Privacy Policy

Last updated: July 3, 2026 · Questions: hello@foundrate.co

FoundRate ("FoundRate", "we", "us", or "our") operates a Shopify application that measures whether AI shopping assistants recommend a merchant's products and provides guidance to improve that visibility. This Privacy Policy explains what information we access, why we access it, how we use and protect it, and the choices you have. By installing or using FoundRate, you agree to this Policy.

1. Who this policy covers

This Policy applies to merchants who install the FoundRate app on their Shopify store and to visitors of our website. FoundRate is a business-to-business service; we do not knowingly collect information from consumers or from anyone under the age of 16.

2. Information we access

When you install FoundRate, you grant read-only access to your product catalog (the read_products scope) through the Shopify Admin API. Specifically, we access and store:

We request the minimum access required to operate the service.

3. Information we do NOT collect

4. How we use information

We rely on the following legal bases where applicable: performance of our contract with you, our legitimate interests in operating and improving the service, and your consent where required.

5. Service providers (sub-processors)

To deliver the service, product and store data described above may be shared with the following categories of providers, solely to perform services on our behalf and under confidentiality obligations:

Product descriptions are treated as untrusted input and are sanitized before being sent to AI providers. We do not permit our providers to use your data for their own purposes.

6. International data transfers

We and our service providers may process data in countries other than the one in which you are located, including the United States. Where required, we rely on appropriate safeguards (such as Standard Contractual Clauses) for such transfers.

7. Data retention and deletion

8. Security

We take reasonable and appropriate measures to protect your information. Your Shopify access token is encrypted at rest using AES-256-GCM, secrets are stored in a secured secrets manager, access to production systems is restricted on a need-to-know basis, and we apply least-privilege principles throughout. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

9. Your rights

Depending on where you are located, you may have rights to access, correct, delete, or port the data we hold about your store, to object to or restrict certain processing, and to withdraw consent. Residents of the EEA/UK (under the GDPR/UK GDPR) and California (under the CCPA/CPRA) have these and additional rights, including the right not to be discriminated against for exercising them. We do not "sell" or "share" personal information as those terms are defined under California law. To exercise any right, email hello@foundrate.co; we will respond within the timeframe required by applicable law.

10. Cookies and analytics

Our website may use essential cookies and privacy-respecting analytics to understand traffic and improve the site. The embedded app itself does not use advertising cookies.

11. Changes to this policy

We may update this Policy from time to time. Material changes will be reflected by the "Last updated" date above and, where appropriate, communicated to you. Your continued use of the service after changes take effect constitutes acceptance.

12. Contact us

Questions or requests regarding this Policy or your data: hello@foundrate.co.