ShopSentry — Privacy Policy

Effective Date: April 23, 2026

Last Updated: April 23, 2026

This Privacy Policy describes how Sonder Digital Pty Ltd ("ShopSentry," "we," "us," or "our") collects, uses, stores, and shares information when you use the ShopSentry platform, including our website, free store audit scanner, and paid monitoring service (collectively, the "Service").

By using the Service, you acknowledge that you have read and understood this Privacy Policy. This policy should be read alongside our Terms of Service.

1. Information We Collect

1.1. Information You Provide

• Account information: When you install the ShopSentry Shopify app, we receive your Shopify store name, store URL, store owner name, and email address via Shopify OAuth.
• Scanner submissions: When you use the free Scanner, we collect the store URL you submit and, if you opt in to receive your full report, your email address.
• Communication data: When you contact us for support or feedback, we collect your name, email address, and the content of your messages.
• Notification preferences: Your chosen alert channels (email addresses, Slack workspace details, SMS phone numbers) and notification settings.

1.2. Information We Collect Automatically

• Shopify Store data: Upon app installation and authorisation, we access Store data via the Shopify API as necessary to provide monitoring. This may include product data, order and checkout error data, theme and script information, and app installation data. We do not access customer payment information or personally identifiable customer data beyond what is necessary for checkout funnel monitoring.
• Monitoring and performance data: Site performance metrics (e.g., page load times, Core Web Vitals), HTTP error codes, broken links, script errors, redirect chains, and related technical data collected during monitoring scans.
• Usage data: How you interact with the ShopSentry dashboard, including pages viewed, features used, alert actions taken, and session duration.
• Device and browser data: IP address, browser type and version, operating system, device type, and referring URL when you visit our website or dashboard.
• Cookies and similar technologies: We use cookies and similar tracking technologies on our website and dashboard. See Section 7 for details.

1.3. Information from Third Parties

Shopify: Account and Store data provided through Shopify OAuth and the Shopify API.

Stripe: Billing status, subscription events, and limited payment metadata (e.g., last four digits of card, card brand, billing country) provided by Stripe in connection with your subscription. Full payment card details are handled by Stripe and are not provided to us.

Google APIs: Performance data from the Google PageSpeed Insights API, real-user performance data from the Chrome UX Report API, and Google Merchant Center account and product feed data from the Google Merchant API. See Section 10.2 for details.

2. How We Use Your Information

We use the information we collect to:

• Provide the Service: Run monitoring scans, detect issues, calculate revenue impact estimates, and deliver alerts via your configured channels.
• Operate the Scanner: Analyse publicly accessible store data, generate audit reports, and deliver reports to your email if requested.
• Manage your Account: Authenticate your identity, manage your subscription, and communicate with you about your Account.
• Improve the Service: Analyse usage patterns, diagnose technical issues, and develop new features. We may use aggregated, de-identified Monitoring Data for this purpose.
• Communicate with you: Send transactional emails (alerts, account notifications, billing confirmations), and, where you have opted in, marketing communications about ShopSentry.
• Ensure security: Detect and prevent fraud, abuse, and unauthorised access.
• Comply with legal obligations: Respond to legal requests and enforce our Terms of Service.

3. How We Share Your Information

We do not sell your personal information or Store data to third parties. We may share information in the following circumstances:

3.1. Service Providers

We use third-party service providers to help operate the Service. These providers process data on our behalf and are contractually obligated to use it only for the purposes we specify. Key categories include:

• Cloud infrastructure: Amazon Web Services (AWS) for hosting, compute, and data storage.
• Database: Neon (serverless PostgreSQL) for application data storage.
• Billing: Stripe, Inc. for subscription payment processing.
• Email delivery: Transactional and alert email delivery providers.
• SMS delivery: SMS alert delivery providers.
• Analytics: Website and product analytics tools to understand usage patterns.

3.2. Slack Integration

If you connect Slack for alert delivery, we send alert data to your designated Slack workspace and channel(s). This data is then subject to Slack's privacy policy.

3.3. Legal Requirements

We may disclose information if required to do so by law, regulation, legal process, or government request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

3.4. Business Transfers

In the event of a merger, acquisition, reorganisation, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your information.

3.5. Aggregated and De-identified Data

We may share aggregated or de-identified data that cannot reasonably be used to identify you. For example, we may publish aggregate statistics about common Shopify store issues.

4. Data Retention

• Account and Monitoring Data: We retain your Account data and Monitoring Data for the duration of your active Subscription. Following termination or cancellation, we retain this data for 30 days to allow for data export requests, after which it is deleted.
• Scanner data: Scanner results and associated email addresses are retained for 12 months from the date of the scan, after which they are deleted.
• Usage and analytics data: Retained in aggregated or de-identified form for up to 24 months.
• Communication records: Support correspondence is retained for up to 24 months after your last interaction.
• Legal obligations: We may retain certain data for longer periods where required by law.

5. Data Security

We implement appropriate technical and organisational measures to protect your information, including:

• Encryption of data in transit (TLS) and at rest.
• Access controls limiting employee access to personal data on a need-to-know basis.
• Regular security reviews of our infrastructure and code.
• Use of reputable, security-certified cloud infrastructure providers.

No method of transmission or storage is completely secure. While we strive to protect your data, we cannot guarantee absolute security.

6. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal information:

6.1. Access and Portability

You may request a copy of the personal information we hold about you, including your Monitoring Data, in a commonly used format.

6.2. Correction

You may request that we correct inaccurate or incomplete personal information.

6.3. Deletion

You may request that we delete your personal information. Note that we may retain certain data where required by law or for legitimate business purposes (such as resolving disputes).

6.4. Objection and Restriction

You may object to or request restriction of our processing of your personal information in certain circumstances.

6.5. Withdraw Consent

Where we rely on your consent to process personal information, you may withdraw that consent at any time.

6.6. Marketing Opt-Out

You may unsubscribe from marketing emails at any time by clicking the unsubscribe link in any marketing email or by contacting us. This does not affect transactional emails related to your Account or alerts.

6.7. Exercising Your Rights

To exercise any of these rights, contact us at support@shopsentry.io. We will respond within 30 days (or sooner where required by applicable law). We may need to verify your identity before processing your request.

7. Cookies and Tracking Technologies

7.1. What We Use

• Essential cookies: Required for the Service to function (authentication, session management). These cannot be disabled.
• Analytics cookies: Help us understand how visitors use our website and dashboard. We use these to improve the Service.
• Marketing cookies: Used only on our public website (not within the app dashboard) to measure the effectiveness of our marketing efforts.

7.2. Your Choices

You can control cookies through your browser settings. Disabling essential cookies may prevent the Service from functioning correctly. We honour Do Not Track (DNT) browser signals on our marketing website.

8. International Data Transfers

Our Service is hosted on infrastructure located in the United States (AWS us-east-2, Ohio). If you are accessing the Service from outside this region, your information may be transferred to, stored, and processed in a jurisdiction with different data protection laws than your own.

Where required by applicable law, we ensure appropriate safeguards are in place for international data transfers, such as standard contractual clauses.

9. Children's Privacy

The Service is not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child, we will take steps to delete it promptly.

10. Platform-Specific Disclosures

10.1. Shopify

10.1.1. Shopify App Data Access

When you install ShopSentry, we request access to specific Shopify API scopes necessary to provide the Service. We only request the minimum scopes required. You can review and revoke app permissions at any time through your Shopify admin.

10.1.2. Customer Data

ShopSentry is a store monitoring tool. We do not collect, store, or process your customers' personal information (such as names, addresses, or payment details) except where checkout or cart error data may incidentally contain anonymised or aggregated transactional metadata necessary for funnel monitoring. We do not use any such data for purposes other than providing the monitoring service to you.

10.1.3. Shopify's Terms

Our use of Shopify data is also subject to the Shopify API Terms of Service and the Shopify App Store requirements. In the event of any conflict between this Privacy Policy and Shopify's requirements, Shopify's requirements prevail with respect to Shopify data.

10.2. Google APIs

ShopSentry integrates with Google services to provide performance monitoring and Google Shopping feed health monitoring. The specific Google APIs we access, the data we receive, and the purpose of use are as follows:

10.2.1. Google Merchant API

If you choose to connect your Google Merchant Center account, we request the https://www.googleapis.com/auth/content OAuth scope. We access your Merchant Center account and product feed data — including account identifiers, product feed status, disapproved products, feed errors, and policy violations — solely to monitor feed health, detect issues, and deliver alerts through the Service. We do not modify your product data and do not use this data for advertising purposes, to train generalised AI or machine learning models, or to develop, improve, or offer products or services unrelated to the Service.

10.2.2. Google PageSpeed Insights API

We use the PageSpeed Insights API to retrieve lab-based performance metrics and Core Web Vitals for store URLs scanned or monitored by the Service. This API does not require user authentication and no personal information is transmitted.

10.2.3. Chrome UX Report API

We use the Chrome UX Report API to retrieve aggregated, anonymised real-user performance data (field data) for store URLs. This API does not require user authentication and no personal information is transmitted.

10.2.4. Revoking Access

You may revoke ShopSentry's access to your Google Merchant Center account at any time via your Google Account permissions at https://myaccount.google.com/permissions.

10.2.5. Limited Use Compliance

ShopSentry's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. We do not sell data obtained from Google APIs, do not use it for serving advertisements, do not allow humans to read the data except as required for security, to comply with applicable law, or with your explicit consent, and do not transfer the data to third parties except as necessary to provide and improve the Service, to comply with applicable law, or as part of a merger, acquisition, or sale of assets with notice to you.

11. Agency Accounts

If you use ShopSentry under an Agency plan to monitor client Stores, you are the data controller for any personal information related to your clients and their Stores. You are responsible for:

• Obtaining appropriate authorisation from your clients to install and use ShopSentry on their Stores.
• Informing your clients about how their Store data is processed.
• Complying with applicable privacy laws in relation to your clients' data.

We process client Store data on your behalf as a data processor.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service at least 14 days before they take effect. The "Last Updated" date at the top of this policy indicates when it was most recently revised.

Your continued use of the Service after changes take effect constitutes acceptance of the updated Privacy Policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Email: support@shopsentry.io
Website: https://www.shopsentry.io
Postal Address: U 7, 34 Charles Street, Parramatta, NSW 2150, Australia

This Privacy Policy was last updated on April 23, 2026.