Privacy Policy

Effective date: March 18, 2026

Overview

StorePulse ("the App") is operated by Optimal Works ("we", "us", or "our"). This privacy policy describes how we collect, use, store, and protect information when you install and use the App on your Shopify store. By installing the App, you agree to the practices described in this policy.

Information We Collect

When you use the App, we access the following data from your Shopify store through the Shopify Admin API:
  • Order data: order totals, refund records, creation dates, customer names, email addresses, and billing/shipping addresses
  • Product data: product status and inventory counts
  • Dispute and payout data: if available through Shopify Payments

This data is processed in real time to calculate compliance metrics and is not persisted in our database. We do not collect data from your customers directly.

Information We Store

We store only the minimum data required for the App to function:
  • Shopify session tokens: required for authenticating your store with the App
  • Per-store threshold settings: your custom compliance thresholds, configurable in the Settings page

We do not store customer personal information, payment card details, order history, or any customer-facing data in our database.

How We Use Information

Data accessed through the Shopify API is used solely to:
  • Calculate your store's compliance health score
  • Detect suspicious activity patterns (address mismatches, unusual order values, duplicate emails)
  • Generate actionable warnings and recommendations
  • Display real-time metrics on your dashboard

Data Sharing

We do not sell, rent, trade, or otherwise share your data with any third parties. Your data is never used for advertising, marketing, or profiling purposes. The only external service your data is transmitted to is Shopify's own API, from which it originates.

Cookies and Tracking

The App does not use cookies, local storage, or any tracking technologies. We do not track your browsing behavior, and we do not use any third-party analytics services within the App.

Data Retention and Deletion

  • Session tokens and store settings are retained only while the App is installed.
  • When you uninstall the App, all associated data (sessions and settings) is automatically deleted via the APP_UNINSTALLED webhook.
  • In compliance with Shopify's requirements, all remaining store data is purged within 48 hours of uninstallation via the SHOP_REDACT webhook.
  • You may also request data deletion at any time by contacting us (see Contact section below).

Your Rights

You have the right to:
  • Access: Request a copy of any data we store about your store
  • Correction: Request correction of any inaccurate data
  • Deletion: Request deletion of all your data at any time, or simply uninstall the App
  • Portability: Request your data in a machine-readable format
  • Withdraw consent: Uninstall the App at any time to revoke all data access

To exercise any of these rights, contact us at the email address listed below. We will respond within 30 days.

GDPR Compliance

For merchants and customers in the European Economic Area (EEA), we comply with the General Data Protection Regulation (GDPR). We support Shopify's mandatory GDPR webhooks:
  • Customer data request: We confirm that no customer personal data is stored in our systems
  • Customer data erasure: No action is required as we do not store customer personal data
  • Shop data erasure: All session and settings data is deleted

CCPA Compliance

For merchants in California, we comply with the California Consumer Privacy Act (CCPA). We do not sell personal information. You have the right to know what data we collect, request deletion, and opt out of any sale of personal information (though we do not sell any data). To make a CCPA request, contact us at the email address listed below.

Security

We take reasonable measures to protect your data:
  • All communication between the App and Shopify uses HTTPS/TLS encryption
  • Authentication is handled via Shopify's secure token exchange protocol
  • Database access is restricted to authenticated sessions only
  • We do not store sensitive credentials or payment information

Changes to This Policy

We may update this privacy policy from time to time. If we make material changes, we will notify you by updating the "Effective date" at the top of this page and, where possible, provide notice through the App. Your continued use of the App after changes are posted constitutes acceptance of the updated policy.

Contact

If you have questions about this privacy policy or wish to exercise your data rights, contact us at:
Optimal Works
Email: privacy@optimalworks.com