Back to Home

Privacy Policy

Last Updated: March 2026

1. Introduction

MerchantShield ("we," "our," or "us") operates the website merchantshield.ai and the MerchantShield platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services.

2. Information We Collect

Account Information: When you create an account, we collect your name, email address, and authentication credentials through our OAuth provider.

Store Data: When you connect your Shopify store, we access store pages, product data, and theme information solely for the purpose of running compliance audits. We do not store raw page content beyond what is necessary for audit reports.

Payment Information: Payment processing is handled by Stripe. We do not store credit card numbers, CVV codes, or full card details. We retain only Stripe customer IDs and transaction references.

Usage Data: We collect anonymized usage data including pages visited, features used, and audit frequency to improve our service.

Lead Information: If you use our free audit tool, we collect your email address and store URL.

3. How We Use Your Information

  • To provide and maintain our compliance audit and monitoring services
  • To process payments and manage subscriptions
  • To send transactional emails (audit results, alerts, account notifications)
  • To improve our audit algorithms and service quality
  • To respond to support requests

    • We do not sell, rent, or share your personal information with third parties for marketing purposes.

    4. Data Retention

  • Account data is retained while your account is active and for 30 days after deletion
  • Audit reports are retained for 12 months
  • Payment records are retained as required by law
  • Lead data (free audit) is retained for 12 months

    • 5. Data Security

    We use industry-standard encryption (TLS 1.3) for all data in transit. Sensitive credentials (API tokens) are encrypted at rest. Our infrastructure is hosted on secure cloud platforms with SOC 2 compliance.

    6. Third-Party Services

    We use the following third-party services:

  • Stripe for payment processing
  • Shopify API for store data access (with your authorization)
  • Google Merchant Center API for GMC status (with your authorization)

    • Each service has its own privacy policy governing their use of your data.

    7. Your Rights

    You have the right to:

  • Access your personal data
  • Request correction of inaccurate data
  • Request deletion of your data
  • Export your data in a portable format
  • Opt out of marketing communications

    • To exercise these rights, contact us at [email protected].

    8. GDPR Compliance

    For users in the European Economic Area, we process data under the legal basis of contract performance (for service delivery) and legitimate interest (for service improvement). You may contact our data protection team at [email protected].

    9. CCPA Compliance

    California residents have additional rights under the CCPA, including the right to know what data we collect and the right to request deletion. We do not sell personal information.

    10. Changes to This Policy

    We may update this policy from time to time. We will notify you of material changes via email or in-app notification.

    11. Contact

    For privacy-related inquiries: [email protected]