Privacy Policy

Store Health Check — last updated 2026-05-26

1. Introduction

Store Health Check (“the App,” “we,” “us,” or “our”) is a Shopify app that performs a read-only diagnostic scan of your Shopify store and computes a Store Health Score based on approximately 19 deterministic checks across four categories: Compliance & Trust, Catalog, Conversion, and Polish & SEO. A paid Pro tier additionally offers a small number of reversible one-click fixes.

This Privacy Policy explains what information the App accesses from your Shopify store, what we store in our database, how we use it, who we share it with, how long we keep it, and what rights you have over it. Please read it carefully. By installing the App you agree to the practices described here.

This policy covers merchants (Shopify store owners and their staff) who install or use the App. It does not cover the practices of Shopify, Inc. itself — see Shopify’s Privacy Policy for that.

2. What the App Does and Why It Reads Store Data

To compute your Store Health Score the App reads certain configuration metadata from your Shopify store via the Admin API. The App is designed with strict data minimization in mind: it reads only the specific metadata required to evaluate each check, and it deliberately does not request access to customer personal data, financial data, or order data.

Specifically, the App is granted the following Admin API access scope:

• read_products — used to evaluate catalog checks (e.g. whether products have featured images, description lengths, whether product type and SEO meta description fields are populated, image alt-text counts, Online Store publication status).
• read_content — used to evaluate page presence checks (e.g. whether the store has an About Us or Contact page, identified by handle and title only).
• read_shipping — used to evaluate shipping configuration checks (e.g. whether at least one shipping zone and rate exists).
• read_themes — used to evaluate the favicon check (whether the active theme has a favicon asset configured). The App reads only the theme’s favicon setting, not your full theme code.
• read_legal_policies — used to evaluate whether each required store policy (Refund Policy, Privacy Policy, Terms of Service, Shipping Policy) has been created and has a non-trivial body length. The App reads only which policy types exist and the character length of their body text, not the policy text itself.
• read_locales — read_online_store_pages — used to evaluate page-level checks (whether the necessary pages exist, by handle/title).

The App does not request and does not read: customer personal data, order data, draft orders, financial reports, metafields (except where required by the checks listed above), staff account details, payout information, or your theme source code beyond the favicon configuration setting.

3. What We Store

After a scan, the App persists the following information to our database:

3.1 Store identifier

Your store’s .myshopify.com domain (e.g.your-store.myshopify.com). This is the primary key that associates all other stored data with your store. We do not store your store’s public-facing custom domain.

3.2 Store Snapshot

A snapshot is the set of metadata values read from your store at scan time. Specifically, for each scan we store:

• Per-product booleans and numeric counts: whether each product has a featured image; the character length of each product’s description (not the description text itself); whether each product has a product type set; whether each product has an SEO meta description; the count of images with alt text for each product; whether each product is published to the Online Store channel; and each product’s numeric Shopify ID (used as a foreign key, not a customer-identifying value).
• Collection counts: the total number of collections and the number of products in each collection (by collection ID and product count).
• Policy metadata: which of the four standard Shopify policy types (Refund Policy, Privacy Policy, Terms of Service, Shipping Policy) exist on the store, and the character length of each policy’s body. We do not store the policy text.
• Theme settings: whether the active theme has a favicon configured (boolean).
• Page metadata: the handle and title of pages on the Online Store channel, used to determine the presence of standard pages (About Us, Contact Us, etc.).
• Shipping metadata: the count of shipping zones and the count of rates within each zone.
• Business address: a boolean indicating whether a business address is set on the store.
• Store contact email: the store’s public-facing contact email address, used for the “contact email present” check.

We do not store: product titles, descriptions, images, URLs, prices, inventory levels, SKUs, vendors, tags, or any other product text content beyond the lengths and booleans listed above. We do not store customer names, email addresses, phone numbers, physical addresses, order history, payment information, or any other customer personal data. We do not store your theme templates, Liquid code, CSS, or JavaScript.

3.3 Scan results

The results of each check (pass / partial / fail / n/a), the computed Store Health Score, and the timestamp of each scan are stored so you can view your score history.

3.4 Work Ledger (Pro tier)

For merchants on the Pro plan, when you apply an autofix, the App logs an entry to a Work Ledger that records: which fix was applied, the timestamp, and the previous value of the field that was changed (so the fix can be undone). For example, if the App sets a missing image alt text, it records the product ID, image ID, and the fact that the previous alt text was empty. This prior-value log is retained for as long as your data is retained (see section 5) and is deleted together with the rest of your store data on uninstall or upon a GDPR deletion request.

3.5 Session data

The App stores Shopify session tokens in the database for the duration of your installation. These tokens are used solely to authenticate requests from your store’s admin to our servers. They are purged on uninstall.

4. How We Use the Data

We use the data described above solely to:

• Compute and display your Store Health Score and the individual check results to you (the merchant) within the App.
• Provide scan history so you can track improvement over time.
• Execute and record autofix actions (Pro tier) and provide an undo mechanism.
• Respond to Shopify’s mandatory GDPR compliance webhooks (see section 7).
• Diagnose errors in our application via our error-monitoring service (see section 6 — sub-processors). Error reports do not contain merchant product content or customer data.

