This Privacy Policy applies to the website www.feedoptimizer.ai and the web application app.feedoptimizer.ai (collectively referred to as "FeedOptimizer.AI" or "the Service").
FeedOptimizer.AI is an AI-powered SaaS service for optimizing Google Shopping product feeds. The Service connects to your Google Merchant Center via OAuth 2.0, optimizes your product data using artificial intelligence, and uploads the optimized data as a supplemental feed.
3. Collection and Processing of Personal Data
We only collect personal data to the extent necessary to provide our website and services. Processing is based on the legal grounds described below.
3.1 When Visiting the Website
Each time you access our website, the following data is automatically collected (server log files):
IP address (anonymized)
Date and time of the request
Page accessed / URL
Browser type and version
Operating system
Referrer URL
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in providing and securing the website).
3.2 Account Registration
Registration for FeedOptimizer.AI is done via Google OAuth 2.0 (Single Sign-On). We receive the following data from Google:
Email address
Name
Profile picture URL
Google user ID
This data is processed and stored via Supabase Auth to create and manage your user account.
Legal basis: Art. 6(1)(b) GDPR (performance of a contract).
3.3 Google Merchant Center Data
After your explicit authorization, FeedOptimizer.AI accesses your Google Merchant Center via the Google Content API for Shopping. The following data is processed:
Product data: titles, descriptions, prices, images, product IDs, availability, categories, and other product attributes
Merchant Center account information: account ID, sub-account IDs
This data is used exclusively to provide the feed optimization service — that is, to improve your product titles and descriptions using AI and to upload the optimized data as a supplemental feed to your Merchant Center. Your original feeds are never modified.
Legal basis: Art. 6(1)(b) GDPR (performance of a contract).
3.4 Payment Data
Payment processing is handled by our payment service provider Stripe, Inc. We do not store credit card numbers or complete payment details ourselves. Stripe receives and processes:
Legal basis: Art. 6(1)(b) GDPR (performance of a contract).
3.5 Usage Data within the Application
During your use of FeedOptimizer.AI, we collect:
Optimization history (which products were optimized)
Subscription usage data and plan information
Connected Merchant Center accounts
User preferences and settings
Legal basis: Art. 6(1)(b) GDPR (performance of a contract).
4. Google API Services – Use of Google Data
Google API Services User Data Policy Compliance
FeedOptimizer.AI's use and transfer of information received from Google APIs to any other app adheres to the Google API Services User Data Policy, including the Limited Use requirements.
4.1 What Google Data We Access
FeedOptimizer.AI accesses the following Google user data:
Google User Info (email, name, profile picture): For creating and identifying your user account
Google Merchant Center (product data, account information): For reading your product data, performing AI-powered optimization, and uploading supplemental feeds
Google Analytics (website usage data): For analyzing website usage (only with your consent)
4.2 How We Use Google Data
User Info: Solely for account creation, login, and displaying your identity within the application
Merchant Center Data: Solely for reading product data, performing AI optimization, and uploading optimized data as a supplemental feed
We do not use Google user data for advertising, market research, or any purpose unrelated to the core service
4.3 Limited Use Disclosure
In accordance with the Google API Services User Data Policy Limited Use requirements:
We only use Google user data to provide and improve user-facing features of FeedOptimizer.AI
We do not transfer Google user data to third parties except as necessary to provide the service (e.g., sending product data to Google Gemini for optimization), for security purposes, or as required by law
We do not use Google user data for serving advertisements
We do not allow humans to read Google user data unless: (a) the user has given affirmative consent, (b) it is necessary for security investigation, (c) it is required by law, or (d) the data is aggregated and anonymized for internal operations
4.4 Storage and Deletion of Google Data
Google user data is stored in our Supabase database (PostgreSQL) with encryption in transit and at rest
Product data from Merchant Center is stored only as long as needed for optimization and is refreshed on each new import
Users can request deletion of all their Google user data at any time
Upon account deletion, all associated Google user data is permanently removed
We use cookies to make our website functional and to improve your experience. When you first visit the website, a cookie banner is displayed that allows you to manage your consent.
Cookie Overview
Necessary cookies: Required for basic website functionality (e.g., language settings, session management). These cookies cannot be disabled.
cookie_consent: Stores your cookie preferences. Duration: 1 year.
Analytics cookies (Google Analytics): Collect anonymized usage data to improve the website. Only set with your consent.
Marketing cookies: Enable personalized advertising and conversion tracking. Only set with your consent.
You can change your cookie settings at any time via the "Cookie Settings" link in the website footer.
Legal basis: Art. 6(1)(a) GDPR (consent) for analytics and marketing cookies; Art. 6(1)(f) GDPR (legitimate interest) for necessary cookies.
