Privacy Policy

AppstorePulse Privacy Policy

AppstorePulse "the App" provides a Shopify App Store intelligence and listing audit platform "the Service" to Shopify app developers and merchants. This Privacy Policy describes how personal information is collected, used, and shared when you use the App.

Personal Information the App Collects

When you use the App, we may collect certain information including your email address (if you subscribe to notifications), the Shopify App Store URLs you submit for auditing, and basic usage data.

We collect information using the following technologies:

• Cookies: data files that are placed on your device or computer and often include an anonymous unique identifier.
• Log files: track actions on the Site, collecting IP address, browser type, Internet service provider, referring/exit pages, and timestamps.
• Web beacons, tags, and pixels: electronic files recording browsing information.

How Do We Use Your Personal Information?

We use the collected information to:

• Provide the Service and operate the App
• Communicate with users
• Optimize or improve the App
• Provide information about products or services

Sharing Your Personal Information

We may share personal information to comply with applicable laws, respond to subpoenas or lawful requests, or protect our rights.

Google User Data (Google Analytics integration)

If you choose to connect Google Analytics, AppstorePulse requests read-only access to your Google Analytics data using the analytics.readonlyscope. We access this data for the sole purpose of displaying analytics — such as visitors, traffic sources, and conversion metrics — inside your own AppstorePulse dashboard (the "Listing Analytics" feature).

What we store: a Google OAuth refresh token, your selected Google Analytics property ID, and analytics metrics derived from your account. This information is used only to provide the Listing Analytics feature to you.

How we share, transfer, or disclose Google user data:

• We do not sell, rent, or trade your Google user data, and we never use it for advertising or any purpose unrelated to the feature you requested.
• We share Google user data only with the infrastructure sub-processors strictly necessary to operate the Service — our cloud hosting provider (Vercel Inc.) and our database provider (Neon Inc.) — who process it on our behalf under their own security and confidentiality obligations.
• We display this data only to you and the members of your own workspace; we do not disclose it to any other third party.
• We may disclose information where required to comply with applicable laws or lawful requests, or to protect our rights.

You can disconnect Google Analytics at any time from your account settings, which revokes our access, and you may request deletion of the associated data at any time.

AppstorePulse's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Shopify Partner Data (Revenue & Churn integration)

If you choose to connect your Shopify Partner account, AppstorePulse uses your Organization ID and a Partner API access token that you provide, with read-only permissions, to read your own app's financial and event data from the Shopify Partner API. We access this data for the sole purpose of calculating and displaying revenue, MRR, churn, subscriber and refund metrics inside your own AppstorePulse dashboard (the "Revenue & Churn" feature).

We only read your data — we never take actions on your account. The Partner API permission Shopify requires to read financial data is broad, but our software deliberately issues read-only queries and blocks all write operations: we do not cancel subscriptions, issue credits or refunds, modify your apps, or change anything in your Partner organization or on any merchant's store.

We do not contact your users. We never email, message, or otherwise contact the merchants or customers who install your app — neither on your behalf nor our own. Your Partner data is used strictly for your own metrics tracking and is shown only to you.

What we store: your Organization ID, the app you select to track, and the revenue/churn metrics derived from your account. Your Partner API token is encrypted at rest (AES-256-GCM) and is never exposed to your browser or to any third party.

How we share or disclose this data:

• We do not sell, rent, trade, or use your Shopify Partner data for advertising or for any purpose unrelated to the Revenue & Churn feature you requested.
• We share it only with the infrastructure sub-processors strictly necessary to operate the Service — our cloud hosting provider (Vercel Inc.) and our database provider (Neon Inc.) — who process it on our behalf under their own security and confidentiality obligations.
• We display this data only to you and the members of your own workspace; we do not disclose it to any other third party.

You can disconnect your Shopify Partner account at any time from your account settings, which immediately stops all access, and you may request deletion of the associated token and metrics at any time.

Your Rights

European residents have the right to access, correct, update, or delete personal information held by us. Requests should be directed to the contact information provided below.

We process European resident information to fulfill contracts or pursue legitimate business interests. Information may be transferred outside Europe, including to Canada and the United States.

Data Retention

We retain your information for as long as necessary to provide the Service, unless you request deletion. When you disconnect Google Analytics or delete your account, the associated Google OAuth tokens and analytics data are removed.

Data Security

We protect your information — including any Google user data — using industry-standard safeguards:

• Encryption in transit: all data is transmitted over encrypted TLS/HTTPS connections.
• Encryption at rest: data, including stored OAuth credentials, is encrypted at rest in our database.
• Access controls: access is restricted to authorized personnel on a least-privilege basis.
• Revocation & deletion: you can disconnect Google Analytics at any time (which revokes our access) and request deletion of your data, after which stored Google data and tokens are removed.

Changes

We may update this privacy policy to reflect practice changes or operational, legal, or regulatory reasons.

Contact Us

For questions or complaints regarding privacy practices, contact us:

Email: contact@matdesousa.com

Mailing Address:
The Wide Company
2 village du beauregard, 95480
Pierrelaye, FRANCE