Last updated: March 2026
Account Information:
- Email address (for account creation and communication)
- Password (encrypted hash)
- Registration timestamp
Onboarding Data:
- Store URL (public information)
- E-commerce platform (Shopify, WooCommerce, etc.)
- Customer regions/countries
- Revenue range
- AI tools used
- Industry type
Technical Data:
- IP address (for rate limiting and security)
- Browser type and version
- Device information
- Usage patterns and session duration
Scan Results:
- Compliance analysis results
- Risk scores and violation counts
- Timestamp and duration
Primary Purpose:
- Generate compliance reports for your store
- Provide educational compliance analysis
- Maintain and improve our service
Communication:
- Send account-related notifications
- Provide customer support
- Send important service updates
Analytics:
- Aggregate usage statistics
- Improve AI analysis accuracy
- Monitor service performance
Security:
- Prevent fraud and abuse
- Enforce rate limits
- Protect user accounts
We DO NOT:
- Sell personal data to third parties
- Use data for advertising targeting
- Share data with data brokers
- Create individual user profiles beyond service needs
Storage Provider:
- Supabase (built on PostgreSQL)
- AWS infrastructure (US-East region)
- SOC 2 Type II certified
Security Measures:
- Encryption at rest (AES-256)
- Encryption in transit (TLS 1.3)
- Regular security audits
- Access controls and authentication
- Automated backups
Data Retention:
- Account data: Retained until account deletion
- Scan results: Retained for 365 days after last scan
- IP addresses: Retained for 30 days for security
- Deleted data: Permanently removed within 30 days
AI Service Provider:
- OpenAI API (for compliance analysis)
- Data processed for analysis only
- Not used for model training
- Data deleted after processing (max 30 days)
- DPA in place with OpenAI
Infrastructure:
- Supabase (database and authentication)
- Vercel (application hosting)
- AWS (underlying infrastructure)
All processors are GDPR and CCPA compliant.
Right to Access (Article 15):
- Request copy of your personal data
- Know how we use your data
- Know who we share data with
Right to Rectification (Article 16):
- Correct inaccurate personal data
- Complete incomplete data
Right to Erasure (Article 17):
- Request deletion of your data
- "Right to be forgotten"
- Exceptions for legal obligations
Right to Portability (Article 20):
- Receive data in machine-readable format
- Transfer to another service
Right to Object (Article 21):
- Object to direct marketing
- Object to processing for legitimate interests
To exercise these rights, email: privacy@storecomply.com
Response time: Within 30 days
Essential Cookies:
- Authentication tokens
- Session management
- Security preferences
Analytics Cookies:
- Google Analytics (optional)
- Anonymous usage statistics
- Performance monitoring
We DO NOT use:
- Advertising cookies
- Cross-site tracking cookies
- Social media tracking pixels
Cookie Consent:
- Banner displayed on first visit
- Preference saved for 1 year
- Can change preferences anytime
Data Processing Locations:
- Primary: United States (AWS US-East)
- Backup: Multiple AWS regions
Legal Basis for Transfer:
- Standard Contractual Clauses (SCCs)
- GDPR Article 46 safeguards
- Adequacy decisions where applicable
EU Users:
- Additional protections for EU data
- Right to object to transfers
- Contact privacy@storecomply.com for concerns
In Case of Data Breach:
- Notification within 72 hours (GDPR)
- Email notification to affected users
- Clear description of breach
- Steps taken to address breach
- Recommendations for users
Prevention Measures:
- Regular security audits
- Employee training
- Incident response plan
- Encryption and access controls
Our service is not intended for children under 18. We do not knowingly collect personal information from children under 18. If we become aware of such collection, we will delete it immediately.
We may update this privacy policy from time to time. We will notify users of significant changes by:
- Email notification
- Website banner
- In-app notification
Last updated: March 2026
Next review: September 2026
Privacy Questions:
- Email: privacy@storecomply.com
- Response time: Within 30 days
Data Protection Officer:
- Email: dpo@storecomply.com
- For GDPR-related inquiries
Business Address:
- StoreComply
- [Your Business Address]
- [City, Country, Postal Code]