Privacy Policy

Last updated: March 23, 2026

1. Who we are

StoreSentinel (storesentinel.app) is a Shopify app. We act as the data controller for the information described in this policy. For any privacy questions, contact us at support@storesentinel.app.

2. What data we collect

When you install StoreSentinel, we access and store the following data from your Shopify store:

• Store domain — your myshopify.com URL
• Store owner email — from the Shopify Shop API, used for alert notifications
• Aggregated order metrics — chargeback rate (%), refund rate (%), average fulfillment speed (hours), cancellation rate (%)
• Product data — titles, descriptions, and tags for policy compliance scanning

We do NOT collect: individual customer names, email addresses, physical addresses, payment details, order line items, or any other customer personal data. We process only aggregated metrics.

3. Legal basis for processing (GDPR Article 6)

We process your data on the following legal bases under the General Data Protection Regulation (GDPR):

• Legitimate interest (Article 6(1)(f)) — providing the store health monitoring service you requested by installing the app
• Contract (Article 6(1)(b)) — fulfilling the terms of your app subscription

4. How we use your data

• Calculating your store health score (0–100) from the 5 monitored signals
• Sending alert emails and Slack notifications when thresholds are crossed
• Running policy compliance scans against Shopify's Acceptable Use Policy
• Generating AI-powered score explanations and appeal emails (Pro plan)
• Improving the accuracy and reliability of the service

We do not sell, rent, or share your data with third parties for marketing purposes. Ever.

5. Data retention

• Score history is retained for 90 days
• When you uninstall the app, your access token and contact information are cleared immediately
• All remaining store data (scores, alerts, scans) is permanently deleted within 24 hours via Shopify's shop/redact webhook
• You can request immediate deletion at any time by contacting support@storesentinel.app

6. Your rights under GDPR

If you are in the European Economic Area, you have the following rights:

• Right of access — request a copy of the data we hold about your store
• Right to rectification — request correction of inaccurate data
• Right to erasure — request deletion of your data (or simply uninstall the app)
• Right to data portability — receive your data in a machine-readable format
• Right to restriction — request that we limit processing of your data
• Right to object — object to processing based on legitimate interest

To exercise any of these rights, email support@storesentinel.app. We respond within 24 hours.

7. Third-party services

We use the following third-party services to operate StoreSentinel:

• Railway — application and database hosting (EU region)
• Resend — email delivery for alerts and notifications
• Anthropic — AI-powered policy scanning and score explanations (Pro plan only). Product titles and descriptions may be sent to Anthropic's API (hosted in the United States) for policy compliance analysis. Anthropic does not retain this data beyond the API request. This transfer is governed by standard contractual clauses.

No data is sold to or shared with any other third parties.

8. Cookies

StoreSentinel uses only session cookies required for Shopify authentication. We do not use tracking cookies, analytics cookies, or advertising cookies.

9. Contact

For privacy questions, data requests, or GDPR inquiries, contact us at support@storesentinel.app. We respond within 24 hours.