Cargo logo Cargo

Cargo — Privacy Policy

Last updated: 2026-06-09

Cargo ("the app", "we") helps Shopify merchants import, bulk-edit, and export their product data. This policy explains what data the app accesses, why, and how it is handled.

What we access

When you install Cargo, you grant it access (via Shopify's permission scopes) to:

  • Products, variants, and inventory — to read, create, edit, and export the product data you ask the app to work with.
  • Basic store information provided by Shopify during installation (store domain and the access token Shopify issues to the app).

Cargo does not request or access customer personal data, orders, or payment information.

What we store

  • Your session (store domain + the Shopify-issued access token) — required to call Shopify on your behalf. Deleted when you uninstall the app.
  • Saved mapping templates — the column-mapping choices you explicitly save, stored per store. These contain only spreadsheet column names and Shopify field names — no product or customer content.

We do not store your product catalogue. Product data is read from and written to Shopify in real time during an import, edit, or export, and is not retained on our servers afterward.

AI features (optional)

When you enable an AI option ("Use AI to map columns" or "Write missing descriptions & SEO"), Cargo sends the relevant data to Anthropic (provider of the Claude AI model) to perform that task:

  • AI column mapping sends your spreadsheet column headers (and the list of Shopify field names) — not your row data.
  • AI content generation sends the product attributes you provide (title, vendor, type, tags) to generate a description and SEO text.

This data is processed transiently to return the result and is not used to train models. If you never enable an AI option, no data is sent to Anthropic.

Data deletion

  • Uninstall removes your session immediately.
  • We honour Shopify's mandatory data-deletion webhooks: on a store-redact request we delete your session and saved mapping templates. As we store no customer data, customer data-request and redact requests have nothing to return or erase.
  • You can also email us to request deletion of any data we hold.

Data sharing

We do not sell or share your data. Data is shared only with the sub-processors required to run the app: Shopify (the platform), Anthropic (only when you use an AI feature), and our hosting provider.

Security

Access tokens are stored server-side and used only to call Shopify on your behalf. We use HTTPS for all data in transit.

Contact

Questions or deletion requests: [email protected]

← Back to Cargo