Privacy Policy

Last updated: March 27, 2026

GMC Store Readiness Scanner ("the App") is a Shopify embedded application that helps merchants assess their store's readiness for Google Merchant Center. This policy explains what data we access, how we use it, and how we protect it.

1. Data We Access

When you install the App, we request the following Shopify API permissions:

Products (read-only) — to check product data quality (titles, descriptions, images, pricing, inventory).
Legal Policies (read-only) — to verify that required policies (refund, shipping, privacy, terms of service) are published.
Online Store Pages (read-only) — to check for important pages like contact and about pages.
Online Store Navigation (read-only) — to verify that key pages are accessible from your store's navigation.

We also crawl your public storefront URL to check for SSL certificates, page load performance, structured data, and other technical requirements.

2. AI-Powered Analysis

The App uses Google's Gemini API to perform intelligent analysis of your store content, including business name consistency, policy quality, product content, and compliance checks. During a scan:

Your store name, email, address, and currency from Shopify admin settings are sent to the Gemini API.
Storefront page text (homepage, about, contact, and policy pages) is sent for content analysis.
Product titles, descriptions, and types (up to 10 products) are sent to check for quality issues.

This data is sent to Google's Gemini API exclusively for real-time analysis. We use a paid API tier — Google does not use your data to train its AI models. No store data is retained by Google after the API response is returned. The AI analysis results are used only to generate your scan report and are not stored separately from your scan results.

3. Data We Store

We store the following data in our database:

Shop domain — to associate scans with your store.
Scan results — scores, check outcomes, and category breakdowns from each scan you run.
Billing events — subscription status and plan changes for billing management.
Shopify session tokens — to authenticate your requests to the App.

We do not store your product data, customer data, order data, or any personal information about your customers. Product and policy data is read during a scan and discarded after the scan completes — only the pass/fail results are retained.

4. Customer Data

The App does not access, collect, or store any data about your customers. We have no access to customer names, emails, addresses, orders, or any personally identifiable information of your buyers.

5. How We Use Your Data

Your data is used exclusively to:

Run compliance scans and generate readiness scores.
Perform AI-powered content analysis via the Gemini API during scans.
Display scan history and comparisons within the App.
Generate PDF reports when requested.
Manage your subscription and billing status.

6. Third-Party Services

The App uses the following third-party services to operate:

Google Gemini API — for AI-powered content analysis during scans. Data is processed in real-time and not retained by Google. We use a paid tier that prevents data from being used for model training. See Google's Gemini API Terms.
Railway — for application and database hosting. All data is stored in secured infrastructure with encrypted connections.
Shopify — for authentication, billing, and store data access via the Admin API.

We do not sell, rent, or share your data with any other third parties. We do not use your data for advertising or marketing purposes.

7. Data Retention

Scan results and billing history are retained for as long as the App is installed on your store. When you uninstall the App, all associated data (shop record, scan results, check results, billing events, and session data) is automatically and permanently deleted.

If you request data deletion through Shopify's GDPR mechanisms, we process the request and delete all data associated with your shop.

8. Data Security

Your data is stored in a secured PostgreSQL database hosted on Railway. All communication between the App and Shopify uses HTTPS encryption. Access to the database is restricted to the application only; no manual or third-party access is enabled.

9. GDPR Compliance

We support all mandatory Shopify GDPR webhooks:

Customer data request — we acknowledge and confirm we do not store customer data.
Customer data erasure — we confirm no customer data exists to delete.
Shop data erasure — we delete all shop-associated data (scans, results, billing events, sessions).

10. Your Rights

You may at any time:

Uninstall the App to trigger automatic deletion of all your data.
Contact us to request a copy of your stored data.
Contact us to request manual deletion of your data.

11. Changes to This Policy

We may update this privacy policy from time to time. Any changes will be reflected on this page with an updated "Last updated" date.

12. Contact

If you have questions about this privacy policy or your data, contact us at: support@velvetdevelopment.com