Legal

Privacy Policy

Last updated: June 09, 2026

1. Who we are

StoreRadar is a small operation that sells a one-time CSV snapshot of publicly available Shopify-store data. This policy explains two things: what data we collect from buyers, and what data is inside the product we sell.

2. Data we collect from buyers

When you buy the File, we collect:

  • Email address — collected at Stripe checkout, used to send your download link and any refund or re-issue correspondence.
  • Payment metadata — Stripe handles the card. We see only what Stripe shows us: amount, country, last four, billing email. We never see or store your full card number.
  • Download events — when the signed link is opened, we log a timestamp and IP address. This is how we detect abuse (e.g., a link being shared widely) and how we prove a delivery happened if a chargeback is filed.
  • Watermark identifier — every File we deliver is watermarked with a buyer-specific identifier embedded across the rows. This lets us trace a leaked copy back to the original buyer.

We do not run remarketing pixels, ad trackers, or session replay. Basic privacy-respecting analytics (page views, referrers) may be used to understand traffic. No third-party advertising cookies.

3. How we use buyer data

  • Deliver the File you paid for.
  • Re-issue your download link if you ask within 30 days.
  • Respond to support, refund, or legal requests.
  • Keep a record of the purchase for accounting and tax compliance.
  • Detect and respond to abuse (excessive downloads, leaked files, fraudulent chargebacks).

We do not sell buyer data. We do not add buyers to a marketing list without asking. If you bought the File you might get one follow-up email asking how it went — that's it.

4. Sub-processors

A short list:

  • Stripe — payment processing.
  • Our email provider (transactional email for download links and support replies).
  • Our hosting provider and object storage (where the signed File lives).

Each processes data on our instructions to deliver the service. Vendor names available on request.

5. Retention

  • Purchase records (email, Stripe charge ID, amount, date): retained for 7 years for tax and accounting.
  • Signed download tokens: active for 7 days, re-issuable for 30. Tokens are deleted or invalidated after that.
  • Download event logs: retained for 12 months, then deleted or aggregated.
  • Support emails: retained as long as needed to handle the conversation and any follow-up, typically up to 24 months.

6. What's inside the File

The File is a dataset about Shopify stores compiled from publicly accessible storefront pages — the same pages anyone can visit by typing the store URL into a browser. Typical fields include:

  • Store domain, store name, and storefront metadata
  • Public business contact information posted by the store (email addresses, phone numbers from contact, about, and footer pages)
  • Tech and platform signals (apps installed, themes, payment providers, etc. as visible in public source)
  • Country, currency, language, and other public commerce signals

We do not include data that requires logging in to a Shopify admin. We do not include consumer/shopper data. The data subjects are businesses and the contact details those businesses chose to publish.

7. Legal basis (GDPR / UK GDPR)

Where the data inside the File constitutes personal data under EU/UK law (e.g., a sole-trader storefront where the business email is a personal name), we process it under legitimate interest — building a B2B dataset of publicly published business contact information — balanced against the data subject's rights, which we honor through our removal process.

For buyer data (email, payment metadata, download logs), our legal basis is contract (delivering what you paid for) and legitimate interest (fraud prevention, anti-abuse, record-keeping).

8. Your rights

If you're in the EU, UK, California, or another jurisdiction with data-subject rights, you can:

  • Access — ask what we hold about you.
  • Correct — ask us to fix inaccurate data.
  • Delete — ask us to remove your data.
  • Object — object to our processing under legitimate interest.
  • Portability — get a copy of your buyer record in a portable format.

Shopify store owners: use the dedicated form at /removal-request. It's the fastest path to having your store excluded from future snapshots.

Honest limit: we honor removal requests for future snapshots within 14 days. We cannot recall or modify copies of the File that have already been downloaded by buyers. This is a known consequence of selling data as a file rather than as a hosted API.

For any other request, email jeanro@storeradar.io.

9. International transfers

Our infrastructure and team may be located outside your country. Where applicable, transfers of personal data out of the EU/UK rely on Standard Contractual Clauses with our sub-processors.

10. Children

The product is sold to businesses and adults. It is not directed at children, and we do not knowingly collect data from anyone under 16.

11. Changes to this policy

We may update this policy over time. Material changes will be reflected in the "last updated" date at the top.

12. Contact

Privacy questions, data requests, or anything else: jeanro@storeradar.io.