Privacy Policy

On-page scan data. When you click the extension on a storefront, it reads publicly available page content — loaded script URLs, global JavaScript variables, DOM markers, runtime JavaScript errors, and basic performance timings — to detect installed apps and compute a health score. This is the same information any visitor’s browser already receives from the page.

Account data. If you purchase a paid plan, we store your email address and a generated license key. Payment is processed by our payment provider (Razorpay); we never see or store your card details.

Saved scans (Pro/Agency). If you save a store or scan, we store the scan result (store URL, page type, health score, detected apps, conflict and error counts) linked to your license key, so you can view history and trends.

Operational data. We keep minimal logs (e.g. request timestamps and rate-limit counters) to keep the service reliable and prevent abuse.

• We do not collect your browsing history. The extension only acts on the tab when you click it, and only reads the storefront page in front of you.
• We do not read or transmit your Shopify admin, customer lists, orders, or any logged-in session data.
• We do not collect payment card details — those go directly to Razorpay.
• We do not sell, rent, or share your personal data with third parties for advertising.

The extension requests only the permissions it needs to scan the page you’re viewing:

• activeTab & scripting — to run the scan on the store tab when you click the icon.
• storage — to cache your plan and license key locally so the extension works offline.
• tabs — to know which store you’re currently viewing.
• alarms — to schedule lightweight background checks for monitored stores.
• host access (https) — so the scan can run on any Shopify storefront you choose to check.

• To compute and display your store’s health score and conflicts.
• To deliver your license key by email and validate your plan.
• To store scan history and run daily monitoring (Pro/Agency), including score-drop alert emails.
• To send transactional and account emails (license delivery, monitoring alerts, weekly digest).
• To prevent abuse and keep the service running.

When you request a plain-English explanation of a conflict or error (a Pro feature), the relevant conflict/error details are sent to our AI provider (Anthropic) to generate the explanation. We do not send your email, license key, or any personal identifiers with that request.

Account and scan data are stored in our database (Supabase) and accessed only by our backend. We share data only with the processors needed to run the service: Razorpay (payments), Resend (email delivery), Anthropic (AI explanations), and our hosting provider (Vercel). Each receives only what it needs for its function.

Saved scan results are automatically deleted after 90 days. Your account record (email, license, plan) is retained while your account is active and for a reasonable period afterward for billing and support. You can request deletion at any time (see below).

You can access, correct, export, or delete your data by emailing us. To delete locally cached data, remove the extension or clear its storage from your browser. To delete your account and saved scans, email [email protected] from your account email.

ShopifyGuard is a business tool and is not directed at children under 16. We do not knowingly collect data from children.

We may update this policy as the product evolves. Material changes will be reflected by a new effective date at the top of this page.

Questions about privacy or your data? Email [email protected].