Copycat Alert Privacy Policy

Effective date: May 29, 2026

This policy explains how Copycat Alert collects, uses, stores, shares, and deletes information when a Shopify merchant installs or uses the app.

Questions, support requests, or privacy requests: Contact support

Data Copycat Alert accesses

Shop information needed to operate the app, such as shop domain, installation status, OAuth session records, subscription state, usage counters, and app configuration.
Product data through Shopify `read_products`, including product title, description, images or media references, vendor, product type, tags, handle, price, status, and product URL data.
Merchant-selected protected products and merchant-entered monitored domains.
Public candidate page metadata from monitored domains, such as URLs, page titles, product-like text, image URLs, prices when visible, public page status, and scan timestamps.
Screenshots and evidence reports for pages that appear relevant to a potential match.
Support messages, audit logs, scan logs, and operational logs needed for security, troubleshooting, compliance, and billing support.

Copycat Alert does not request Shopify order, customer, checkout, payment, fulfillment, theme, or file scopes.
Copycat Alert does not request `write_products`, `write_themes`, or destructive write permissions.
Copycat Alert does not automatically submit DMCA notices, takedown requests, legal notices, or platform reports.

Data is used to authenticate shops, import selected product information, manage watch domains, run bounded scans, detect potential image reuse, copied text, visually similar products, and cloned product pages, then organize findings for merchant review.
AI model features may process limited product and candidate-page evidence to help score visual similarity or summarize why a result may need review.
Copycat Alert uses findings as potential review signals only. The app does not provide legal advice and does not confirm infringement, counterfeiting, patent violation, or any violation of rights.
Copycat Alert does not sell merchant data.

Copycat Alert may use hosting, database, email, logging, object storage, queue, screenshot, and AI model providers only as needed to operate the app.
Production infrastructure is planned for Alibaba Cloud Hong Kong. Service providers may process data in regions where they operate.
The app uses HTTPS, least-privilege Shopify scopes, environment-managed secrets, access-limited systems, and structured operational logs.

Candidate pages are planned to be retained for about 90 days. Evidence packs and screenshots are planned to be retained for about 7 days unless the merchant deletes them earlier or a different plan rule applies.
Scan logs are planned to be retained for about 30 to 90 days depending on log type and operational need.
When a shop uninstalls the app or sends a verified deletion request, Copycat Alert deletes app data unless a limited record must be kept for security, abuse prevention, legal compliance, billing, accounting, or dispute handling.
The app is configured to receive Shopify customer data request, customer redact, and shop redact compliance webhooks. Copycat Alert does not request customer data, but the webhooks remain part of Shopify compliance.

Merchants can pause or remove monitored domains, exclude protected products from scans, and request access, correction, export, or deletion of app data through the support email.
Merchants should review Copycat Alert reports as potential findings with evidence and confidence. Any legal, marketplace, or enforcement step should be decided by the merchant or qualified professionals.