Privacy Policy

Last updated: February 17, 2026

1. Introduction

StoreStrat.ai LLC ("StoreStrat.ai," "we," "us," or "our") respects your privacy. This Privacy Policy explains how we collect, use, disclose, and protect information when you use our AI-powered revenue intelligence platform at app.storestrat.com and our marketing website at storestrat.com.

2. Information We Collect

Account Information

When you sign up, we collect your name, email address, and profile photo via Google Sign-In or Microsoft authentication. We do not store passwords — authentication is handled entirely by your identity provider (Google or Microsoft).

Commerce Platform Data

When you connect your commerce platform, we access and process store data via secure, authenticated API connections. The data collected varies by platform:

  • Shopify — Orders, customers, products, checkouts (including abandoned), and webhooks via Shop Domain and Access Token.
  • Commerce7 — Orders, customers, products, club memberships, allocations, and tasting room data via App ID, App Secret, and Tenant Slug.
  • WooCommerce — Orders, customers, products, and carts via Site URL, Consumer Key, and Consumer Secret (REST API).
  • BigCommerce — Orders, customers, products, and abandoned carts via Store Hash and API Access Token.

This data is used solely to provide our revenue intelligence services, including customer scoring, campaign targeting, analytics, and revenue forecasting.

AI Provider Configuration (BYOK)

If you provide your own AI API key for use with supported providers (OpenAI, Anthropic Claude, Google Gemini, or xAI Grok), the key is encrypted at rest using AES-256 encryption. Your API key is never logged in plaintext, shared with third parties, or used for any purpose other than generating AI content on your behalf. We also store your selected AI provider, model, and monthly spend cap preferences.

Campaign and Email Data

We store data related to email campaigns sent on your behalf, including message logs (recipient, subject, send time, status), open and click tracking events, and revenue attribution records linking email engagement to completed orders.

Usage Data

We collect information about how you interact with StoreStrat.ai, including pages viewed, features used, AI token consumption, campaign performance metrics, and session duration.

3. How We Use Your Information

We use collected information to:

  • Provide, maintain, and improve the StoreStrat.ai platform
  • Analyze your store data and generate AI-powered customer scores (CLV, churn risk, engagement)
  • Build and send automated email campaigns (abandoned cart, winback, reorder, upsell, browse abandonment, club retention)
  • Generate revenue forecasts, discount optimization recommendations, and analytics insights
  • Power the AI Campaign Builder to create custom campaigns from natural language descriptions
  • Track and attribute recovered revenue across campaigns
  • Enforce plan limits (customer count, email volume, AI credits)
  • Send you account-related notifications
  • Respond to your requests and provide customer support
  • Improve our platform using anonymized, aggregated data only

4. Data Sharing

We do not sell your personal data or your customers' data. We may share data with:

  • AI Service Providers — When generating campaign content or customer scores, we send prompts to your configured AI provider (OpenAI, Anthropic, Google, or xAI) using your API key. Prompts contain anonymized or minimal customer context needed for personalization. We do not send raw PII (e.g., full email addresses) in AI prompts.
  • Email Service Providers — To deliver campaign emails on your behalf, we use SendGrid (or similar). Recipient email addresses and email content are shared with the delivery provider as necessary to send the emails.
  • Commerce Platforms — We communicate with your connected platform (Shopify, Commerce7, WooCommerce, BigCommerce) via their APIs to sync data. Only your authenticated API credentials are used.
  • Infrastructure Providers — Hosting (Hostinger VPS), database (PostgreSQL), caching (Redis), and CDN services process data on our behalf under strict data processing agreements.
  • Legal Requirements — If required by law, court order, or governmental regulation.

5. Data Security

We implement industry-standard security measures including:

  • Encryption of data in transit (TLS 1.3) and at rest (AES-256)
  • Encrypted storage of all platform credentials and AI API keys
  • Secure Google and Microsoft OAuth authentication — no passwords stored
  • Isolated multi-tenant data architecture — each tenant's data is logically separated and inaccessible to other tenants
  • Automated database backups with 14-day retention
  • Docker container isolation for all services
  • Caddy reverse proxy with automatic HTTPS certificate management

6. Customer Data (Your Customers)

StoreStrat.ai processes data about your end customers (the people who buy from your store) as a data processor on your behalf. This data includes names, email addresses, order history, and behavioral data. You remain the data controller for your customer data. We process this data solely to provide our services to you and do not use it for our own marketing or share it with unrelated third parties.

Customer email addresses used in campaigns are stored encrypted. Customer scoring data (CLV tier, churn risk, engagement score, category affinities) is derived from order and behavioral data and stored alongside customer records.

7. Data Retention

We retain your data for as long as your account is active. Upon account deletion or subscription cancellation:

  • Customer records, campaign history, AI score logs, and analytics data are deleted within 30 days
  • Platform credentials and AI API keys are deleted immediately
  • Account information (name, email) is retained for 90 days for dispute resolution, then deleted
  • Anonymized, aggregated data may be retained indefinitely for platform improvement

8. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Export your data in a portable format
  • Object to or restrict certain processing
  • Withdraw consent where processing is based on consent

To exercise these rights, contact us.

9. Cookies and Tracking

The StoreStrat.ai marketing website (storestrat.com) uses minimal, essential cookies for analytics purposes. The StoreStrat.ai application (app.storestrat.com) uses session tokens stored in browser local storage for authentication. Email campaigns may include open-tracking pixels and click-tracking links to measure campaign performance. We do not use third-party advertising cookies or retargeting pixels.

10. Children's Privacy

StoreStrat.ai is a business-to-business service not intended for use by individuals under 18. We do not knowingly collect personal information from children.

11. International Data Transfers

Your data is processed on servers located in the United States. By using StoreStrat.ai, you consent to the transfer of your information to the United States, where data protection laws may differ from those in your country. If you are located in the European Economic Area (EEA), we rely on your consent and our legitimate interest in providing the Service as the legal basis for transfer.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email at least 30 days before taking effect. The "Last updated" date at the top reflects the most recent revision.

13. Contact Us

For privacy-related questions or requests:
StoreStrat.ai LLC
Contact Us
McKinney, Texas, United States

← Back to StoreStrat.ai