Privacy Policy

Last updated: February 15, 2026

1. Introduction

StoreStrat LLC ("StoreStrat," "we," "us," or "our") respects your privacy. This Privacy Policy explains how we collect, use, disclose, and protect information when you use our AI-powered revenue intelligence platform and website at storestrat.com.

2. Information We Collect

Account Information

When you sign up, we collect your name, email address, and profile photo via Google Sign-In or Microsoft authentication. We do not store passwords — authentication is handled by your identity provider.

Commerce Platform Data

When you connect your Shopify or Commerce7 store, we access and process: order history, customer records (name, email, purchase history), product catalog data, and analytics/metrics. This data is accessed via secure, authenticated API connections (OAuth or API keys) and is used solely to provide our revenue intelligence services.

Usage Data

We collect information about how you interact with StoreStrat, including pages viewed, features used, campaign performance, and session duration.

AI Configuration

If you provide your own AI API key (BYOK), the key is encrypted at rest using AES-256 encryption and is never logged, shared, or used for any purpose other than generating content on your behalf.

3. How We Use Your Information

We use collected information to:

  • Provide, maintain, and improve the StoreStrat platform
  • Analyze your store data and generate revenue optimization strategies
  • Send campaign emails on your behalf (with your approval)
  • Track and attribute recovered revenue
  • Send you account-related notifications
  • Respond to your requests and provide customer support
  • Improve our AI models and platform performance (using anonymized, aggregated data only)

4. Data Sharing

We do not sell your personal data or your customers' data. We may share data with:

  • AI Service Providers — We send anonymized prompts to LLM providers (e.g., OpenAI) to generate campaign content. No customer PII is included in prompts.
  • Email Service Providers — To deliver campaign emails on your behalf (e.g., SendGrid).
  • Infrastructure Providers — Hosting, database, and CDN services that process data on our behalf under strict data processing agreements.
  • Legal Requirements — If required by law, court order, or governmental regulation.

5. Data Security

We implement industry-standard security measures including: encryption of data in transit (TLS 1.3) and at rest (AES-256), secure OAuth authentication with commerce platforms, encrypted storage of API keys and platform credentials, regular security audits and vulnerability monitoring, and isolated multi-tenant data architecture ensuring no tenant can access another's data.

6. Data Retention

We retain your data for as long as your account is active. Upon account deletion, we remove your data within 30 days, except where retention is required by law. Anonymized, aggregated data may be retained indefinitely for platform improvement purposes.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Export your data in a portable format
  • Object to or restrict certain processing
  • Withdraw consent where processing is based on consent

To exercise these rights, contact us.

8. Cookies

The StoreStrat marketing website (storestrat.com) uses minimal, essential cookies for analytics purposes. The StoreStrat application (app.storestrat.com) uses session tokens stored in browser local storage for authentication. We do not use third-party advertising cookies.

9. Children's Privacy

StoreStrat is not intended for use by individuals under 18. We do not knowingly collect personal information from children.

10. International Data Transfers

Your data may be processed on servers located in the United States. By using StoreStrat, you consent to the transfer of your information to the United States, where data protection laws may differ from those in your country.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email at least 30 days before taking effect. The "Last updated" date at the top reflects the most recent revision.

12. Contact Us

For privacy-related questions or requests:
StoreStrat LLC
Contact Us
McKinney, Texas, United States

← Back to StoreStrat