What we hold,
and what we don't.

TryOn is operated by Throk, Inc. Contact us at team@throk.ai for any privacy question — we read every email.

• Shop domain (e.g. your-shop.myshopify.com) and the per-shop access token Shopify issues us during install. Used to read your catalog and push generated images.
• Product metadata — title, handle, variants, images — fetched on demand. We do not store your full catalog; we cache the response for ~10 minutes.
• Images we generate for you, plus the prompt and brand-kit settings you used to generate them.
• Usage events — credit consumption, plan changes, push history — to power your billing dashboard.

• Shopper PII.TryOn is a merchant tool. We never touch your customers' names, emails, addresses, or order data.
• Payment information.Billing happens through Shopify's Billing API — we never see your card.
• Theme files. We do not edit your storefront theme, even though we have read_files / write_files scope (used only for product images).

Postgres in EU-West (Zeabur). Generated images are hosted on apimart.ai's CDN (signed URLs that expire 24h after generation; we re-fetch on demand). Webhook payloads from Shopify land at our HTTPS endpoints, are HMAC-verified against your shop's secret, then processed in-memory.

• Apimart (apimart.ai) — image generation provider. We send the product image URL + a text prompt; they return a generated image.
• Shopify (shopify.com) — for the Admin API, webhooks, and Billing API.
• Vercel (vercel.com) — application hosting + CDN.
• Zeabur (zeabur.com) — managed Postgres.

We honour the three Shopify-mandatory privacy webhooks. Each is HMAC-verified against your API secret and processed within the 30-day SLA Shopify requires:

• customers/data_request — we hold no shopper PII, so the response is informational. Logged to our compliance audit trail.
• customers/redact — same as above; nothing to redact shopper-side. Logged.
• shop/redact — fires 48 hours after you uninstall. We cascade-delete every record tied to your shop within 30 days. A final compliance log row survives the delete so we can prove the action ran.

You can export every row we hold for your shop, request changes, or ask for permanent deletion at any time. Email team@throk.ai from a verified Shopify owner email and we will respond within 14 days. Uninstalling the app from Shopify Admin also triggers the automatic cascade-delete via the shop/redact webhook.

We'll update the Last updateddate at the top of this page when we change anything material. We'll also email the shop owner contact on file when changes affect data we hold.