Privacy Policy

Last updated: 2026-05-13

This Privacy Policy explains how GMC Guard ("we", "us", "our") collects, uses and protects information when you use gmcguard.ai and related services. GMC Guard is a tool that helps merchants audit their websites for Google Merchant Center misrepresentation risk. It is not an official Google product.

1. Information we collect

We collect the minimum information necessary to provide the service:

• Account details: your email address, password hash and plan type (Free or Pro).
• Audit inputs: store URLs, optional product feed files and configuration details you provide when running an audit.
• Audit outputs: generated reports, issues, screenshots and chat transcripts attached to a specific audit.
• Billing metadata (Pro): subscription status and payment provider customer IDs. We do not store full card numbers.
• Usage data: basic logs about sign‑ins, audit counts and error events to keep the service secure and reliable.

2. How we use information

We use your information to:

• Authenticate you and manage your account.
• Run audits on the URLs and feeds you provide.
• Show you previous audits, trust scores and chat history for your own reference.
• Operate billing and enforce Free vs Pro limits.
• Monitor abuse and keep the platform secure.

3. Google Merchant Center integration

GMC Guard offers an optional integration with Google Merchant Center via OAuth 2.0. If you choose to connect your Merchant Center account, the following applies:

• What we access: We request read access to your Merchant Center product listings, account status, item-level policy issues, and destination statuses via the Google Content API for Shopping scope (https://www.googleapis.com/auth/content).
• How we use it: Your Merchant Center data is used solely to generate audit reports that identify misrepresentation risks and policy issues in your account. We cross-reference your live product feed data with your website content to produce more accurate, evidence-backed audit results.
• What we do not do: We do not modify, delete, or insert products into your Merchant Center account. We do not sell, share, or use your Merchant Center data for advertising, training AI models, or any purpose other than generating your audit report.
• Token storage: OAuth access and refresh tokens are encrypted at rest using AES-256-GCM and stored securely in our database. Tokens are used only to fetch your product and account data on your behalf.
• Revoking access: You can disconnect your Merchant Center account at any time from your GMC Guard dashboard. You can also revoke access directly from your Google account at myaccount.google.com/permissions. Upon disconnection, stored tokens are deleted from our database.
• Data retention: Merchant Center snapshots (aggregated summaries of your feed data) are retained as part of your audit history. Raw product data is not stored beyond the snapshot summary. You can request deletion at any time by contacting us.

GMC Guard's use of Google user data complies with the Google API Services User Data Policy, including the Limited Use requirements.

4. Shopify integration

GMC Guard offers an optional integration with Shopify via the Shopify OAuth API. You can connect your store either from your GMC Guard profile page or by installing the GMC Guard app directly from the Shopify App Store. By connecting your Shopify store, you authorise GMC Guard to access the following read-only data:

• Store identity: store name, owner name, contact email, phone number, registered address, country, currency, and Shopify plan type.
• Products and listings: product titles, descriptions, prices, variants, tags, vendor, and product type for up to 10 sample products. We use this to detect pricing claim mismatches and prohibited product categories.
• Legal policies: the text of your refund policy, shipping policy, privacy policy, and terms of service as configured in Shopify. We use this to verify policy completeness and quality against Google Merchant Center requirements.
• Shipping zones and rates: the shipping zones, destination countries, and rate names configured in your store. We use this to check whether shipping claims on your site match your actual configurations.
• Active promotions: price rule titles, discount types and values. We use this to flag potentially misleading urgency claims or promotions that may violate GMC policies.
• Navigation menus: the item labels of your store navigation menus. We use this to verify that required policy pages are reachable from your storefront.
• Markets and locations: the countries your store sells to and your fulfilment location addresses.
• Product count: the total number of products in your store catalogue.

How we use Shopify data: All data accessed from your Shopify store is used solely to generate GMC compliance audit reports. Shopify store data is provided as verified context to our AI audit engine so it can produce more accurate, evidence-backed results than a web crawl alone.

What we do not do: We never write to, modify, delete, or insert anything into your Shopify store. We do not sell, share, or use your Shopify data for advertising, analytics resale, AI model training, or any purpose unrelated to your audit reports.

Access token storage: Your Shopify OAuth access token is stored encrypted in our database and used only to fetch store data on your behalf at audit time and during the initial connection sync.

Revoking access: You can disconnect your Shopify store at any time from the Profile page. You can also revoke access from your Shopify admin under Settings → Apps and sales channels. Upon disconnection, your access token is deleted from our database. Audit reports that already used your Shopify data are not retroactively deleted but no further data is fetched.

GDPR / merchant data deletion: If you uninstall the GMC Guard app from Shopify, we process Shopify's mandatory GDPR webhooks and delete your Shopify connection data and any associated personal data within 30 days. To request immediate deletion, contact support@gmcguard.ai.

5. AI providers and data processing

GMC Guard uses third‑party AI providers (such as OpenAI) to analyse page content and generate audit reports. We send them only the text, structured snapshot data and screenshots required to perform the audit or answer your questions in the chat. These providers process your data on our behalf under their own terms and privacy policies.

6. Data retention and deletion

We keep your account and audit data so you can review previous reports and rerun audits over time. You can request deletion of specific audits or your entire account by contacting us at support@gmcguard.ai. We may keep limited records as required for legal, accounting or fraud‑prevention reasons.

7. Cookies and local storage

We use cookies or similar technologies to:

• Keep you signed in between visits.
• Remember basic preferences.
• Measure usage patterns and conversions.

We also use third‑party analytics and tracking tools (for example, Google Analytics/Google Ads and Hitsteps) to understand how the site is used, measure marketing performance, and improve GMC Guard. These tools may collect information such as pages visited, timestamps, referrer URLs, device/browser information, and IP address (or a truncated form of it), and may set cookies or use similar technologies.

You can manage cookies in your browser settings and you may be able to limit analytics by blocking third‑party scripts (for example via content blockers). For more detail, see our Cookies & Tracking page.

8. Sharing your data

We do not sell your data. We share it only with:

• Infrastructure and analytics providers (hosting, databases, logging, AI) that help us run the product.
• Payment processors (e.g. Lemon Squeezy, Shopify Payments) to handle subscriptions and invoices.
• Authorities or third parties when required by law or to respond to a valid legal request.

9. Data security

We take reasonable technical and organisational measures to protect your data, but no online service can be 100% secure. You are responsible for choosing a strong password and keeping your login credentials safe.

10. International transfers

Depending on where you are located and where our infrastructure and service providers are based, your information may be processed in other countries. We aim to work with reputable providers and, where applicable, rely on appropriate safeguards for cross‑border transfers.

11. Contact

If you have questions about this Privacy Policy or how we handle your data, contact us at support@gmcguard.ai.

This document is provided for informational purposes only and is not legal advice. For specific obligations (for example under GDPR or other local privacy laws), you should consult with a qualified lawyer.