Privacy Policy

Last updated: April 8, 2026

1. Introduction

RunMyStore AI ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains what data we collect, why we collect it, how we protect it, and your rights regarding your information when you use our service.

2. What We Store

We store the minimum data necessary to operate the service:

  • License key — to validate your subscription
  • Shopify OAuth access token — to connect Claude to your store on your behalf
  • Store domain (e.g., your-store.myshopify.com) — to route API requests
  • Email address — provided during purchase for license delivery

Bearer tokens are stored as SHA-256 hashes, never in plaintext.

3. What We Do NOT Store

We do not see, store, log, or retain:

  • Your products, orders, customers, or inventory data
  • Your conversations with Claude
  • Payment card details (handled entirely by Stripe)
  • Personal information beyond your email address

Store data flows directly between Shopify and Claude via our server as a pass-through. We do not cache, index, or analyze it.

4. How Data Flows

When you use RunMyStore AI, the data flow is:

  1. You send a request to Claude (e.g., "show my recent orders")
  2. Claude calls our MCP server with your bearer token
  3. Our server verifies your token
  4. Our server fetches the data from Shopify using your OAuth token
  5. The data is returned directly to Claude and displayed to you — we never see it

At no point is your store data persisted on our servers.

5. Data Security

We implement the following security measures:

  • All traffic encrypted via TLS (HTTPS)
  • OAuth 2.1 with PKCE for authentication
  • Shopify OAuth tokens scoped to minimum required permissions
  • Tiered access levels — you choose View Only, Manage, or Full Access
  • Bearer tokens stored as SHA-256 hashes

6. Third-Party Services

Our service integrates with the following third-party services, each governed by their own privacy policies:

  • Shopify — your store platform (provides the data Claude accesses)
  • Anthropic / Claude — the AI assistant you interact with
  • Stripe — payment processing (we never see your card details)

Depending on your plan, you may optionally connect additional services using your own API keys (BYOK). These may include:

  • Canva — design asset creation
  • Postiz — social media scheduling
  • Meta / Facebook — ad performance tracking
  • Google Merchant Center — product feed management
  • Twilio — WhatsApp notifications and two-way messaging
  • AI image providers — product image and mockup generation

These integrations use your own API keys — we do not store or have access to your credentials for these services. Each service is governed by their own privacy policy.

7. Data Retention & Deletion

We retain your data only while your subscription is active. When you:

  • Uninstall the Shopify app — your OAuth token and connection data are deleted within 48 hours
  • Cancel your subscription — your license is revoked and access stops immediately
  • Request data deletion — we delete all your records upon request

8. Your Rights

You have the right to:

  • Know what data we store about you (we've listed it all in Section 2)
  • Request deletion of your data at any time
  • Revoke Shopify app access at any time from your Shopify admin
  • Change your access tier by reconnecting with different scope settings

For California residents (CCPA): You have the right to know, delete, and opt-out of the sale of personal information. We do not sell personal information.

For EU/UK residents (GDPR): We process data based on legitimate interest (providing the service you purchased) and your explicit consent (granting Shopify OAuth permissions). You may withdraw consent at any time.

9. Contact Us

If you have any questions about this Privacy Policy or want to exercise your data rights, contact us at: support@runmystoreai.com