🔒 Privacy Policy

Shop Audit & AI Optimize — Effective Date: January 1, 2025

1. Who We Are

Shop Audit & AI Optimize ("the App", "we", "our", or "us") is a Shopify application that scans your Shopify store for product issues including missing images, missing descriptions, variants without SKUs, out-of-stock products, duplicate handles, and bad SEO metadata.

2. Information We Collect

We collect and store the minimum data necessary to operate the app:

Shop Domain: Your Shopify store's domain (e.g., yourstore.myshopify.com) to identify your account.
Access Token: An OAuth access token issued by Shopify, used to make API calls to your store on your behalf.
Subscription Data: Your billing plan and subscription status, managed through Shopify's billing API.

We do NOT collect or store:

Customer personal data (names, emails, addresses, etc.)
Order data
Scan results (computed on demand, returned to you, never persisted)
Payment card information (handled entirely by Shopify)

3. How We Use Your Information

We use your shop domain and access token solely to:

Authenticate API calls to Shopify on your behalf
Fetch product data for analysis using Shopify's GraphQL Bulk Operation API
Manage your billing subscription via Shopify's billing system

4. Data Storage and Security

All data is stored securely in an encrypted database. Access tokens are stored using industry-standard security practices. We use HTTPS for all data transmission. Shopify's OAuth access tokens can be revoked at any time by uninstalling the app.

5. Data Sharing

We do not sell, trade, or share your data with any third parties. The only external service we communicate with is Shopify's API on your behalf.

6. GDPR Rights

If you are located in the European Economic Area (EEA), you have the following rights:

Right to Access: Request a copy of the data we hold about your shop.
Right to Erasure: Request deletion of all data associated with your shop by uninstalling the app. We implement Shopify's mandatory shop/redact webhook to automatically delete all your data 48 hours after uninstallation.
Right to Portability: Request an export of your data.

To exercise these rights, contact us at privacy@brokenstoredetector.com.

7. GDPR Webhooks

We implement all three mandatory Shopify GDPR webhooks:

customers/data_request: We confirm we hold no customer personal data.
customers/redact: We confirm no customer data needs to be redacted.
shop/redact: We delete all shop data (access token, subscription) within 48 hours of app uninstallation.

8. Data Retention

We retain your shop data for as long as the app is installed. Upon uninstallation, we deactivate your session immediately. Your data is fully deleted after the 48-hour shop/redact grace period as required by Shopify's GDPR requirements.

9. Cookies

We use session cookies solely to maintain your authenticated session within the Shopify Admin embedded app. We do not use tracking or marketing cookies.

10. Children's Privacy

Our app is intended for Shopify merchants and is not directed at children under 13. We do not knowingly collect information from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes through the app interface. Continued use of the app after changes constitutes acceptance.

12. Contact Us

For privacy inquiries, GDPR requests, or any questions about this policy, contact us at:

Email: privacy@brokenstoredetector.com