Privacy Policy
Last updated: July 3, 2026 · Questions: hello@foundrate.co
FoundRate ("FoundRate", "we", "us", or "our") operates a Shopify application that measures whether AI shopping assistants recommend a merchant's products and provides guidance to improve that visibility. This Privacy Policy explains what information we access, why we access it, how we use and protect it, and the choices you have. By installing or using FoundRate, you agree to this Policy.
1. Who this policy covers
This Policy applies to merchants who install the FoundRate app on their Shopify store and to visitors of our website. FoundRate is a business-to-business service; we do not knowingly collect information from consumers or from anyone under the age of 16.
2. Information we access
When you install FoundRate, you grant read-only access to your product catalog (the read_products scope) through the Shopify Admin API. Specifically, we access and store:
- Product information: titles, descriptions, product types, tags, vendors, prices, image counts, inventory levels, status, and public product page URLs;
- Basic store information: store name, currency, timezone, and the contact email associated with your Shopify store;
- Scan results we generate: the search queries we test, whether an AI surface recommended your store, competitor mentions returned by the AI, and excerpts of AI responses.
We request the minimum access required to operate the service.
3. Information we do NOT collect
- We do not access, store, or process your customers' personal data.
- We do not access orders, payments, checkout, or financial information.
- We do not have write access to, or modify, your products or storefront.
- We do not sell, rent, or trade any data.
4. How we use information
- To generate realistic buyer-intent search queries from your product data;
- To check whether AI shopping surfaces recommend your store and record the results;
- To calculate your Found Rate, Completeness Score, and personalized Fix Plan;
- To send you scan-result and monitoring emails on paid plans (you can disable these);
- To operate, secure, debug, and improve the service, and to provide customer support;
- To comply with legal obligations.
We rely on the following legal bases where applicable: performance of our contract with you, our legitimate interests in operating and improving the service, and your consent where required.
5. Service providers (sub-processors)
To deliver the service, product and store data described above may be shared with the following categories of providers, solely to perform services on our behalf and under confidentiality obligations:
- AI providers (for example, OpenAI) to generate queries, run visibility checks, and analyze AI responses;
- Cloud hosting and database to run the application and store your scan results;
- Email delivery to send monitoring alerts;
- Error and performance monitoring to detect and fix technical issues.
Product descriptions are treated as untrusted input and are sanitized before being sent to AI providers. We do not permit our providers to use your data for their own purposes.
6. International data transfers
We and our service providers may process data in countries other than the one in which you are located, including the United States. Where required, we rely on appropriate safeguards (such as Standard Contractual Clauses) for such transfers.
7. Data retention and deletion
- Raw AI response excerpts are retained for up to 90 days.
- When you uninstall FoundRate, we stop all processing and permanently delete your store's data within 30 days.
- We honor Shopify's mandatory data webhooks:
customers/data_requestandcustomers/redact(we hold no customer data, so we log and acknowledge these), andshop/redact(we permanently delete all of your store's data). - You may request deletion of your data at any time by emailing hello@foundrate.co.
8. Security
We take reasonable and appropriate measures to protect your information. Your Shopify access token is encrypted at rest using AES-256-GCM, secrets are stored in a secured secrets manager, access to production systems is restricted on a need-to-know basis, and we apply least-privilege principles throughout. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.
9. Your rights
Depending on where you are located, you may have rights to access, correct, delete, or port the data we hold about your store, to object to or restrict certain processing, and to withdraw consent. Residents of the EEA/UK (under the GDPR/UK GDPR) and California (under the CCPA/CPRA) have these and additional rights, including the right not to be discriminated against for exercising them. We do not "sell" or "share" personal information as those terms are defined under California law. To exercise any right, email hello@foundrate.co; we will respond within the timeframe required by applicable law.
10. Cookies and analytics
Our website may use essential cookies and privacy-respecting analytics to understand traffic and improve the site. The embedded app itself does not use advertising cookies.
11. Changes to this policy
We may update this Policy from time to time. Material changes will be reflected by the "Last updated" date above and, where appropriate, communicated to you. Your continued use of the service after changes take effect constitutes acceptance.
12. Contact us
Questions or requests regarding this Policy or your data: hello@foundrate.co.