Privacy Policy

Effective date: June 9, 2026 · Last updated: June 9, 2026

SiteRemora (“SiteRemora,” “we,” “our,” “us”) provides an accessibility-audit and fix-recommendation service for Shopify stores. This policy explains what we collect, how we use it, and the rights you have over it.

1. Who This Applies To

This policy applies to merchants who install the SiteRemora app on a Shopify store. It does not apply to the shoppers visiting your storefront — SiteRemora does not place tracking code on your storefront and does not collect data about your shoppers.

2. What We Collect

We collect only what we need to provide and improve the service.

From Shopify, when you install the app

  • Your shop domain (e.g. your-store.myshopify.com) and store display name
  • An OAuth access token scoped to the permissions you grant at install (currently: read_themes, write_themes, read_products, write_products, read_content)
  • Your store's published and draft theme files, accessed only when you run a scan or apply a fix

Automatically, during normal operation

  • Public HTML of each storefront page we audit at your request
  • The findings produced by our accessibility checks (rules triggered, severity, sample HTML)
  • The theme files we patch when you click “Apply fix”
  • Backend logs (request timestamps, scan IDs, error stacks) for debugging and abuse prevention
  • The plan you are subscribed to

What you do not give us

  • Payment information — Shopify handles billing through their Billing API; we never see card numbers
  • Customer or order data — we do not request read_customers or read_orders scopes
  • Personal data about shoppers

Sign-up information

If you sign up for early access through our website, we collect your email address to contact you about availability.

3. How We Use It

  • To run the service. Scan, classify, and route accessibility findings; apply fixes when you click Apply.
  • To improve the service. Aggregate, anonymized counts of common rule failures help us tune our scanner and prioritize feature work.
  • To support you. Diagnose issues you report and respond to your messages.
  • To comply with law. Respond to lawful requests and enforce our terms.

We do not sell your data. We do not use it for advertising. We do not share it with third parties for their own purposes.

4. AI-Assisted Features

When AI-assisted features are enabled, we send the minimum content required to generate a suggestion — for example, an excerpt of the theme file containing the issue, or the public URL of an image needing alt text. Suggestions are returned to your dashboard for your review, and no change is applied to your store until you click Apply. We do not authorize our AI infrastructure to train models on your data.

5. Service Providers

We engage trusted third-party service providers to help us run SiteRemora — for example, to host our infrastructure, store data, and (when AI-assisted features are enabled) process accessibility-fix suggestions. Each provider is bound by a written data processing agreement and is only permitted to process data on our instructions.

Our application data is stored in the United States. Public storefront HTML is fetched in real time during a scan from your storefront and processed in memory before results are written to our database. We do not transfer your data to providers outside the chain described in this policy.

A current list of the specific service providers we use, along with the data they process, is available on request — email us at the address in Section 11.

6. How Long We Keep It

  • Scan results, fixes, and account settings: retained while your store has SiteRemora installed, plus 30 days after uninstall.
  • OAuth tokens: revoked immediately on uninstall.
  • Backend logs: retained for up to 30 days, then deleted.
  • Aggregated anonymous analytics: retained indefinitely (cannot be tied back to a specific store).

Shopify's GDPR webhooks (customers/data_request, customers/redact, shop/redact) are wired into SiteRemora. On a shop/redact event we permanently delete all data associated with your store within 30 days of receiving the webhook.

7. Your Rights

If your store is in the European Economic Area, the United Kingdom, California, or any other jurisdiction with comparable privacy laws, you have the right to:

  • Access the data we hold about your store
  • Request correction of inaccurate data
  • Request deletion of your data
  • Object to or restrict certain processing
  • Withdraw consent (where processing is based on consent)

To exercise any of these rights, email us at the address below. We will respond within 30 days.

8. Security

We use industry-standard safeguards: TLS for data in transit, encrypted-at-rest databases, OAuth-scoped tokens (we never see your Shopify password), and least-privilege access controls on our infrastructure. No system is perfect; if a breach occurs that affects your data, we will notify you and the relevant authorities as required by law.

9. Children's Data

SiteRemora is a business-to-business tool and is not directed at people under 16. We do not knowingly collect data about minors.

10. Changes to This Policy

We may update this policy from time to time. The “Last updated” date at the top reflects the most recent change. We will notify merchants of any material change via email or an in-app notice at least 30 days before it takes effect.

11. Contact Us

SiteRemora
Email: hello@siteremora.com

For data-protection inquiries you can also reach us at the same email — mark the subject line DPO request.