Privacy Policy

1. Introduction

CartRank ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Shopify application and services.

2. Information We Collect

We collect and process the following types of data:

• Store Information: Store URL, domain, business name, and contact email
• Product Data: Product titles, descriptions, and categories for AI search optimization
• Tracking Data: AI search visibility metrics, competitor rankings, and query results
• User Data: Email address for reports and notifications, account preferences
• Authentication Data: OAuth tokens (encrypted), session data
• Billing Information: Subscription tier, payment status (processed by Shopify)

3. How We Use Your Information

We use your data to:

• Track your brand's visibility across AI search engines (ChatGPT, Perplexity, Gemini)
• Generate competitor analysis and benchmark reports
• Provide AI-powered growth recommendations and opportunities
• Send automated weekly email reports with visibility metrics
• Perform SEO audits and technical analysis of your website
• Maintain and improve our service quality
• Process billing and subscription management
• Provide customer support

4. Data Storage and Security

We take data security seriously:

• Encryption: All data is encrypted in transit (TLS/SSL) and at rest (AES-256)
• Access Tokens: Shopify access tokens are encrypted before database storage
• Database: Secure Neon Postgres with connection pooling and access controls
• Hosting: Vercel's secure infrastructure with SOC 2 compliance
• Authentication: OAuth 2.0 for Shopify integration, NextAuth for web app

5. Data Sharing and Third Parties

We share data only with essential service providers:

• AI Providers: OpenAI, Perplexity, and Google Gemini for visibility tracking
• Payment Processing: Shopify handles all payment transactions
• Email Service: Gmail SMTP for sending reports and notifications
• Database Hosting: Neon for secure data storage
• App Hosting: Vercel for application infrastructure

We never sell your data to third parties.

6. GDPR Compliance

We comply with GDPR requirements for EU users:

• Right to Access: Request a copy of your data at any time
• Right to Deletion: Data deletion requests honored within 48 hours
• Right to Portability: Export your data in machine-readable format
• Right to Rectification: Correct inaccurate personal data
• Right to Object: Opt-out of data processing for specific purposes

We respond to all GDPR webhook requests from Shopify automatically:

• customers/redact - Customer data deletion
• shop/redact - Complete shop data deletion
• customers/data_request - Data export requests

7. Data Retention

We retain your data for as long as your account is active. Upon app uninstallation, your data is marked as "uninstalled" but retained for 48 hours to comply with Shopify's GDPR webhook timeline. After 48 hours, or upon receiving a shop/redact webhook, all data is permanently deleted.

8. Cookies and Tracking

We use minimal cookies for essential functionality:

• Authentication cookies: To maintain your login session
• Preference cookies: To remember your settings and choices
• Analytics (optional): Google Analytics for usage metrics (if enabled)

We do not use third-party tracking cookies or advertising pixels.

9. Children's Privacy

Our service is not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such data, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or through the app. Continued use of CartRank after changes constitutes acceptance of the updated policy.

11. Contact Us

For privacy-related questions, data requests, or concerns, please contact us: