Data Sovereignty: VaultStream never stores your actual backup files; data moves directly from your ecommerce platform to your private storage provider.
Video SEO Alt Tags
- AI Analysis: Video thumbnails are sent to OpenAI’s GPT-4o API to generate descriptive alt text.
- BYOK Security: API keys used for optimization are protected by AES-256 encryption at rest.
5. Data Security & Encryption Standard
We protect your store and platform data using industry-leading architecture:- Encryption at Rest: All sensitive credentials (API keys, OAuth tokens, private server credentials) are stored using Encrypted String fields. We utilize AES-256 encryption, ensuring that credentials remain unreadable even to database administrators.
- Encryption in Transit: All data exchanged between your client networks, e-commerce stores, and our servers is protected via HTTPS/TLS 1.2+.
- Infrastructure: Our apps and platform databases are hosted securely on Gadget.dev (built on Google Cloud infrastructure), providing enterprise-grade physical and network security standards.
6. Cookies & Third-Party Processors
A. Core Cookies
- Session Tracking: We use a single session cookie strictly to keep platform administrators and affiliate users logged into their account dashboard. This cookie is completely essential for core platform features to function, does not track you across other websites, and contains no marketing or analytics tracking attributes.
B. Sub-Processors & Infrastructure API Integrations
We utilize the following enterprise third-party platforms to provide our underlying infrastructure:- Stripe: Used for secure processing of subscription billing and distributing outbound partner payouts. Amethyst Applications never views or stores raw credit card details. Stripe Privacy Policy.
- Google OAuth: Used to provide rapid, passwordless login verification for platform accounts. Google Privacy Policy.
- Resend & Loops: Used to dispatch automated transactional emails (such as email verifications, password resets, account notifications) and vital developer/support communications.
7. Data Retention & Deletion
- App Uninstallation Data Purge: In compliance with platform data protection requirements, all store-specific data—including configurations, notice rules, encrypted API keys, and audit logs—is permanently and automatically purged from our systems within 48 hours of app uninstallation.
- Platform Account Closure: Your platform user/partner data is retained as long as your account profile is active. If you close your account or request direct deletion via your profile dashboard settings, personal records are instantly removed except where retention is legally mandated (such as maintaining historical financial transaction/tax records).
8. Your Rights (GDPR & CCPA)
- No Sale of Data: Amethyst Applications does not sell, rent, or lease merchant, store, shopper, or partner data to any third-party entities.
- Right to Access & Portability: You can access, review, or download a full structured copy of the personal data we maintain for your platform profile at any time directly through your dashboard settings.
- Right to Rectification: You can update or correct account details at any time within your configuration view.