Privacy Policy

Last updated: June 2026

AgencyVault ("the App") provides read-only portfolio security monitoring for Shopify agencies and their authorized client stores. This policy describes what data we process, how long we keep it, and your rights.

Data we collect

Store configuration snapshots — installed apps, script tags, and staff lists from each connected store you authorize, used to detect security findings and portfolio-wide changes.
Security findings and portfolio events — severity, category, proof snippets, and timestamps for issues detected during authorized scans.
Agency settings — billing plan, digest email, digest frequency, and per-store display names you configure in the app.
Session data — OAuth tokens required to operate as an embedded Shopify app for each connected store.

How we use data

Data is used solely to run read-only security scans, display portfolio findings in your dashboard, send digests you configure, and bill your Portfolio Monitor subscription through Shopify. We do not sell merchant or customer data, and we do not use store data for advertising.

Retention

Scan results and agency settings are retained while the App is installed on a connected store. When a store uninstalls, we delete shop data via Shopify's app/uninstalled and shop/redact webhooks. Customer-specific records are handled on customers/redact and customers/data_request compliance webhooks.

GDPR and data subject requests

We respond to Shopify mandatory compliance webhooks: customers/data_request (export), customers/redact (delete customer-linked data), and shop/redact (delete all shop data).

Contact

Questions about this policy? Email support@agencyvault.app or visit our support page.