Privacy Policy
GMC Auditor ("the App") is operated by Voidworks ("we", "us"). The App is a diagnostic tool for Shopify merchants: it compares the products in your Shopify store with the products in your Google Merchant Center account and explains discrepancies. This policy describes what data we access, how we use it, and the choices you have.
1. Information we collect
From your Shopify store
- Product catalog data: products, variants, titles, SKUs, barcodes (GTINs), prices, inventory quantities, product status, and sales-channel publication status.
- Store metadata: store name, store domain, and the email address associated with the store owner or the staff member who installs the App (used for account and alert communication).
- We do not request or read orders, customers, checkout, or payment data.
From Google (Merchant Center)
- Processed product data and statuses from your Merchant Center account via the Google Merchant API: product attributes as processed by Google (titles, prices, availability, identifiers), destination statuses, item-level issues, account-level issues, and the list of data sources feeding your account.
- Your Google OAuth tokens, which we store encrypted, so the App can refresh your audit on a schedule you control.
From this website
- If you email us for early access, we receive your email address and anything you include in the message.
- This website itself sets no tracking cookies. The App uses only the session cookies required for it to function inside the Shopify admin.
2. How we use information
- To generate your audit reports: diffing your Shopify catalog against your Merchant Center state and rendering diagnostics and fix guidance.
- To run scheduled scans and send you alert emails you have enabled (for example, when products are disapproved or drop out of Merchant Center).
- To provide support when you contact us, and to operate, secure, and improve the App.
- We do not use your data for advertising, we do not sell or rent it, and we do not use it to train machine-learning models.
3. Google API Services — Limited Use disclosure
GMC Auditor's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:
- We only use Google user data to provide and improve the App's user-facing sync-audit features.
- We do not transfer Google user data to third parties except as necessary to provide the App (see "Service providers" below), to comply with law, or as part of a merger/acquisition with prior notice to you.
- We do not use Google user data for advertising.
- Humans do not read this data except with your explicit permission (e.g., a support request), for security purposes, to comply with law, or when aggregated and anonymized for internal operations.
Note: Google's Merchant API does not offer a read-only permission scope. Although the consent screen therefore mentions management access, the App is read-only by design and does not modify your Merchant Center products, feeds, or settings.
4. Storage, security, and retention
- Data is stored on infrastructure provided by DigitalOcean. OAuth tokens are encrypted at rest; all data is transferred over TLS.
- Audit results and snapshots are retained while your account is active so you can compare scans over time.
- If you disconnect your Google account, we delete your Google tokens and stop all Google data access. If you uninstall the App, we delete your store's data, including stored audit results and snapshots, within 30 days (and sooner on request). We honor Shopify's data-deletion webhooks.
5. Service providers
We share data only with the processors required to run the App: DigitalOcean (hosting and storage) and our transactional email provider (alert and account emails). Each processes data on our instructions. We do not share your data with advertisers, data brokers, or other merchants.
6. Your rights
Depending on your location (including under GDPR and CCPA), you may have rights to access, correct, export, or delete your data, and to object to or restrict certain processing. Email [email protected] and we will respond within 30 days. You can also revoke the App's Google access at any time at myaccount.google.com/permissions, and remove the App from your store via the Shopify admin.
7. Children
The App and this website are business tools intended for merchants and are not directed at children under 16. We do not knowingly collect data from children.
8. Changes to this policy
If we make material changes, we will update the effective date above and notify active users by email or in-app notice before the changes take effect.
9. Contact
Voidworks · [email protected]