VID.QUEL AI Video Ads

Privacy Policy

Effective date: 2026-05-11

Overview

VID.QUEL AI Video Ads ("the App", "we", "our") is operated by Paprika Inc.. This Privacy Policy explains what information we collect when a Shopify merchant installs the App, how we use it, and the rights merchants have over their data.

We do not collect, store, or process any data about a merchant's individual end-customers. The App reads only product-level data the merchant explicitly authorizes (product title, description, image, handle, price) to generate short-form ad videos on the merchant's behalf.

Information we collect

Shop-level data: shop domain, shop name, shop owner email, shop primary country and currency, plan tier, and the OAuth access token issued by Shopify when the merchant installs the App.

Product data: product title, description, featured image URL, handle, and price for the products the merchant selects when creating an ad video. This data is used solely to generate the requested ad video.

Usage data: identifiers of generated ad videos, generation timestamps, credit ledger entries (purchases, consumption, refunds), and Shopify Billing charge records.

Technical data: standard server logs (IP address, user-agent, request path, timestamp) retained for security monitoring and abuse prevention.

How we use information

To operate the App's core function: generating short-form ad videos from the products the merchant selects.

To process payments through Shopify Billing API and to maintain an accurate credit balance per shop.

To respond to support requests and to comply with legal obligations.

To monitor the security and integrity of the App.

We do not sell, rent, or share merchant data with third parties for advertising or marketing purposes.

Data processors and sub-processors

Shopify Inc. — provides authentication, billing, and the merchant data we read from the merchant's store.

Cloudflare, Inc. — hosts the App's web infrastructure (Workers, D1 database, R2 storage).

Our AI rendering service — performs the video generation requested by the merchant. Only the product data the merchant chooses to include in a generation is forwarded to this service. The service does not retain merchant data after a generation completes.

Each sub-processor is bound by contractual data-processing terms equivalent to or stricter than this policy.

Data retention

Shop-level data is retained while the App is installed and for up to 30 days after uninstall, after which it is deleted in accordance with Shopify's mandatory shop/redact webhook (received 48 hours after uninstall).

Generated videos and associated metadata are retained for 12 months from creation, unless the merchant requests earlier deletion.

Credit ledger entries and billing event records are retained for 7 years to comply with financial recordkeeping obligations.

Server logs are retained for 90 days.

Mandatory Shopify compliance webhooks

We process Shopify's mandatory privacy compliance webhooks promptly (within 30 days of receipt):

customers/data_request — the App stores no end-customer data, so this request is acknowledged with a record that no exportable data exists.

customers/redact — same as above; no data to redact.

shop/redact — all shop-level data and dependent records are permanently deleted from our database upon receipt.

Merchant rights

Access — request a copy of the data we hold about your shop.

Correction — request correction of inaccurate data.

Deletion — request deletion of your shop's data. Uninstalling the App from your Shopify admin triggers Shopify's shop/redact webhook automatically; you may also email us to expedite.

Portability — request export in a machine-readable format.

Objection — object to specific processing activities.

To exercise any of these rights, contact privacy@vid.quelsuite.com.

Security

OAuth access tokens are encrypted at rest using AES-GCM with keys held outside the database.

All data in transit is encrypted with TLS 1.2 or higher.

Access to production systems is restricted to authorized personnel with multi-factor authentication.

We follow industry-standard practices for vulnerability management and incident response.

International transfers

Our infrastructure is hosted on Cloudflare's global network. Data may be processed in Cloudflare data centers worldwide. Where applicable, we rely on Standard Contractual Clauses or equivalent legal mechanisms for international transfers.

Children's data

The App is intended for use by Shopify merchants operating commercial stores. It is not directed to children under 13, and we do not knowingly collect data from children.

Changes to this policy

We may update this Privacy Policy from time to time. The effective date at the top of the policy will be updated, and material changes will be notified to merchants in the App.

Contact

Privacy questions: privacy@vid.quelsuite.com

Support: support@vid.quelsuite.com

Operator: Paprika Inc., Paprika Inc., Seoul, Republic of Korea