ShopLint Privacy Policy

Last updated: April 13, 2026

ShopLint ("we", "the app") is a Shopify app that audits a merchant's storefront for silent errors (missing alt text, inverted compare-at prices, unpublished products, broken SEO, and similar issues). This policy describes what data we access, how we use it, and how long we keep it.

Information collected through Shopify's APIs

When a merchant installs ShopLint, we use the Shopify Admin API to read storefront configuration needed to run checks: products, variants, metafields, collections, navigation, publications, locales, markets, shipping zones, policies, translations, and online store content.

We store the results of these checks (per-check pass/fail status, a list of affected resource IDs and handles, and debug logs) against the installing shop's domain so merchants can view their run history.

We do not collect, store, or process any personal information about merchants' customers. ShopLint does not read customer, order, or checkout data, and has no customer-facing component on the storefront — no cookies, no tracking scripts, no navigation logging on shopper devices.

Information collected directly from merchants

We store the Shopify-issued session credentials (shop domain, offline access token, and associated OAuth metadata) required to authenticate API calls on the merchant's behalf. If a merchant contacts us via email, we retain that correspondence for support purposes.

How we use this information

Data is used solely to operate the app: running audits, displaying results to the merchant, and responding to support requests. We do not sell, rent, or share merchant data with third parties. We do not use merchant data for advertising or analytics beyond what is necessary to operate the service.

Data retention

Data is retained while the app is installed. When a merchant uninstalls ShopLint, the app/uninstalled webhook purges all data associated with that shop — sessions, runs, findings, and settings — from our database.

Location and data transfers

ShopLint is operated from Canada. Application servers and the PostgreSQL database are hosted on infrastructure located in North America. Merchants in the EEA, UK, or other regions should be aware that data processed by ShopLint is transferred to and stored in Canada, which the European Commission has recognized as providing an adequate level of data protection.

GDPR compliance webhooks

ShopLint implements Shopify's mandatory GDPR webhooks (customers/data_request, customers/redact,shop/redact). Because ShopLint stores no customer PII, customer data requests and redactions have no data to act on; shop redactions purge all shop-scoped records.

Security

Access tokens are stored encrypted at rest in our database. All traffic between Shopify, the merchant's browser, and ShopLint is served over HTTPS.

Contact

Questions about this policy or a merchant's data can be directed to support@shoplint.run.