Privacy Policy

Effective Date: January 1, 2025 Last Updated: January 1, 2025

Introduction

SecurEcommerce ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect information when you use our Shopify app ("App").

Information We Collect

1. Shopify Store Information

  • Store name and domain (e.g., yourstore.myshopify.com)
  • Store owner information (name, email address)
  • Shopify plan type and subscription details
  • Store access permissions as authorized by you

2. Email and Domain Security Data

  • Email domains associated with your store
  • DNS records (DMARC, SPF, A records) for security analysis
  • SSL certificate information and expiry dates
  • Domain registration information for typosquatting detection

3. Security Monitoring Data

  • Data breach information from 3rd party API
  • Suspicious website and domain variations
  • Canary token alerts and fingerprinting data
  • App security assessments for installed Shopify apps
  • Certificate transparency logs and SSL monitoring data

4. Technical Information

  • API access tokens (encrypted and securely stored)
  • Session data required for app functionality
  • Queue and scheduling data for automated security checks

How We Use Your Information

Security Monitoring Services

  • Monitor your email domains for security vulnerabilities (DMARC, SPF compliance)
  • Check for data breaches involving your email addresses
  • Detect typosquatting and clone websites targeting your brand
  • Monitor SSL certificate health and expiry
  • Assess security risks of installed Shopify apps
  • Generate security reports and alerts

App Functionality

  • Authenticate and maintain your app session
  • Schedule automated security scans
  • Send security notifications and alerts
  • Provide dashboard analytics and insights

Service Improvement

  • Analyze aggregated, anonymized data to improve our security detection algorithms
  • Enhance app performance and reliability

Data Sharing and Third Parties

Third-Party Services We Use:

  • Breach detection services: For monitoring data breaches
  • DNS analysis services: For DNS record validation and security checks
  • Domain threat assessment services: For evaluating website safety
  • Typosquatting detection services: For identifying malicious domain variations
  • Job scheduling services: For reliable automated monitoring
  • Queue management services: For processing security checks
  • Database services: For secure data storage

Data Sharing Policy:

  • We do NOT sell, rent, or trade your personal information
  • We do NOT share your data with third parties except as described in this policy
  • Third-party APIs only receive the minimum data necessary for their specific function
  • All third-party integrations are secured and comply with their respective privacy policies

Data Storage and Security

Security Measures:

  • All data is encrypted in transit using HTTPS/TLS
  • Database access is restricted and encrypted
  • API tokens are securely encrypted and stored
  • Regular security audits and monitoring
  • Access controls and authentication for all system components

Data Retention:

  • Active monitoring data is retained while your app is installed
  • Session data is automatically purged upon expiration
  • Historical security data may be retained for up to 2 years for trend analysis
  • All data is permanently deleted when you uninstall the app

Data Location:

  • Primary data storage in secure cloud infrastructure
  • Data processing occurs in compliance with applicable data protection laws

Your Rights and Controls

Access and Control:

  • View all collected data through the app dashboard
  • Manually add or remove email addresses from monitoring
  • Configure monitoring frequency and preferences
  • Request data export or deletion at any time

Data Portability:

  • Export your security monitoring data at any time
  • Receive data in machine-readable formats upon request

Account Deletion:

  • Uninstalling the app automatically triggers complete data deletion
  • All associated data is permanently removed within 30 days of uninstallation

Compliance and Legal Basis

GDPR Compliance (EU Users):

  • Legitimate Interest: Security monitoring for fraud prevention and cybersecurity
  • Consent: Where required, explicit consent is obtained for data processing
  • Data Subject Rights: Full compliance with access, rectification, erasure, and portability rights

CCPA Compliance (California Users):

  • Right to know what personal information is collected
  • Right to delete personal information
  • Right to opt-out of sale (we do not sell personal information)
  • Right to non-discrimination

Cookies and Tracking

Our app uses minimal cookies and session storage required for user authentication, session management, and app functionality. No tracking cookies or analytics cookies are used.

Children's Privacy

Our app is not intended for use by children under 13. We do not knowingly collect personal information from children under 13.

Changes to This Privacy Policy

We may update this Privacy Policy periodically. When we make changes:

  • We will update the "Last Updated" date
  • Significant changes will be communicated via email or app notification
  • Continued use of the app after changes constitutes acceptance

Contact Information

For questions, concerns, or requests regarding this Privacy Policy or your data:

Shopify App Store Compliance

This app complies with:

  • Shopify Partner Program Agreement
  • Shopify App Store Review Guidelines
  • Shopify API Terms of Service
  • Applicable data protection and privacy laws

Note: This privacy policy covers all data collection, processing, and sharing activities performed by SecurEcommerce. We are committed to transparency and user privacy in all our security monitoring services.