Last updated: May 5, 2026

Privacy Policy

ShieldKit is a Shopify Embedded App that scans Shopify stores for Google Merchant Center compliance issues and surfaces AI-search visibility tools. This policy describes what data ShieldKit collects, how we use it, who we share it with, and how merchants can request deletion. Plain English first, then specifics.

Who runs ShieldKit

ShieldKit is built by Plucore. Questions about this policy or your data can go to hello@shieldkit.app.

Data we collect

When you install ShieldKit on your Shopify store, we collect and store:

• Shopify OAuth tokens. Encrypted with AES-256-GCM before being written to our database. Used solely to make Shopify Admin API calls on your store's behalf.
• Shop metadata. Domain, shop name, billing address country, currency, primary locale — read from the Shopify Admin API at scan time so we can run compliance checks against your store's configuration.
• Scan results. Compliance scores, individual check results, the URLs we fetched, the HTML snippets we analysed, and any violation details we surfaced. Linked to your shop ID.
• Billing state. Plan tier, billing cycle, Shopify subscription identifier, subscription start time. We do not see or store credit card details — Shopify handles all payment data.
• Merchant-supplied content. Anything you type into the app: AI-policy-generator inputs, GMC re-review appeal letter inputs, Shield Max settings (logo URL, social URLs, etc.), AI bot allow/block preferences.
• Lead email. The shop owner's email address (read from shop.email via the Shopify Admin API) is stored once at first scan to send the weekly health digest.

ShieldKit does not collect or store any data about your store's customers. We do not read order data, customer profiles, addresses, or payment records. The GDPR customers/data_request and customers/redact webhooks return HTTP 200 immediately because we have nothing to return or delete.

How we use the data

• Run the 12-point compliance scan and generate fix instructions.
• Generate AI-assisted store policies and GMC appeal letters using Anthropic's Claude API. Inputs you provide are sent to Anthropic's API for inference; we do not retain them after the response is returned beyond the database row that stores the generated artifact.
• Send the weekly health digest email when you're on a paid plan.
• Cache an llms.txt file for Shield Max merchants so AI search agents can discover your products and policies.
• Operate the app: authentication, billing reconciliation, error logging.

Data we share

We do not sell, rent, or share your data with third parties for marketing or any commercial purpose. The only third parties that touch your data are infrastructure subprocessors required to run the app:

• Supabase — primary database (PostgreSQL). All scan results, billing state, and encrypted OAuth tokens live here.
• Vercel — application hosting and Cron job execution.
• Anthropic — Claude API for AI policy generation and appeal letter drafting. Inputs you provide for these features are sent to Anthropic for inference.
• Resend — transactional email delivery for the weekly health digest.
• Google PageSpeed Insights — public storefront URLs are submitted to Google's PageSpeed API as part of compliance check #9. No private store data is sent.
• Shopify — for billing, webhooks, and the Admin API calls that drive the scanner.

Data retention

We retain data for as long as the app remains installed on your shop.

• When you uninstall ShieldKit, your Shopify session is deleted immediately and your merchant row is soft-deleted (marked with anuninstalled_at timestamp). Scans, violations, and digest history are kept for the 48-hour window Shopify gives merchants to reinstall before the GDPR shop/redact webhook fires.
• When the shop/redact webhook fires (typically 48 hours after uninstall), we hard-delete your merchant row and everything that cascades: scans, violations, billing history, Shield Max settings, digest email logs, and AI-generated artifacts.
• Database backups are retained for 7 days by Supabase. After 7 days a deleted record is gone from backups too.

Your rights

• Access: request a copy of the data we hold about your store by emailing hello@shieldkit.app.
• Deletion: uninstall the app — within 48 hours everything is hard-deleted by the Shopify shop/redact webhook. You can also email us to request immediate deletion.
• Correction: most settings are editable inside the app. For data you can't edit yourself (e.g. cached scan history), email us.
• GDPR / CCPA / UK GDPR: the rights above apply to residents of the EEA, UK, and California. Contact us at the email above to exercise them.

Security

Shopify OAuth tokens are encrypted at rest with AES-256-GCM before being written to the database. Database access uses Supabase's service role key, scoped server-side; the key never reaches the browser. Application traffic is HTTPS-only. We follow the principle of least privilege when requesting Shopify API scopes — see your store's Apps & sales channels page for the exact scopes ShieldKit requests.

Changes to this policy

We update this page when our practices change. The "Last updated" date at the top reflects the most recent revision. Material changes will be highlighted in the app or via a one-time email to your shop owner address.