TrustMyEcom LogoTrustMyEcom

TrustMyEcom

Transparency and trust for e-commerce businesses

© 2025 TrustMyEcom. All rights reserved.

Built by @nicolocardana

Privacy Policy

Last Updated: November 12, 2025

1. Introduction

TrustMyEcom ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Shopify app and platform.

2. Information We Collect

2.1 Business Information

When you connect your Shopify store, we collect:

  • Shop name and domain
  • Business contact information
  • Business logo and branding assets
  • Website URL
  • Business category

2.2 Store Metrics (Aggregated Data Only)

We collect aggregated store-level metrics including:

  • Last 30 days revenue (USD)
  • Last 30 days order count
  • Last 30 days average order value (AOV)
  • Monthly revenue for the last 5 years (aggregated by month)
  • Last 365 days revenue (USD)
  • Store currency

Important: We do NOT collect or store individual customer data, order details, or personally identifiable information (PII) from your customers.

2.3 OAuth and Authentication Data

  • Shopify access tokens (encrypted using AES-256-GCM)
  • OAuth scopes granted (read_reports, read_orders)
  • Session data for app authentication

3. How We Use Your Information

We use the collected information to:

  • Display your business on the TrustMyEcom platform
  • Verify your business metrics for trust badges
  • Sync store metrics automatically (when connected)
  • Provide business analytics and insights
  • Maintain and improve our services
  • Communicate important updates about your account

4. Data Sharing and Disclosure

We do NOT sell, trade, or rent your business information to third parties.

We may share information only in these limited circumstances:

  • Public Display: Business name, logo, website, and verified metrics are displayed publicly on TrustMyEcom.com
  • Service Providers: We use trusted service providers (Supabase for database, Vercel for hosting) who are contractually bound to protect your data
  • Legal Requirements: When required by law, court order, or government regulation

5. Data Security

We implement industry-standard security measures:

  • AES-256-GCM encryption for Shopify access tokens
  • HTTPS/TLS encryption for all data transmission
  • Row-level security (RLS) policies in our database
  • HMAC verification for all webhook requests
  • Regular security audits and updates

6. Data Retention

  • Active Connections: We retain your data while your Shopify app is installed and active
  • After Uninstall: When you uninstall the app, your connection is marked as inactive but data is retained for potential reinstallation
  • Delisting: You can request to delist your business at any time through the app settings
  • Shop Deletion: If you delete your Shopify store entirely, all associated data is permanently deleted within 48 hours

7. Your Rights (GDPR & CCPA)

You have the right to:

  • Access: Request a copy of your data we have stored
  • Rectification: Update or correct inaccurate business information
  • Erasure: Request deletion of your business data by delisting
  • Data Portability: Request your data in a machine-readable format
  • Withdraw Consent: Uninstall the app or delist your business at any time

8. Customer Data (GDPR Compliance)

Important Notice: TrustMyEcom does NOT store individual customer data from your Shopify store. We only access and store aggregated, shop-level metrics.

When you receive a GDPR data request or deletion request from your customers:

  • We will acknowledge the request through our webhook system (as required by Shopify)
  • No customer-specific data exists in our system to provide or delete, as we do not store it

9. Cookies and Tracking

We use essential cookies for:

  • Session management and authentication
  • CSRF protection during OAuth flow
  • Shopify App Bridge functionality

We do not use third-party advertising cookies or tracking pixels.

10. Third-Party Services

We use the following third-party services:

  • Shopify: E-commerce platform (OAuth authentication, metric APIs)
  • Supabase: Database and authentication provider
  • Vercel: Web hosting and deployment platform
  • PostHog: Product analytics used to understand feature usage and improve the app.

Each of these services has its own privacy policy and security practices.

11. Children's Privacy

TrustMyEcom is a business-to-business (B2B) service and is not intended for use by individuals under 18 years of age. We do not knowingly collect data from children.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

  • Updating the "Last Updated" date at the top of this page
  • Sending an email notification to your registered email address (for material changes)
  • Displaying a notice in the Shopify app

13. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

  • Email: support@trustmye.com
  • Support: trustmye.com/support

14. Shopify-Specific Information

As a Shopify app, we comply with Shopify's API Terms of Service and App Store requirements:

  • We implement all required GDPR webhooks (data request, customer redact, shop redact)
  • We implement the app/uninstalled webhook for clean uninstallation
  • We encrypt all Shopify access tokens using industry-standard encryption
  • We verify all webhook requests using HMAC signatures
  • We respect merchant data and privacy as outlined by Shopify policies

Note: This privacy policy is designed to comply with GDPR (EU), CCPA (California), and Shopify App Store requirements. If you have specific privacy concerns or need to exercise your data rights, please contact us at support@trustmye.com.