Storemetry
← Storemetry

Privacy Policy

Last updated: July 2026

Introduction

This Privacy Policy explains how Storemetry (“we”, “us”) processes personal data when you use our website storemetry.com, the free store scan, or a paid ecommerce audit. We process data in accordance with the General Data Protection Regulation (GDPR) and applicable national data protection laws.

Data controller

The data controller is Storemetry. Contact: hello@storemetry.com Website: https://storemetry.com For privacy-related requests, please contact us at the email address above.

Data we collect

Free scan: • Store URL and domain of the analysed shop • Email address to deliver results • Scan results (scores, findings, technical metrics) • Request timestamp and language preference Paid audit: • Payment data (processed by Stripe; we do not store full card details) • Billing and delivery email • Full audit report (PDF) and dashboard access • Store URL, platform (Shopify/WooCommerce), and audit metadata Technical data: • IP address (hashed for consent records and security) • User agent (hashed) • Session tokens for the customer dashboard • Magic-link tokens for passwordless login • Cookie preferences (language, cookie consent)

How we use your data

We process your data to: • run the free scan and deliver results • create, deliver, and make paid audits available in the dashboard • process payments via Stripe • send you emails with results, reports, and login links • prevent abuse and maintain service security • comply with legal obligations (e.g. retention of billing records) • improve the service (aggregated, non-personal analytics only)

Legal basis (GDPR)

Art. 6(1)(a) GDPR — Consent: free scan (email + store URL), cookie consent, optional marketing communications. Art. 6(1)(b) GDPR — Contract: performance and delivery of paid audits, customer dashboard, support. Art. 6(1)(f) GDPR — Legitimate interest: security, fraud prevention, technical logs, proof of consent. Art. 6(1)(c) GDPR — Legal obligation: retention of accounting and billing data.

Sub-processors and third-party providers

We use the following service providers that may process personal data on our behalf: • Stripe — payment processing (US/EU, standard contractual clauses) • Resend — transactional emails • Anthropic — AI-assisted analysis of store data • Google PageSpeed Insights — performance measurements of public pages • Sentry — error monitoring (PII disabled by default) • Railway / Render — hosting and infrastructure We have data processing agreements (DPAs) in place with all sub-processors where required. You may request an up-to-date list at hello@storemetry.com.

International data transfers

Some of our providers are located outside the European Economic Area (EEA), particularly in the United States. Where this applies, we ensure an adequate level of protection, for example through EU Standard Contractual Clauses, adequacy decisions, or equivalent safeguards under Art. 46 GDPR.

Retention periods

Free scans: 90 days, then automatically deleted. Magic links: 7 days. Customer sessions: 30 days after expiry. Consent records: 3 years. Paid audit data: until erasure request or legal retention period (billing data may be kept longer). Server logs: up to 30 days, unless required for security incidents.

Your rights

You have the following rights: • Access (Art. 15 GDPR) • Rectification (Art. 16 GDPR) • Erasure / right to be forgotten (Art. 17 GDPR) • Restriction of processing (Art. 18 GDPR) • Data portability (Art. 20 GDPR) • Objection (Art. 21 GDPR) • Withdrawal of consent (Art. 7(3) GDPR) Erasure request: /en/privacy/erasure or email hello@storemetry.com. You also have the right to lodge a complaint with a supervisory authority.

Cookies and similar technologies

We use the following cookies: • NEXT_LOCALE — stores your language preference (essential, 1 year, SameSite=Lax) • storemetry_cookie_consent — stores your cookie choice (local browser storage) We do not use third-party tracking, advertising, or analytics cookies without your explicit consent. Further information is available in this policy and in the cookie notice on the website.

Data security

We implement appropriate technical and organisational measures to protect your data, including encryption in transit (TLS), access controls, hashing of sensitive metadata, and regular security reviews. No online service can guarantee absolute security; we continuously work to improve our safeguards.

Changes to this policy

We may update this Privacy Policy when our services or legal requirements change. The “Last updated” date at the top indicates the latest revision. Material changes will be highlighted on the website.