1. Who we are
ProductSentinel ("ProductSentinel", "we", "us", or "our") is a Shopify embedded application that monitors product prices and inventory for Shopify merchants and alerts them — or automatically restores below-cost prices — when something changes. This policy applies to our app, our website at productsentinel.com, and the services we provide through them.
For the data we process on behalf of a merchant's store, the merchant is the data controller and ProductSentinel acts as a data processor. For our own website and newsletter, ProductSentinel is the data controller.
2. Information we collect
2.1 Store and account data (via Shopify)
When a merchant installs the app through Shopify OAuth, we receive and store:
- Store information — your .myshopify.com domain, store name, primary locale, and subscription/billing status.
- Authentication tokens — the OAuth access token Shopify issues so the app can read and update the data you authorize.
- Contact details — the email address you enter in the app's settings to receive alerts.
- App configuration — your low-stock thresholds, automation toggles, and notification preferences.
2.2 Product and inventory data
To do its job, the app reads and stores product-level data from your store, including:
- Products, variants, SKUs, and prices;
- Inventory quantities and locations;
- Cost-per-item values; and
- A log of the price and inventory changes we detect and the actions we take (our activity/alert history).
ProductSentinel is built to watch your own store's catalog and stock. It is not a buyer-facing tool and does not monitor competitors.
2.3 Customer personal data
ProductSentinel's core features operate on products, prices, and inventory — not on your shoppers' personal data. We do not request the read_customers scope and do not store customer names, addresses, or order contents. The only customer-related data we may process are the identifiers contained in Shopify's mandatory GDPR compliance webhooks (see Section 9), which we handle to honor data requests and erasure.
2.4 Website and newsletter data
- If you submit your email address through the form on our website, we store that address to send you product updates and protection tips. You can unsubscribe at any time.
- Like most websites, our hosting and CDN providers automatically process standard technical data (such as IP address, browser type, and request logs) to deliver and secure the site.
3. How we use information
We use the data above to:
- Monitor your prices and inventory in real time and detect below-cost prices or low stock;
- Send you alert emails and, where you have enabled it, automatically restore a price you previously set;
- Keep your cost data in sync with Shopify;
- Provide your dashboard, products view, and activity history;
- Operate billing and confirm your subscription status through Shopify;
- Provide support, fix bugs, and improve the app;
- Send newsletter messages you have opted into; and
- Comply with legal obligations and Shopify's platform requirements.
We do not sell your data, and we do not use it for advertising.
4. Legal bases (EEA/UK)
Where the GDPR or UK GDPR applies, we rely on the following legal bases:
- Performance of a contract — to provide the app and its monitoring features to the merchant.
- Legitimate interests — to secure, maintain, and improve our service.
- Consent — for newsletter emails, which you can withdraw at any time.
- Legal obligation — to meet record-keeping and platform-compliance requirements.
5. How we share data & subprocessors
We do not sell your information. We share it only with the service providers ("subprocessors") we use to run ProductSentinel, each bound to protect it:
| Provider | Purpose | Data involved |
|---|---|---|
| Shopify | App platform, OAuth, billing, GDPR webhooks | Store, product, inventory, and subscription data |
| Google Cloud Platform | Application hosting & databases (Cloud Run, Datastore) | All app data described above |
| Mandrill (Mailchimp Transactional) | Sending alert & notification emails | Recipient email address and alert content |
| Cloudflare | DNS & website delivery/security | Technical request data |
We may also disclose information if required by law, to enforce our terms, or to protect the rights, safety, and security of our users and our service. If ProductSentinel is involved in a merger, acquisition, or asset sale, data may be transferred as part of that transaction; we will notify affected users.
6. Data retention
We keep store and product data for as long as the app is installed and your account is active. When you uninstall the app, Shopify revokes our access and we delete or anonymize the associated store data within 30 days, except where we must retain limited records to meet legal obligations. We act on Shopify's shop/redact webhook (sent ~48 hours after uninstall) to erase shop data. Newsletter addresses are kept until you unsubscribe.
7. Data security
We protect your data with industry-standard measures: encryption in transit (HTTPS/TLS), access tokens stored server-side and never exposed to the browser, hosting on Google Cloud's secured infrastructure, scoped access (we request only the Shopify permissions the app needs), and signature verification (HMAC) on every Shopify webhook. No method of transmission or storage is 100% secure, but we work to safeguard your information and limit who can access it.
8. International data transfers
Our infrastructure and subprocessors may process data in the United States and other countries. Where data is transferred out of the EEA, UK, or Switzerland, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses provided by our subprocessors.
9. Your rights & Shopify GDPR webhooks
Depending on where you live (for example, under the GDPR or the California CCPA/CPRA), you may have the right to access, correct, export, restrict, or delete your personal data, to object to certain processing, and to withdraw consent. To exercise these rights, contact us at [email protected]. You also have the right to lodge a complaint with your local data protection authority.
ProductSentinel implements Shopify's mandatory privacy webhooks so that requests routed through a store are honored automatically:
- customers/data_request — we compile any data we hold related to the request and provide it to the merchant.
- customers/redact — we delete any data associated with the identified customer.
- shop/redact — we delete the store's data after the app is uninstalled.
Because shoppers interact with the merchant's store rather than with us directly, individuals should usually direct privacy requests to the store they shopped with; the merchant can then route the request through Shopify to us.
10. Cookies
Our marketing website uses only the minimal cookies needed to load fonts and deliver the page; it does not run advertising or cross-site tracking cookies. Inside the embedded app, Shopify and our session layer use strictly necessary cookies to keep you authenticated and the app functioning.
11. Children's privacy
ProductSentinel is a business tool intended for merchants and is not directed to children. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us data, contact us and we will delete it.
12. Changes to this policy
We may update this policy from time to time. When we do, we will revise the "Last updated" date above and, for material changes, take reasonable steps to notify you. Your continued use of ProductSentinel after an update means you accept the revised policy.
13. Contact us
Questions, requests, or concerns about this policy or your data? Reach us at [email protected]. We aim to respond within 30 days.