6. Google Analytics
We use Google Analytics 4 (GA4), a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"), to analyze usage behavior on our website.
Data processing by Google Analytics only occurs after your explicit consent via the cookie banner
We use Google Consent Mode v2 — without your consent, no personal data is transmitted to Google
IP anonymization is enabled, so your IP address is truncated by Google within the EU/EEA
To provide our service, we use the following third-party providers:
Service
Provider
Purpose
Data Processed
Location
Google Gemini
Google LLC
AI optimization of product titles and descriptions
Product data (titles, descriptions, attributes)
USA / EU
Stripe
Stripe, Inc.
Payment processing
Email, name, payment data
USA
Supabase
Supabase, Inc.
Database, authentication, storage
All user data, product data
USA (AWS)
Google Analytics 4
Google Ireland Ltd.
Website analytics
Anonymized usage data (with consent only)
EU / USA
Vercel
Vercel, Inc.
Website hosting
Server logs, IP addresses
USA
Lovable
Lovable
App hosting and operation
App usage data
USA / EU
All third-party providers are contractually obligated to process your data only according to our instructions and in compliance with applicable data protection regulations.
8. International Data Transfers
Kunden Kraftwerk LLC is based in the USA. Your personal data is processed and stored in the USA. For users in the EU/EEA, this constitutes a transfer of data to a third country.
We ensure the protection of your data through the following measures:
EU-US Data Privacy Framework: Several of our service providers (Google, Stripe, Vercel) are certified under the EU-US Data Privacy Framework, which ensures an adequate level of data protection
Standard Contractual Clauses (SCCs): Where the Data Privacy Framework does not apply, we use the European Commission-approved Standard Contractual Clauses as the basis for data transfers
Technical safeguards: Encryption in transit (TLS), encryption at rest, access controls, and regular security reviews
9. Data Retention and Deletion
We retain your personal data only as long as necessary for the respective purposes or as required by legal retention obligations:
Account data: For the duration of account usage. After account deletion, all data is permanently deleted within 30 days.
Product data from Merchant Center: Stored only during active use. Refreshed on each new import and removed upon account deletion.
Payment records: Retained in accordance with tax law requirements (typically 7–10 years for business records).
Server logs: Maximum 30 days.
Cookie consent data: 1 year (365 days).
Google Analytics data: According to Google Analytics retention settings.
10. Data Security
We implement comprehensive technical and organizational measures to protect your data:
Encryption in transit: All data transfers use TLS/HTTPS
Encryption at rest: Data is stored encrypted in the Supabase database (AWS infrastructure)
OAuth 2.0: For accessing Google services — no Google passwords are stored with us
Access controls: Authentication and authorization via Supabase Auth with Row Level Security
Regular security reviews: Our infrastructure and processes are regularly reviewed
11. Your Rights under the GDPR
If you are a resident of the EU/EEA, you have the following rights regarding your personal data:
Right of access (Art. 15 GDPR): You can request information about the data we process about you
Right to rectification (Art. 16 GDPR): You can request correction of inaccurate data
Right to erasure (Art. 17 GDPR): You can request deletion of your data ("right to be forgotten")
Right to restriction of processing (Art. 18 GDPR)
Right to data portability (Art. 20 GDPR): You can receive your data in a structured, machine-readable format
Right to object (Art. 21 GDPR): You can object to the processing of your data
Right to withdraw consent (Art. 7(3) GDPR): You can withdraw any given consent at any time
Right to lodge a complaint (Art. 77 GDPR): You have the right to lodge a complaint with a data protection supervisory authority
To exercise your rights, please contact support@feedoptimizer.ai. We will process your request within 30 days.
12. Your Rights under US Privacy Laws
If you are a resident of the United States, particularly in California (CCPA/CPRA), Virginia (VCDPA), Colorado (CPA), or other states with privacy legislation, you have the following additional rights:
Right to know: You can learn what personal information we collect, use, and share about you
Right to delete: You can request deletion of your personal information
Right to opt-out of sale: We do not sell personal information and have never done so
Right to non-discrimination: We do not discriminate against you for exercising your privacy rights
FeedOptimizer.AI is a business service (B2B) and is not directed at children under 16 (GDPR) or 13 (COPPA). We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will promptly delete it. If you are a parent or guardian and believe your child has provided personal data to us, please contact us at support@feedoptimizer.ai.
14. Changes to This Privacy Policy
We reserve the right to update this Privacy Policy as needed to reflect changes in our services or legal requirements. For material changes, we will notify you via email. Continued use of the Service after a change constitutes acceptance of the updated Privacy Policy.
The date of the last update can be found at the beginning of this document.
15. Contact
For questions about data protection or to exercise your rights, please contact:
