Privacy Policy

Effective date: April 30, 2026

ParityGuard (“we,” “us,” or “our”) is a Shopify app operated as a sole proprietorship by Vadim Mezhibovskii. This Privacy Policy explains how we collect, use, share, and protect information when you use the ParityGuard application (“Service”), a checkout parity migration toolbox for Shopify merchants.

We are committed to transparency. This policy is written in plain English so you can understand exactly what happens with your data.

Roles under GDPR: When you install ParityGuard, you (the merchant) act as the data controller of any personal data your store collects. ParityGuard acts as a data processor on your behalf, processing data only as needed to provide the Service. A Data Processing Agreement (DPA) is available on request via support@parityguard.com.

Data We Collect

Data collected via the Shopify API

When you install ParityGuard, we request specific OAuth scopes to access the following through Shopify’s API:

  • Theme data (read_themes) — We read your store’s theme configuration to audit checkout customizations and identify migration opportunities.
  • Script tag data (read_script_tags, write_script_tags) — We read your store’s legacy ScriptTag configurations as source data for migration to Checkout Extensibility. Write access is used for demo and testing purposes only.
  • Web pixel events (write_pixels) — We deploy our web pixel extension to your storefront for checkout analytics.
  • Customer event data (read_customer_events) — This is a Shopify Protected Customer Data (PCD) scope. We read storefront analytics events from our web pixel to monitor checkout performance. We have applied for Protected Customer Data access from Shopify with a field-by-field justification, and we use only the minimum event categories needed for parity measurement. End-customer PII is not extracted from these events.

We only request the minimum scopes needed to provide our service. We do not access customer payment information, personal addresses, or order details.

Data collected directly from merchants

  • Migration patterns, rules, and deployment configurations you create within the app
  • Account information provided during Shopify OAuth authentication (store name, email)
  • Support requests and communications

Automated logging

We maintain audit trails of deployment actions, webhook receipts, and system events for operational reliability and debugging. These logs do not contain customer personal data. See “Data Retention” below for specific retention periods.

Legal Basis for Processing (GDPR)

Where the General Data Protection Regulation (GDPR) applies, we rely on the following legal bases for processing personal data:

  • Contract (Art. 6(1)(b)): Processing necessary to perform the Service you (the merchant) subscribed to — reading your theme/script configurations, classifying patterns, deploying extensions, and producing audit reports.
  • Legitimate interests (Art. 6(1)(f)): Operational logging, fraud and abuse prevention, and diagnostic telemetry. We have balanced these interests against your privacy rights and limited collection to what is strictly necessary.
  • Consent (Art. 6(1)(a)): Storefront analytics events captured by our web pixel are processed only after the end customer has granted consent via Shopify’s Customer Privacy API. You may withdraw consent at any time, and withdrawal does not affect the lawfulness of processing performed before withdrawal.
  • Legal obligation (Art. 6(1)(c)): Limited retention of records required by tax, accounting, or other applicable law.

How We Use Your Data

We use the data we collect to:

  • Analyze your checkout configuration and identify migration opportunities
  • Classify checkout patterns using automated tools, including large language models (see “Third-Party Data Transfers” below)
  • Generate parity test cases that verify migrated patterns behave identically to the originals
  • Deploy and manage checkout extensions on your behalf
  • Provide customer support and respond to inquiries
  • Maintain audit logs for operational reliability and compliance
  • Improve our service based on aggregated, anonymized usage

Pre-Transmission Sanitization (PII Redaction)

Before any merchant code, theme content, or script content is sent to a third-party LLM provider, we run it through an automated sanitizer that detects and redacts potentially sensitive values. The following categories are replaced with placeholder tokens (e.g., [REDACTED_EMAIL_1]) before transmission:

  • Email addresses
  • Phone numbers (US and international formats)
  • Credit card numbers (13–16 digits)
  • Social Security Numbers (US)
  • API keys (Stripe-style sk_live/sk_test, generic api_key)
  • OAuth access tokens (e.g., Meta CAPI EAA-prefixed)
  • API secrets (e.g., GA4 Measurement Protocol)
  • Bearer tokens

Legitimate Shopify identifiers (GIDs, product/variant/customer IDs in code context) and analytics-pixel IDs (Meta, TikTok, GA4, Pinterest, Snapchat) are protected from false-positive redaction so the LLM still receives meaningful structural context.

Third-Party Data Transfers

OpenRouter (LLM gateway)

We send merchant audit data (such as checkout scripts and metafield values) to OpenRouter, which routes our requests to specific underlying LLM providers we have selected. Data sent through OpenRouter is not persistently stored by OpenRouter and is used solely for real-time inference. OpenRouter and the underlying providers process this data under contractual terms that prohibit using customer data for model training.

The current underlying providers are:

  • OpenAI (gpt-5-mini family) — primary model for pattern classification across all pipeline phases.
  • Anthropic (Claude Sonnet 4.5) — legacy fallback model used only when classification requests to the primary model exhaust their retry budget.
  • xAI (Grok grok-code-fast-1) — used to generate parity test cases from extracted code snippets after a pattern is identified, supporting the parity verification gate that prevents regressions during migration.

