Privacy Policy - ThemeTrace

ThemeTrace Privacy Policy

Effective date: May 26, 2026

This policy explains how ThemeTrace collects, uses, stores, shares, and deletes data when a Shopify merchant installs or uses the app.

Questions, support requests, or privacy requests: Contact support

Shop information needed to operate the app, such as shop domain, installation status, OAuth session records, and app configuration.
Theme data through Shopify Admin API `read_themes`, including theme names, file paths, file metadata, checksums, fingerprints, and limited code excerpts when needed to explain a possible finding.
Product data through `read_products` only to find an accessible product page for limited storefront runtime checks.
Storefront runtime evidence such as loaded script URLs, network signals, DOM selectors, and console errors collected during limited checks.
Support messages and operational logs when a merchant contacts ThemeTrace or when the app needs error diagnostics.

ThemeTrace does not request `write_themes` and does not edit, delete, or publish theme code.
ThemeTrace does not request order, payment, checkout, or customer read scopes for the MVP.
Full theme source code is not sent to an AI model by default.

ThemeTrace uses data to authenticate shops, run read-only theme scans, generate possible findings with evidence and confidence, create reports, operate support, and maintain security and compliance workflows.
AI model features may summarize scan evidence or limited excerpts to make reports easier to understand. Deterministic scan rules remain the source of truth.
ThemeTrace does not sell merchant data.

ThemeTrace may use hosting, database, email, logging, object storage, and AI model providers only as needed to operate the app.
Production infrastructure is planned for Alibaba Cloud Hong Kong, and service providers may process data in regions where they operate.
ThemeTrace uses least-privilege Shopify scopes, HTTPS, environment-managed secrets, and access-limited production systems.

Monthly stores keep the latest 3 scan histories, annual stores keep the latest 10, and free stores keep only the current scan summary unless upgraded.
After uninstall or a verified deletion request, ThemeTrace deletes app data unless a limited record must be kept for security, abuse prevention, legal compliance, or billing/accounting.
The app is configured to receive Shopify customer data request, customer redact, and shop redact compliance webhooks.

Merchants can request access, correction, export, or deletion of app data through the support email.
Merchants should review ThemeTrace reports as possible findings and should test any theme cleanup work on a duplicated theme with a qualified developer.