Privacy Policy
The extension cannot read your browsing. It never touches page contents, form inputs, or history. It collects browser performance metrics and public storefront signals. Your clients and audit history live in your own browser, and account data is stored in the EU (Frankfurt). Our website uses Google Analytics to count visits in aggregate; the extension itself has no analytics.
Who we are
ShopGrade provides a Chrome extension and website (shopgrade.in) that audit publicly accessible Shopify storefronts. For anything privacy-related, contact support@shopgrade.in.
What the extension does NOT collect
This matters most, so it goes first. The ShopGrade extension does not read or collect:
- The contents of pages you visit (request or response bodies)
- Anything you type: form inputs, passwords, or messages
- Your browsing history
When it audits a store, it collects the browser's own performance metrics (such as Core Web Vitals) and public storefront signals: scripts, detected apps, and page-structure information that any visitor's browser can see. It also captures screenshots of the audited store's public homepage and product page so the AI can review layout, copy and SEO. These are pages any visitor can see, never your other tabs, personal accounts, or anything you type.
Data we collect
- Account data: your email address and name, stored with Appwrite in the Frankfurt (EU) region.
- Anti-abuse device signal: a per-install identifier and a coarse SHA-256 device hash, used only to prevent free-trial farming across accounts. It is not used for tracking, profiling, or advertising.
- Usage data: your plan, billing period, monthly report-generation quota and any pay-as-you-go report credits, so we can meter the Service.
- Billing data: when you subscribe or buy report credits, we store the Paddle customer and subscription identifiers and your subscription status so we can grant your plan, renew it, apply credits, and let you manage or cancel it. Card and payment details are held by Paddle, not by us.
- Store URLs you audit: the address of the storefront being measured, needed to run the audit.
- Audit screenshots: images of the audited store's public homepage and product page, captured during an audit and sent for AI review. They show only the public storefront, with no personal data.
- Team data (Agency): if you join or run a shared workspace, we store who belongs to which team so quotas and credits can be shared. The workspace owner can see members' names and email addresses, and invitations are emailed to the address the owner enters.
We do not run third-party advertising or sell personal data. Payments, subscriptions and credit purchases are processed entirely by Paddle, our Merchant of Record. We never see or store your card number.
Where your data lives
- Leads & audit history: stored locally in your own browser's storage, on your device, not on our servers.
- Shared report links: when you create a shareable link, that report's data is stored on our backend so the link works. Delete the link and the data goes with it.
- Account & quota data: Appwrite, Frankfurt (EU).
Website analytics & cookies
Our website (shopgrade.in) uses Google Analytics 4 to understand aggregate traffic: how many people visit, which pages they view, and which channels send them. This is only used to improve the site. Google Analytics sets analytics cookies and processes data such as a randomized identifier, pages viewed, approximate location (derived from a truncated IP address that Google does not store), and device, browser and referral information.
We use Google Analytics only to measure site traffic. We do not enable its advertising features, do not build cross-site profiles, and do not combine analytics data with the account details you give us. We run no advertising or ad-targeting cookies. This applies to the website only; the extension contains no analytics and sets no cookies.
You can opt out at any time using Google's Analytics opt-out browser add-on or by blocking analytics cookies in your browser. Google's handling of this data is described in the Google Privacy Policy.
Third-party processors
We use a small set of processors, each for one job:
- Paddle: payments and billing, acting as Merchant of Record.
- Google Analytics: aggregate website-traffic measurement for shopgrade.in, without advertising features (see "Website analytics & cookies" above).
- OpenAI: audit metrics and screenshots of the audited store's public pages are sent for AI analysis when you generate a report. No personal data is included, only the public storefront and its measured signals.
- Google PageSpeed Insights API: receives the store URL to fetch real-world field data (CrUX).
- Resend: sends transactional email on our behalf: store-monitoring alerts (only if you enable monitoring) and team-workspace invitations.
- Appwrite: account storage, hosted in the Frankfurt (EU) region.
Your rights (GDPR)
Because account data is hosted in the EU, we operate with GDPR expectations regardless of where you live. You can ask us to access, correct, export, or erase your personal data at any time. We don't use your data for automated decision-making or profiling.
Deleting your account & data
Email support@shopgrade.in from your account address and we'll delete your account data. Locally stored leads and audit history are removed when you uninstall the extension or clear its browser storage. Shared report links can be deleted from within the product.
Chrome Web Store disclosure
This policy is the one referenced in our Chrome Web Store listing, and it is written to match what the extension's code actually does. The extension requests only the permissions it needs to measure storefront performance and display your scores.
Changes to this policy
If we change what we collect or how we use it, we'll update this page and note the new date at the top. Material changes will be announced by email or in the product before they take effect.
Contact
Privacy questions or requests: support@shopgrade.in