Privacy + Terms

Privacy Policy

What data we collect, where it comes from, what we do with it, and how to exercise your GDPR rights.

1. Who runs StoreRadar

StoreRadar is operated by ESGAdvisors Limited, a company registered in England & Wales ("we", "us", "StoreRadar"). For any privacy or data protection question, contact privacy@storeradar.co. We act as the data controller for customer account data and as a data controller (legitimate-interest basis) for publicly available merchant business contact data we aggregate. We have not appointed a Data Protection Officer because we are not required to under UK GDPR Article 37 — but you can reach us at the privacy address above for any data-protection matter.

2. What data we collect

From you (the customer):

• The email address you submit at Stripe Checkout.
• The contents of your filter form: vertical, price band, country, your offer description, and your ICP description.
• Stripe customer and payment metadata. Card data is handled by Stripe and never touches our servers. We store only your customer_id and subscription_id as references.

From public Shopify storefronts:

• Publicly published catalog data and store metadata: store name, currency, language, theme, installed apps detectable from public HTML, and catalog signals such as product count and average price.
• Business contact information published by the merchant on publicly accessible pages such as their contact, about, or policy pages.
• We do not access merchant admin areas, do not log into customer accounts, and do not scrape content behind authentication or paywalls.

What we do not collect: we do not use third-party advertising trackers, do not set marketing cookies, and do not run cross-site analytics. Aggregate server logs (IP, timestamp, request path) are kept for 30 days for security and debugging.

3. What data we ship to you

Each CSV row contains:

• Merchant domain and public store name.
• Shopify-native vertical classification.
• Catalog signals: product count, average price, currency.
• Technical stack fingerprint (detectable apps and theme).
• Language (ISO-639-1).
• Our internal SEO score.
• Contact email addresses extracted from publicly accessible store pages.

We do not ship personal or private data, do not sell personal browsing histories, and do not include individuals who are not publicly associated with the business.

4. Legal basis for processing (UK GDPR)

• Customer data (your account, billing, support correspondence): contractual necessity under UK GDPR Article 6(1)(b).
• Aggregated public merchant data: legitimate interests under UK GDPR Article 6(1)(f). Each business contact is sourced from publicly published storefront pages where the merchant has chosen to make that contact channel public. We have completed a Legitimate Interests Assessment balancing our processing against the rights and freedoms of data subjects; the outcome is documented and available on request to privacy@storeradar.co. Any outreach you send using StoreRadar must include an unsubscribe mechanism.
• EU customers: where you are located in the European Economic Area, processing is on the equivalent EU GDPR legal basis. ESGAdvisors Limited acts as data controller under both UK and EU GDPR for customer data.

5. Data retention

• Customer accounts: retained for the duration of your subscription plus 6 years to meet UK accounting and tax retention requirements (Companies Act 2006 and HMRC guidance). After that period, account data is deleted or anonymised.
• Merchant data in our database: re-indexed periodically. Removal requests for any indexed storefront are honoured within 30 days — email privacy@storeradar.co with the domain.
• Suppression list: contacts that have unsubscribed are stored on a suppression list and never re-included in any outbound shipped via StoreRadar.
• Server logs: 30 days.

6. Your rights (UK GDPR)

Under UK GDPR and the Data Protection Act 2018 you have the right to access, rectify, port, delete, restrict, and object to processing of your personal data, and to withdraw consent at any time where consent is the legal basis. You also have the right to object to processing carried out on a legitimate-interests basis.

To exercise any of these rights, email privacy@storeradar.co with the request. We respond within one month, as required by UK GDPR Article 12(3). You also have the right to lodge a complaint with the UK supervisory authority — the Information Commissioner's Office (ICO). EU residents may complain to their local supervisory authority.

7. Sub-processors

StoreRadar relies on the following sub-processors. All are GDPR-compliant and operate under data processing agreements with us:

• Stripe Payments Europe Ltd (Ireland) — payment processing. stripe.com/privacy
• Resend (USA) — transactional email delivery (your CSV download link, receipts, account notices).
• Google Gemini API (Ireland / USA) — drafting outreach email text. Your form input is sent as a prompt. Per Google's published policy for Gemini API, prompt content from paid API tier is not used to train Google's models.
• Render Services Inc. (USA) — application hosting.

We do not share customer data with any third party for marketing or advertising purposes.

