storecueGet notified

StoreCue legal

Privacy Policy

Effective: May 7, 2026·Last updated: May 7, 2026

This Privacy Policy explains how StoreCue (“we,” “our,” “the App”) collects, uses, and protects information when you install and use our Shopify application. It is written for plain-English readability and is intended to comply with the GDPR, CCPA, and Shopify’s app data privacy framework.

If you have any questions about this policy, contact us at support@tradehawkhq.com.

1. Who we are

StoreCue is a Shopify-embedded application that helps merchants generate brand-safe product FAQs from their existing product information, then publish those FAQs in formats readable by search engines and AI tools. The data controller is StoreCue, operated by the StoreCue founder.

For the purposes of GDPR and similar regulations, StoreCue is a data processor acting on behalf of the merchant (the data controller) for any merchant data we process.

2. Information we collect

We collect the minimum data needed to provide the App’s functionality.

2.1 From the merchant (you)

When you install StoreCue, we collect:

  • Shop identification data: your myshopify.com domain, your Shopify shop ID, and authentication tokens issued by Shopify so we can call the Shopify Admin API on your behalf.
  • Account contact: email address and basic profile information you authorize Shopify to share when you install the App.
  • Brand context: information you voluntarily enter into the StoreCue Brand Context settings — brand name, voice notes, use cases, restricted phrases, approved framings, return policy, warranty terms, shipping policy, support info, brand story, technology claims, and awards / press / certifications.
  • Custom questions: any product Q&A you author manually inside the App.

2.2 From the Shopify Admin API (on your behalf)

When you click “Sync products” or “Re-scan,” we read from your store via the Shopify Admin API:

  • Product data: titles, descriptions (HTML), product types, vendors, tags, status, featured images, and Shopify product IDs.
  • We do not read customer information, order data, payment data, or any other data unrelated to your product catalog.

2.3 From shoppers (your customers)

StoreCue does not collect, store, or process individual shopper / customer personal data. The App does not place tracking cookies, does not run client-side analytics on your storefront, and does not record visitor sessions.

The only surface where customer-attributable text could exist is the optional Customer Question Import feature, in which you (the merchant) may paste anonymized review or support-ticket text. That text is treated as merchant-controlled content. We do not associate it with any shopper’s Shopify customer ID.

2.4 From third-party services

When the App processes a product, we send relevant product data to:

  • Anthropic (Claude API) — to generate FAQs in your brand voice and identify search demand themes. We send: product title, description, product type, tags, your saved Brand Context, and search vocabulary observed for that product. We do not send your shop name, customer data, order data, or payment data.
  • Google Search Suggest API — to discover what shoppers search for in your product category. Queries sent are short generic phrases generated from your product type. No merchant or shopper PII is sent.

3. How we use information

  • Provide the App’s core functionality: sync products, run scans, generate FAQs, publish to Shopify metafields.
  • Authenticate your access by validating your Shopify session and authorizing API calls.
  • Improve the App by analyzing usage patterns in aggregate to debug issues and prioritize features.
  • Provide support via responses to support@tradehawkhq.com.
  • Comply with legal obligations and prevent abuse.

We do not sell your data, share it with advertisers, or use it for marketing purposes outside of StoreCue communications you have opted into.

4. Legal basis for processing (GDPR)

For users in the European Economic Area, United Kingdom, or Switzerland, our legal bases for processing are: contract performance (Article 6(1)(b)) to provide the App under our Terms; legitimate interests (Article 6(1)(f)) for security, improvement, and support; and consent (Article 6(1)(a)) where required.

5. Data sharing and processors

We share data only with the service providers we need to operate the App. Each provider is contractually required to protect your data and use it only for the agreed purpose.

  • Shopify Inc. — app hosting platform and authentication (shop domain, session tokens).
  • Anthropic — AI inference for generating FAQs (product titles, descriptions, brand context, search vocabulary).
  • Google (Search Suggest) — search demand insights (generic category seed queries).
  • Cloud hosting provider — hosting StoreCue’s application infrastructure.

We do not sell or rent your data to third parties.

6. International data transfers

StoreCue is operated from the United States. Some of our service providers also process data in the United States or other jurisdictions. When we transfer personal data outside the EEA / UK / Switzerland, we rely on Standard Contractual Clauses, adequacy decisions, or other lawful transfer mechanisms.

7. Data retention

  • Active merchants: we retain your data for as long as the App is installed.
  • Uninstall: when you uninstall, we immediately revoke our access tokens and retain your data for 48 hours in case you reinstall.
  • Full deletion: 48 hours after uninstall, Shopify sends us a shop/redact webhook. Within 30 days, we permanently delete all data associated with your shop.
  • Shopper redaction: if Shopify forwards a customers/redact request, we honor it within 30 days. As StoreCue does not store individual customer PII, we make a best-effort scrub of any merchant-pasted content that contains the customer’s identifiers.

8. Your rights

Depending on your jurisdiction, you may have rights to access, rectification, erasure, restriction, portability, objection, withdrawal of consent, and to complain to a data protection authority. Email support@tradehawkhq.com — we respond within 30 days. Shoppers of StoreCue-using merchants should contact the merchant directly.

9. Security

  • Encryption in transit (HTTPS/TLS) for all API calls.
  • Encryption at rest for production databases.
  • Restricted, logged access to production data.
  • HMAC signature verification on every Shopify webhook.
  • No raw secrets in code — credentials live in encrypted env storage.
  • Regular dependency updates to address known vulnerabilities.

10. Cookies and tracking

The StoreCue embedded admin app does not set first-party cookies on your storefront, does not run analytics or pixels on your storefront, and does not track shoppers. The Shopify Admin uses its own cookies under Shopify’s privacy framework — we do not access or augment them.

11. Children’s privacy

StoreCue is a B2B tool for Shopify merchants. It is not directed at, marketed to, or intended for use by children under 16. We do not knowingly collect data from children.

12. AI-generated content notice

StoreCue uses large language models (Claude by Anthropic) to suggest FAQ questions and draft answers. Every AI-generated suggestion is shown to you for review before publication. No content is published to your storefront without your explicit approval. We do not train or fine-tune AI models on your shop’s data.

13. Changes to this Privacy Policy

We may update this policy from time to time. We will update the “Last updated” date and notify you in the App or by email if changes are material.

14. Contact

StoreCue
Email: support@tradehawkhq.com
Web: storecue.com