Privacy Policy — StoreMD
Last updated: April 13, 2026
What we access
StoreMD reads your store data — products, themes, apps, and script tags — to calculate your store health score and generate actionable recommendations. We only request the minimum Shopify scopes required for our diagnostic features.
Customer personal data
We do not collect or store customer personal data. StoreMD is a merchant-facing diagnostic tool and has no need for end-customer PII (names, emails, addresses, payment info).
Security & encryption
All store data is encrypted in transit (TLS 1.2+) and at rest. Shopify access tokens are encrypted with Fernet (AES-128) in our database. Our infrastructure runs on Railway and Supabase with SOC 2 compliant hosting.
Data retention & deletion
When you uninstall StoreMD from your Shopify admin, we automatically purge all data associated with your store via the GDPR shop/redact webhook (fired by Shopify 48 hours after uninstall). You may also request immediate deletion by contacting us.
Third parties
We do not sell or share your data with third parties. We use operational sub-processors (Supabase for database, Railway for hosting, Stripe for billing, Anthropic for AI analysis, Sentry for error monitoring) strictly to run the service.
Your rights
You can request access, correction, or deletion of your data at any time. Shopify-initiated GDPR webhooks (customers/data_request, customers/redact, shop/redact) are honored within the timelines required by Shopify.
Contact
Questions, requests, or concerns? Email us at altidigitech@gmail.com.