Privacy Policy

This policy explains what information StorefrontShield processes and why.

Effective June 23, 2026

Who we are

StorefrontShield is a service of RunMyCo Inc. You can contact us at [email protected].

Information we collect

• Scan request details: the storefront URL, email address, optional name, authorization confirmation, and request time.
• Scan evidence: public script URLs, hostnames, script fingerprints, classifications, timestamps, reports, and changes between scans.
• Abuse-prevention data: keyed cryptographic hashes derived from IP address, email address, and storefront domain. Our application does not store the raw values in its rate-limit database.
• Technical data: security, request, and operational logs processed by our infrastructure providers. Cloudflare Turnstile also processes technical signals to distinguish people from abusive automation.

How we use information

• To perform and deliver requested scans.
• To create script inventories, baselines, and change reports.
• To prevent abuse, enforce free-scan limits, and protect the service.
• To troubleshoot failures and improve classifications and reliability.
• To respond to support and business enquiries.

Service providers

We use Cloudflare for hosting, browser automation, queues, security controls, and storage; Resend to deliver transactional email; and, when enabled, Google Cloud Web Risk to check scanned public URLs for external reputation signals. These providers process information on our behalf under their own contractual and security terms.

Retention

Rate-limit records are designed to be deleted after approximately seven days. Scan evidence and baseline records may be retained while needed to deliver monitoring, compare future scans, maintain audit evidence, prevent duplicate work, or operate the service. Email delivery records may be retained by our email provider. You may ask us to delete scan and contact information associated with you.

Sharing and sale

We do not sell personal information. We disclose information only to service providers, when required by law, to protect rights and security, or as part of a corporate transaction.

Security

We use access controls, encrypted secrets, private storage, abuse controls, and limited data collection. No online service can guarantee absolute security.

Your choices

You may request access, correction, or deletion by emailing [email protected]. We may need to verify your identity or authority over the relevant storefront.

International processing

Our providers operate globally. Information may be processed outside your country, subject to applicable safeguards and provider terms.

Changes

We may update this policy as the service changes. The effective date above identifies the latest version.