We do not use your store data for advertising, for training any AI or machine-learning model, for any form of profiling, or for sale or transfer to third parties.

We do not use any third-party AI or large-language-model (LLM) processors in the processing of your store data. The Store Health Score is computed entirely by deterministic logic running on our servers.

5. Data Retention

Your store’s data (the store snapshot, scan results, Work Ledger, and session data) is retained for as long as the App is installed on your store.

When you uninstall the App, we receive a Shopify app/uninstalled webhook. At that point we mark your store record as inactive and stop processing. We retain the data for up to 30 days after uninstall in order to support reinstalls — if you reinstall within 30 days, your scan history is preserved. After 30 days the data is automatically and permanently deleted.

Upon receipt of a Shopify shop/redact GDPR webhook (which Shopify sends 48 hours after uninstall at the earliest, and up to 90 days later), your store’s data is deleted immediately, regardless of the 30-day window described above.

6. Sub-Processors and Hosting

We rely on the following third-party sub-processors to operate the App:

• Shopify, Inc. — Platform operator and provider of the Admin API through which we read your store’s metadata. Shopify processes data under its own DPA and privacy policy. See Shopify Privacy Policy.
• Railway, Inc. — Cloud hosting provider for our application server and PostgreSQL database. Your store’s snapshot and scan data reside in a PostgreSQL database on Railway infrastructure. Railway’s data centers are located in the United States. See Railway Privacy Policy.
• Sentry (Functional Software, Inc.) — Application error monitoring. When enabled, Sentry receives error reports from our server that include stack traces and request context. These reports do not include your product content, policy text, or customer data. See Sentry Privacy Policy. Error monitoring is only active when the SENTRY_DSN environment variable is configured.

We do not use any other sub-processors. We do not send your store data to any analytics service, advertising network, data broker, or AI/LLM provider.

7. GDPR, CCPA, and Mandatory Compliance Webhooks

7.1 GDPR compliance webhooks

Shopify requires all apps to honor three mandatory compliance webhooks. We implement all three:

• customers/data_request — A merchant’s customer may request a copy of their personal data held by apps installed on that store. Because Store Health Check does not collect, store, or process any customer personal data (we do not receive customer records, order data, or any information tied to an individual customer), our response to this webhook is: no personal data is held for the named customer.
• customers/redact — A merchant’s customer may request deletion of their personal data held by apps. As above, we hold no customer personal data; our handler for this webhook confirms deletion (no data is held to delete).
• shop/redact — Sent by Shopify after a store uninstalls and requests data deletion. Upon receipt, we permanently and immediately delete all data associated with the.myshopify.com domain identified in the webhook payload: the store record, all scan snapshots, all scan results, the Work Ledger, and all session data.

7.2 Your rights as a merchant (GDPR / CCPA)

If you are located in the European Economic Area, the United Kingdom, or California, you may have additional rights regarding your data, including:

• Right of access — You may request a copy of the data we hold about your store.
• Right to erasure — You may request deletion of your store’s data. The most direct way to exercise this right is to uninstall the App (Shopify will subsequently send us the shop/redact webhook, which triggers deletion). You may also contact us directly.
• Right to rectification — If any data we hold is inaccurate, you may request correction. In practice, the data we hold is computed from your store at scan time; re-scanning produces a fresh accurate snapshot.
• Right to portability — You may request a machine-readable export of your scan data.
• Right to object — You may object to our processing of your data. The primary mechanism is uninstalling the App, which terminates processing.

To exercise any of these rights, contact us at support@store-health-check.example. We will respond within 30 days.

8. International Data Transfers

Our application servers and database are hosted on Railway’s infrastructure, which is located in the United States. If you are based outside the United States, your store metadata is transferred to and processed in the United States when you use the App. We rely on Shopify’s standard data-processing agreements and Railway’s data-processing terms to provide appropriate safeguards for such transfers where applicable under GDPR.

9. Security

We implement the following security measures to protect the data we store:

• All communication between your Shopify store and our servers takes place over HTTPS/TLS.
• All webhook payloads from Shopify are verified using HMAC-SHA256 before processing.
• App Bridge session tokens are verified cryptographically on every authenticated request.
• Access to our production database is restricted to our application server; it is not publicly accessible.
• We do not log the content of webhook payloads that contain merchant or customer information beyond the store domain identifier.

No method of electronic storage or transmission is 100% secure. While we strive to protect your information using commercially reasonable means, we cannot guarantee absolute security.

10. Children’s Privacy

The App is a business-to-business service intended for Shopify merchants (businesses and business operators). It is not directed at children under the age of 13 (or 16 where applicable under local law), and we do not knowingly collect personal information from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the “last updated” date at the top of this page. For material changes, we will notify merchants via the App’s in-app interface or by email to the store contact address. Continued use of the App after a policy change constitutes acceptance of the updated policy.

12. Contact Us

For any questions about this Privacy Policy, to exercise your data rights, or to report a privacy concern, please contact us at:

support@store-health-check.example

We aim to respond to all privacy-related inquiries within 30 calendar days.

© 2026 Store Health Check. All rights reserved.