Privacy Policy
Short version: Contradeck reads your Shopify store's published policies, shipping configuration, and product data to detect inconsistencies. We store only what is necessary to provide the service. We do not sell your data. We do not read customer PII, orders, or payment information.
1. Who we are
Contradeck ("Contradeck", "we", "us", "our") is a Shopify application that detects inconsistencies between a merchant's published policies and actual store configuration, with the goal of reducing chargeback exposure.
For privacy-related enquiries, contact us at: [email protected]
2. What data we collect and why
Contradeck collects the minimum data necessary to deliver its service. The table below describes each data type, its source, and why it is collected.
| Data type | Source | Purpose |
|---|---|---|
| Store domain | Shopify OAuth | Identify and associate your store with your Contradeck account |
| Access token | Shopify OAuth | Authenticate API requests to read your store data |
| Store email | Shopify API | Send scan alert emails (Pro plan) |
| Published policies | Shopify API | Analyse policy text for inconsistencies (refund, shipping, legal) |
| Shipping configuration | Shopify API | Compare shipping zones, rates, and free shipping thresholds against policy claims |
| Product inventory and pricing | Shopify API | Detect out-of-stock purchasable products and misleading discount tags |
| Klaviyo email templates | Klaviyo API | Detect return window mismatches between policy and transactional emails (Pro plan only) |
| Scan results | Generated by Contradeck | Display inconsistencies, risk score, and scan history in the app dashboard |
| Subscription status | Shopify Billing API | Determine which plan features are available to your store |
What we never read: Contradeck does not access order data, customer names or emails, payment information, financial records, metafields outside of the above scope, or any other data not listed in the table above.
3. Legal basis for processing (GDPR)
For merchants in the European Economic Area, our legal basis for processing your data is:
- Contract performance - processing necessary to deliver the Contradeck service you subscribed to
- Legitimate interests - maintaining service security, preventing abuse, and improving the product
- Legal obligation - where required by applicable law
4. How we store and protect your data
Your data is stored in a Supabase PostgreSQL database hosted in the European Union (Ireland, AWS eu-west-1). Access is restricted to authenticated service roles. All data is encrypted at rest and in transit (TLS 1.2+).
Access tokens are stored in encrypted form and are only used to make API calls on your behalf when you run a scan or when an automatic scan is triggered (Pro plan).
5. Data retention
- Active accounts - data is retained for the duration of your subscription
- Scan history - Starter plan retains the last 3 scans; Pro plan retains 90 days of history
- After uninstall - store data and scan results are deleted within 30 days of app uninstallation from Shopify
- Access tokens - invalidated and deleted immediately upon uninstallation
You can request earlier deletion by emailing [email protected].
6. Third-party sub-processors
We use the following third-party services to deliver Contradeck. Each is bound by appropriate data processing agreements.
| Sub-processor | Role | Location |
|---|---|---|
| Supabase | Database and storage | EU (Ireland) |
| Resend | Transactional email delivery (scan alerts) | United States |
| Shopify | Platform and billing | United States / Canada |
| Klaviyo | Email template analysis (Pro plan only, with merchant credentials) | United States |
| Vercel | Application hosting | United States / Global CDN |
We do not sell, rent, or share your data with any party not listed above.
7. Your rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
- Access - request a copy of the data we hold about your store
- Rectification - request correction of inaccurate data
- Erasure - request deletion of your data ("right to be forgotten")
- Portability - request your data in a machine-readable format
- Restriction - request that we limit processing of your data
- Objection - object to processing based on legitimate interests
To exercise any of these rights, email [email protected]. We will respond within 30 days.
8. California residents (CCPA)
California residents have the right to know what personal information we collect, to request deletion, and to opt out of the sale of personal information. Contradeck does not sell personal information. To exercise your CCPA rights, contact [email protected].
9. Shopify App Store compliance
Contradeck requests only the following Shopify API scopes:
- read_legal_policies - to read your published refund, shipping, and legal policies
- read_shipping - to read your shipping zones, rates, and free shipping configuration
- read_products - to read product inventory levels and pricing
These are read-only scopes. Contradeck cannot modify any aspect of your store.
10. Cookies and tracking
The Contradeck app (embedded in Shopify Admin) does not use analytics cookies or third-party tracking scripts. The public website (contradeck.com) does not use third-party analytics or advertising trackers.
11. Children's privacy
Contradeck is a business-to-business service intended for Shopify merchants. We do not knowingly collect data from individuals under the age of 18.
12. Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email to the store contact address on file or via a notice within the app. Continued use of Contradeck after changes are published constitutes acceptance of the updated policy.
13. Contact
For any privacy-related questions, data requests, or concerns:
- Email: [email protected]
- Website: contradeck.com