Privacy Policy
This Privacy Policy (the “Policy”) explains how Statistical Inference Limited (“Statistical Inference”, “we”, “us”, or “our”) collects, uses, discloses, transfers, retains, and protects personal data in connection with the Space SEO: Google Booster application (the “App”), the website at https://spaceseo.app (the “Site”), and any related support channels, documentation, APIs, and offerings (together, the “Services”).
Statistical Inference Limited is a company incorporated in Hong Kong (Business Registration No. 77024809) with its registered office at Office Room Number 68, 7F Woon Lee Commercial Building, 7 Austin Ave, Tsim Sha Tsui, Kowloon, Hong Kong. Unless stated otherwise, we are the data controller for personal data processed through the Services, except where we act as a data processor on behalf of a merchant, as described in Section 2.
The App is distributed through the Shopify App Store and integrates with Shopify stores. By installing or using the App, or by visiting the Site, you confirm that you have read and understood this Policy. If you do not agree with it, you should not install or use the Services.
1. Definitions
To make this Policy easier to read, the following terms have the meanings set out below:
| Term | Meaning |
| Personal data | Any information relating to an identified or identifiable natural person, as defined under applicable data-protection law. |
| Merchant | A Shopify store owner or authorised representative who installs or uses the App. |
| End customer | An individual who interacts with a Merchant’s store and whose data may be present within that store. |
| Controller | The party that determines the purposes and means of processing personal data. |
| Processor | A party that processes personal data on behalf of, and under the instructions of, a Controller. |
| Sub-processor | A third party engaged by us to process personal data in connection with the Services. |
| Process / Processing | Any operation performed on personal data, such as collection, storage, use, disclosure, or deletion. |
2. Our role: when we are a controller and when we are a processor
We process two broad categories of data, and our legal role differs for each.
Merchant account data — we act as Controller. This is information about the Merchant and the Merchant’s store that we collect to provide, bill for, secure, and support the Services. We determine how this data is used and are responsible for it as a controller.
Store and end-customer data — we act as Processor. To perform SEO functions, the App reads and may modify data within the Merchant’s Shopify store (for example, product and collection content, online store pages, themes, and limited contributor information). To the extent this data includes personal data of the Merchant’s own customers or contributors, we process it solely on the Merchant’s behalf and under the Merchant’s instructions. The Merchant remains the controller of that data and is responsible for having a lawful basis to provide it to us.
This Policy does not govern the practices of Shopify or any third-party website, platform, or service that the Services may link to or integrate with. Those parties handle data under their own privacy policies.
3. Information we collect
3.1 Information collected through Shopify
When you install the App and grant the requested permissions, Shopify makes the following data available to the App. The specific data depends on the scopes you approve:
| Category | Examples of data | Why it is accessed |
| Store owner details | Name, email address, phone number, physical address | Account setup, billing, support, and service communications |
| Blog contributor details | Email address, IP address, browser and operating system information | To apply and validate SEO metadata associated with blog content |
| Products and collections | Titles, descriptions, handles, metafields, images | To generate and apply meta tags, structured data, and rich snippets |
| Online store | Pages, metaobject definitions and metaobjects, script tags, theme data | To inject SEO markup and configure how the store appears in search and social results |
3.2 Information you provide directly
- Support communications — the contents of messages you send through live chat, the help centre, email, or our Discord community.
- Feedback and reviews — any feedback, survey responses, testimonials, or correspondence you send us.
- Business and contact details — information you choose to provide when communicating with us, such as your name, role, and company.
3.3 Information collected automatically
- Usage and configuration data — features used, settings applied, actions taken within the App, and timestamps.
- Log and diagnostic data — error logs, performance data, and records of API calls between the App and Shopify.
- Device and technical data — IP address, browser type and version, operating system, language, and similar technical identifiers when you use the Site or App.
- Cookies and similar technologies — see Section 11.
3.4 Data we do not seek
The Services are designed for business use. We do not intentionally collect special categories of personal data (such as data revealing health, racial or ethnic origin, political opinions, religious beliefs, or biometric data), and we ask that you do not submit such data to us through the Services.
4. How we use personal data
We use personal data for the following purposes:
- To provide, operate, and maintain the Services, including applying and updating SEO settings within your store.
- To create and administer your account and to authenticate your store connection.
- To process subscriptions, free trials, and recurring charges through Shopify’s billing system.
- To provide customer support and respond to your questions, requests, and complaints.
- To monitor, secure, troubleshoot, and improve the Services, including diagnosing technical issues, preventing abuse, and developing new features.
- To send administrative and service-related communications, such as updates, security alerts, billing notices, and changes to our terms or policies.
- To send marketing or promotional communications where permitted by law and, where required, with your consent. You may opt out at any time.
- To comply with legal obligations, respond to lawful requests, and enforce our Terms of Service.
- To establish, exercise, or defend legal claims, and to detect, prevent, and address fraud or security incidents.
5. Legal bases for processing
Цe rely on one or more of the following legal bases for personal data processing:
| Legal basis | When we rely on it |
| Performance of a contract | To provide the Services you have requested and to administer your subscription and support. |
| Legitimate interests | To operate, secure, analyse, and improve the Services, prevent fraud, and communicate about the Services — where these interests are not overridden by your rights and freedoms. |
| Legal obligation | To comply with applicable laws, regulations, and lawful requests. |
| Consent | Where required, for example for certain cookies or electronic marketing. You may withdraw consent at any time without affecting prior processing. |
6. How we share personal data
We do not sell personal data. We disclose personal data only in the circumstances described below.
6.1 Sub-processors and service providers. We engage trusted third parties to perform functions on our behalf, such as cloud hosting and storage, analytics, error and performance monitoring, customer-support tooling, and communications. These providers may process personal data only on our documented instructions, are bound by confidentiality and data-protection obligations, and are not permitted to use the data for their own purposes.
The categories of sub-processor we use include:
| Category | Purpose |
| Cloud hosting and infrastructure | Hosting the App and storing data securely |
| Analytics and monitoring | Understanding usage, measuring performance, and detecting errors |
| Customer support and communications | Operating live chat, help desk, and email/Discord support |
6.2 Shopify. As the platform through which the App is distributed, installed, and billed, Shopify processes related data under its own terms and privacy policy.
6.3 Legal, compliance, and safety. We may disclose personal data where required by law, regulation, court order, or governmental request, or where we believe in good faith that disclosure is necessary to comply with legal process, enforce our agreements, protect our rights, property, or safety, or that of our users or the public, or to detect and prevent fraud or security issues.
6.4 Business transfers. If we are involved in a merger, acquisition, financing, reorganisation, bankruptcy, or sale of all or part of our assets, personal data may be transferred as part of that transaction, subject to this Policy continuing to protect it.
7. International data transfers
We are based in Hong Kong, and our service providers may operate in other countries. As a result, your personal data may be transferred to, stored in, or processed in jurisdictions outside your country of residence, including jurisdictions whose data-protection laws may differ from those in your own.
8. Data retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including providing the Services, complying with legal obligations, resolving disputes, and enforcing our agreements.
- Account and store data: retained while your account is active. After you uninstall the App or close your account, we delete or anonymise this data within a reasonable period, typically not exceeding the period required by Shopify’s requirements and applicable law.
- Support communications: retained for as long as needed to handle your request and for a reasonable period afterwards for record-keeping.
- Logs and diagnostic data: retained for a limited period for security, troubleshooting, and analytics, then deleted or aggregated.
- Legal and financial records: retained for the periods required by applicable accounting, tax, and legal obligations.
Where we act as a processor for a Merchant, we delete or return store data in accordance with the Merchant’s instructions on termination, subject to applicable law.
9. Security
We maintain technical and organisational measures designed to protect personal data against unauthorised or unlawful access, use, disclosure, alteration, loss, or destruction. These measures include encryption of data in transit, access controls and the principle of least privilege, network and application security practices, logging and monitoring, and periodic review of our safeguards.
No method of transmission or storage is completely secure, and we cannot guarantee absolute security. You are responsible for keeping your Shopify and account credentials confidential and for promptly notifying us of any suspected unauthorised use.
10. Data breach notification
In the event of a personal data breach that is likely to result in a risk to affected individuals, we will take reasonable steps to investigate, contain, and remediate the incident. Where we are required to do so by applicable law, we will notify the relevant supervisory authority and affected individuals without undue delay. Where we act as a processor, we will notify the affected Merchant without undue delay after becoming aware of a breach affecting their data.
11. Cookies and similar technologies
The Site and App may use cookies and similar technologies to operate the Services, keep you signed in, remember your preferences, maintain sessions, and analyse usage and performance. These may include:
- Strictly necessary — required for core functionality and security.
- Functional — to remember settings and preferences.
- Analytics — to understand how the Services are used and to improve them.
You can control cookies through your browser settings; disabling some cookies may affect functionality. Where required by law, we will request your consent before placing non-essential cookies.
12. Your privacy rights
Depending on where you live, you may have some or all of the following rights in relation to your personal data:
- Access — to obtain confirmation of whether we process your data and a copy of it.
- Correction — to have inaccurate or incomplete data corrected.
- Deletion — to have your data erased in certain circumstances.
- Restriction and objection — to restrict or object to certain processing, including direct marketing.
- Portability — to receive your data in a structured, commonly used, machine-readable format.
- Withdraw consent — where processing is based on consent, without affecting prior processing.
12.1 Hong Kong (PDPO)
Under the Personal Data (Privacy) Ordinance (Cap. 486), you have the right to request access to and correction of the personal data we hold about you. Complaints may be made to the Office of the Privacy Commissioner for Personal Data, Hong Kong (PCPD).
12.2 European Economic Area and United Kingdom (GDPR)
If you are in the EEA or UK, you may exercise the rights listed above and have the right to lodge a complaint with your local supervisory authority. We will respond to verified requests within the timeframes required by law.
12.3 California (CCPA / CPRA)
California residents have the right to know what personal information we collect and how we use and disclose it, to request access, correction, or deletion, and to opt out of any “sale” or “sharing” of personal information. We do not sell personal information and do not share it for cross-context behavioural advertising. We will not discriminate against you for exercising your rights.
12.4 How to exercise your rights
To exercise any of these rights, contact us using the details in Section 14. We may need to verify your identity before responding. If your data is processed by us on behalf of a Merchant (as a processor), we may refer your request to that Merchant and assist them in responding.
13. Children’s privacy
The Services are intended for businesses and are not directed to individuals under the age of 18 (or the age of majority in their jurisdiction). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so that we can delete it.
14. How to contact us
If you have questions, concerns, or requests regarding this Policy or our handling of personal data, please contact us:
Statistical Inference Limited
Office Room Number 68, 7F Woon Lee Commercial Building
7 Austin Ave, Tsim Sha Tsui, Kowloon, Hong Kong
15. Changes to this Policy
We may update this Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. Your continued use of the Services after the changes take effect constitutes acceptance of the updated Policy.