8. International transfers

Some of our sub-processors are located in the United States or Ireland. Where personal data is transferred outside the UK, we rely on the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses, as applicable, together with the providers' own adequate technical and organisational measures. For EU-residing customers, equivalent EU Standard Contractual Clauses apply. A copy of the relevant transfer mechanism for any specific sub-processor is available on request to privacy@storeradar.co.

9. Changes to this policy

We may update this policy as the product evolves. Material changes will be emailed to active subscribers at least 14 days before they take effect. The "Last updated" date at the top of this page always reflects the most recent revision.

Terms of Service

What you're buying, what we guarantee, what we don't, and the rules of acceptable use. By paying for a StoreRadar tier you agree to these terms.

1. What you're buying

• Sample (€49 one-time): a single CSV of 100 enriched Shopify merchant rows including agent-drafted first-touch outreach text, delivered via a signed download link sent to your Stripe Checkout email once the agent has finished generating the rows (typically within minutes of payment).
• Founding (€299 / month): unlimited CSV generations during your active subscription, on-demand indexing of any Shopify storefront you request, plus access to subsequent product features (including programmatic API and closed-loop agent functionality) at no additional charge while your subscription is active — at the rate you signed up at, locked for the duration of continuous subscription.
• Pro (€699 / month): everything in Founding, plus up to 5 team seats, priority indexing queue, and custom enrichment columns on request.

2. What we guarantee

• CSV delivery within a commercially reasonable time after payment confirmation (typically minutes). If generation fails for any reason on our side, we will either re-run the generation at no charge or refund the order in full at our discretion.
• Data accuracy on a best-effort basis. Rows are derived from publicly accessible storefront data which can change at any time without notice. Sparsely-populated rows are flagged in the CSV.
• Refund policy: for monthly subscriptions, cancel at any time — your next billing period is not charged. We do not pro-rate mid-period. For one-time Sample purchases, refund requests are reviewed on a case-by-case basis when the delivered CSV materially fails to match the filters you submitted — email legal@storeradar.co. Statutory rights under the UK Consumer Contracts Regulations 2013 and equivalent EU consumer protection law are not affected.

3. What we don't guarantee

• That outbound emails drafted by the agent will achieve any specific reply rate or conversion outcome. Drafts are starting points, not finished campaigns — you remain responsible for sending and complying with applicable outbound regulations (CAN-SPAM, GDPR, etc.).
• That every indexed storefront has every field populated. Sparsely populated rows (e.g., stores without public emails) are flagged in the CSV.
• 100% uptime or that the product will not change. Features are added over time. Prices on existing subscriptions stay locked. Features on future tiers may differ.

4. Acceptable use

You may use StoreRadar data and drafted emails for outbound to Shopify merchants in compliance with applicable law. You may not:

• Resell the raw dataset to third parties without a separate license. Email us for white-label or enterprise terms.
• Use the data to harass, dox, or target individuals.
• Send bulk outbound that violates CAN-SPAM (no unsubscribe), GDPR (no legitimate interest basis), or other applicable regulations.
• Reverse-engineer or attempt to bypass rate limits.

Violation of acceptable use is grounds for termination of your subscription without refund.

5. Intellectual property

• You own the outbound emails you send using drafts derived from our CSVs.
• We own the codebase, database structure, AI prompts, and aggregated dataset.
• Drafted email text is licensed to you for your own outbound use — you may edit, rewrite, send, or discard freely. The license is non-transferable except as part of normal outbound activity.

6. Liability

StoreRadar is a product of ESGAdvisors Limited, a company registered in England & Wales. To the maximum extent permitted by law, our total liability for any claim arising out of or in connection with these terms is limited to the amount you paid us in the 12 months preceding the event giving rise to the claim. We provide the service "as is" and disclaim all implied warranties of merchantability, fitness for a particular purpose, and non-infringement to the extent permitted by law. Nothing in these terms limits or excludes liability for (i) death or personal injury caused by negligence, (ii) fraud or fraudulent misrepresentation, or (iii) any liability which cannot be limited or excluded under UK or EU consumer protection law.

7. Governing law and disputes

These terms are governed by the laws of England and Wales. Subject to mandatory consumer protection rules in your country of residence, the courts of England and Wales have exclusive jurisdiction over any dispute arising out of or in connection with these terms. EU-resident consumers retain any non-waivable rights under their local law and may use the EU Online Dispute Resolution platform at ec.europa.eu/consumers/odr.

8. Contact

Privacy and data protection: privacy@storeradar.co. Legal, billing, and refund: legal@storeradar.co. Response within 5 business days; statutory response windows (e.g., one month for UK GDPR data subject requests under Article 12(3)) are honoured separately.