nmuaInstall StockAlert →
※  StoreMD

privacy

Last updated · May 2026

1. Who this covers

This privacy policy covers StoreMD specifically - our Shopify app for scanning and scoring product-page health, identifying conversion issues, and generating AI-powered content improvements, published by Noomua. For questions about this policy, contact us at hello@noomua.com.

2. What StoreMD accesses and stores

What we read from and write to your store. StoreMD uses the following Shopify access scopes:

  • read_products, read_product_listings - product titles, descriptions, tags, variant data, image URLs, prices, and listing state used to score each page and identify issues.
  • write_products - used only when you explicitly approve a generated improvement and choose to apply it to your store. StoreMD never changes your store content without your explicit approval.

What we store. StoreMD caches a substantial snapshot of your product catalog data in order to provide scores, track improvement over time, and serve the app without re-fetching on every view. The data we persist:

  • Your shop domain and Shopify access token (token is invalidated and nulled on uninstall).
  • Your store name.
  • Onboarding configuration - brand voice settings and target audience you provide during setup. These inform how AI-generated copy is styled.
  • Product snapshots - titles, descriptions, tags, variant data (SKUs, prices, options), image URLs, and prices for each product in your catalog at the time of the last scan.
  • Per-page health scores and the specific issues identified for each product page.
  • AI prompt run logs - records of each scoring and generation request.
  • Generated content - the improved titles and descriptions StoreMD produces, retained so you can review them before deciding whether to apply them.
  • A history of improvements you have approved and applied to your store.
  • Score snapshots over time, used to surface improvement trends.

No store-customer PII. StoreMD does not use the orders or customers scopes and does not collect or store customer names, customer email addresses, phone numbers, billing addresses, shipping addresses, or any other personally identifiable information about your end shoppers.

3. How we use your data

  • AI page scoring. Product data - titles, descriptions, tags, variant data, and image URLs - is sent to the Anthropic Claude API to evaluate each page's copy quality, SEO, trust signals, and conversion potential, and to produce a per-page health score with identified issues. This data leaves StoreMD's systems and is processed by Anthropic. See sub-processors below.
  • AI content generation. When you request improved copy for a product page, the relevant product data and your brand-voice configuration are sent to the Anthropic Claude API to generate improved titles and descriptions. Again, this data is processed by Anthropic as described below.
  • Applying improvements. When you explicitly approve a generated improvement, we use the write_products scope to update that product in your Shopify store on your instruction. StoreMD does not silently edit your store.
  • Score history. Stored scores and snapshots are used to show you how your catalog health has changed over time.
  • App improvement. Aggregate usage patterns help us understand reliability and feature priorities.

Your data is not sold and is not used for advertising. We share it only with the sub-processors listed below, to the extent required to operate the app.

4. Sub-processors

  • Shopify - app installation, OAuth authentication, and billing.
  • Supabase - database storage for all app data, including product snapshots, health scores, generated content, and action history.
  • Anthropic - AI page scoring and content generation. Product data (titles, descriptions, tags, variant data, and image URLs) is transmitted to the Anthropic Claude API at scan and generation time. Anthropic processes this data under its own privacy policy.
  • Fly.io - hosting and infrastructure for the StoreMD backend.

5. Data retention and compliance

App data is retained for as long as StoreMD is active on your store.

On uninstall. When you uninstall StoreMD, your Shopify access token is immediately invalidated and nulled. Your remaining data - product snapshots, health scores, generated content, action history, score snapshots, brand-voice config, and prompt run logs - is soft-retained briefly to support a frictionless reinstall, then permanently and irreversibly erased when Shopify fires the shop/redact webhook (typically ~48 hours after uninstall). You can request immediate, permanent deletion at any time by emailing hello@noomua.com.

GDPR. StoreMD handles Shopify's mandatory GDPR webhooks: customers/data_request, customers/redact, and shop/redact. Because we do not store customer PII, customer-data requests are honoured as confirmed no-ops. The shop/redact webhook triggers permanent deletion of all store data.

Billing is handled entirely through Shopify. No payment data ever touches StoreMD's systems.

6. Your rights

Depending on your location, you may have the right to access, correct, or delete the data we hold about your store. To exercise any of these rights, email us at hello@noomua.com and we will respond within a reasonable timeframe.

7. Changes and contact

We may update this policy as the app or legal requirements change. Material changes will be noted with an updated date at the top of this page. Continued use of StoreMD after changes are posted constitutes acceptance of the updated policy.

For privacy questions or data requests, contact hello@noomua.com. Please include “StoreMD Privacy” in your subject line.

StoreMD Terms← Back to StoreMD