New: Re-audit deltas + Image AVIF detection now live.
StoreBoost

Legal

Privacy Policy

Last updated: June 1, 2026

StoreBoost, Inc. ('StoreBoost', 'we', 'us', 'our') respects your privacy. This Privacy Policy explains what information we collect when you visit storeboostpro.com or use our services (the 'Service'), how we use it, who we share it with, and the rights you have under laws such as the GDPR, UK GDPR and the CCPA/CPRA.

1. Who we are and how to contact us

StoreBoost, Inc. is a Delaware corporation with its registered office at 1209 N Orange St, Wilmington, DE 19801, USA. For any privacy questions, requests or complaints, email privacy@storeboostpro.com.

For EU/UK data subjects, our EU representative can be contacted at the same address.

2. Information we collect

2.1 Information you provide

  • Account data: name, email, password hash, profile photo.
  • Billing data: billing address, VAT/tax ID, last 4 digits of payment instrument (full card data is handled by our PCI-DSS compliant payment processor).
  • Support data: messages and attachments you send to our team.

2.2 Information we collect automatically

  • Device & log data: IP address, browser, OS, referrer, timestamps.
  • Usage data: pages viewed, audits run, features used, error logs.
  • Cookies & similar tech: see our Cookie Policy.

2.3 Store data (Shopify)

When you connect a Shopify store we receive read-only data through the official Shopify API such as store name, theme metadata, product, collection and page URLs, image references, installed app list, and PageSpeed/Lighthouse signals. We do not request, store or process customer PII, order data or payment information from your Shopify store.

3. How we use information (legal bases)

PurposeLegal basis (GDPR)
Provide and operate the ServiceContract (Art. 6(1)(b))
Billing, fraud prevention, taxLegal obligation, legitimate interest
Security, abuse and incident responseLegitimate interest
Product analytics & improvementLegitimate interest
Marketing emails to customersLegitimate interest (opt-out anytime)
Marketing emails to prospectsConsent

4. Sharing and sub-processors

We never sell your personal data. We share data only with vetted sub-processors who are bound by written DPAs, strictly limited to the following categories:

  • Cloud hosting & CDN
  • Database, authentication & storage
  • Payment processing
  • Transactional email delivery
  • Privacy-friendly product analytics
  • Error monitoring & observability

A current list of sub-processors is available to enterprise customers on request at legal@storeboostpro.com.

5. International transfers

Where personal data is transferred outside the EEA, UK or Switzerland, we rely on the EU Standard Contractual Clauses (2021/914) and the UK IDTA, supplemented by technical and organisational measures (encryption in transit and at rest, access controls, audit logs).

6. Retention

Account data is retained for as long as your account is active and for up to 12 months after deletion to satisfy legal, accounting and security obligations. Audit data is retained for 24 months. Server logs are retained for 30 days.

7. Your rights

Subject to applicable law you have the right to:

  • Access, correct, delete or port your personal data;
  • Restrict or object to processing;
  • Withdraw consent at any time;
  • Lodge a complaint with your supervisory authority (e.g. your national DPA, ICO, CNIL);
  • For California residents: opt out of "sharing"/"selling" (we do neither), and request a notice of collection.

Exercise any right by emailing privacy@storeboostpro.com. We respond within 30 days.

8. Security

We use TLS 1.2+ for all transport, AES-256 at rest, principle-of-least-privilege access, SSO + MFA for staff, quarterly access reviews, annual penetration tests and a 24/7 on-call rotation. See our Security page.

9. Children

The Service is not directed to children under 16 and we do not knowingly collect their data.

10. Changes to this policy

We will notify you by email and in-product banner at least 14 days before any material change takes effect.