Metafield values sent for classification may contain merchant-confidential business information but never include end-customer personal data. All requests are ephemeral and not retained by any provider beyond the duration of the inference call.

Shopify Billing API

Subscription payments are processed entirely through the Shopify Billing API. We do not collect, store, or process payment card details. All billing is managed within your Shopify admin.

Infrastructure Providers

We use industry-standard cloud hosting (Fly.io, primary region: United States) and managed PostgreSQL database services to operate our service. Data is encrypted in transit (TLS 1.2+) and at rest (provider-managed disk encryption).

Subprocessor List

Our current subprocessors are:

  • OpenRouter (US) — LLM request routing
  • OpenAI (US) — primary LLM inference (via OpenRouter)
  • Anthropic (US) — fallback LLM inference (via OpenRouter)
  • xAI (US) — parity test generation (via OpenRouter)
  • Fly.io (US) — application hosting and managed PostgreSQL
  • Shopify (Canada / United States) — platform APIs, OAuth, billing

We will notify merchants of material changes to this list at least thirty (30) days before a new subprocessor processes merchant data, except where a change is required by law or to maintain service continuity.

GDPR Compliance Webhooks

ParityGuard implements all three of Shopify’s mandatory privacy webhooks. Every request is HMAC-verified and acknowledged with HTTP 200 within a few seconds; the requested action is then processed asynchronously.

  • customers/data_request — When a customer submits a data access request through the merchant, we compile any data we hold about that customer (typically none, since we minimize customer-level collection) and return it to the merchant within 30 days.
  • customers/redact — When a customer requests deletion through the merchant, we delete any data associated with that customer within 30 days, except where retention is legally required.
  • shop/redact — Fired by Shopify approximately 48 hours after app uninstall. Upon receipt, we permanently delete all merchant-specific data within an additional 48 hours (see “Data Retention” below for the cumulative timeline).

Cookies and Tracking

Our web pixel extension collects checkout analytics events. This pixel is consent-gated: it respects Shopify’s Customer Privacy API and only fires tracking events after the end customer has granted consent, in compliance with GDPR and regional privacy regulations. End customers may withdraw consent at any time through the merchant’s consent banner; withdrawal stops further event collection but does not affect events already lawfully processed.

The dashboard application uses session cookies strictly for authentication. We do not use third-party advertising cookies or cross-site tracking.

Data Retention

We retain your data only as long as your ParityGuard subscription is active and for a brief period afterward:

  • On uninstall: Shopify fires the shop/redact webhook approximately 48 hours after you uninstall the app. We then delete all merchant-specific data within an additional 48 hours of receiving the webhook. Cumulative worst-case timeline from uninstall to permanent deletion is therefore approximately 96 hours.
  • Customer data deletion (customers/redact): Individual customer deletion requests are processed within 30 days of receiving the webhook, except where legal retention obligations apply.
  • Cancelled subscriptions: Deployment data for merchants who cancel without uninstalling is hard- deleted 30 days after cancellation.
  • Telemetry and rollout records: Operational telemetry is retained on a rolling 30-day window.
  • Health-check records: UI health pings are retained for 7 days and then automatically purged.
  • Diagnostic and audit evidence: Parity diagnostic artifacts and operational evidence are retained for up to 90 days. Long-term entries use hashed identifiers; merchant-specific personal data is not stored in the long-term archive.
  • Backups: Encrypted database backups are retained per our infrastructure provider’s standard retention policy (managed PostgreSQL, typical retention window of up to 30 days). Once a backup ages out, it is automatically purged. Deleted merchant data therefore disappears from live systems within 96 hours and from all backups within the additional retention window.
  • Pre-export window: If you wish to export your data before uninstalling, you may request an export at any time by emailing support@parityguard.com. We will provide a machine-readable export within 30 days.

Automated Decision-Making

ParityGuard uses automated processing (LLM classification) to categorize checkout patterns and recommend migration paths. These classifications are advisory: deployment of any pattern is gated by explicit merchant action within the dashboard. No pattern is applied to your store without your manual confirmation, and you can review or override any classification before deployment.

Because all deployment decisions remain under human control, this processing does not constitute “decisions based solely on automated processing” within the meaning of GDPR Article 22.

Your Rights

Depending on your location, you may have the following rights regarding your data under GDPR, the California Consumer Privacy Act (CCPA/CPRA), and similar US state laws (including Virginia VCDPA, Colorado CPA, Connecticut CTDPA, and Utah UCPA):

  • Access / Know: Request a copy of the data we hold about your store
  • Correction: Request correction of inaccurate data
  • Deletion / Erasure: Request deletion of your data (also happens automatically on uninstall)
  • Portability: Request your data in a machine-readable format
  • Withdraw consent: Where processing is based on consent (e.g., the web pixel), you may withdraw consent at any time without affecting the lawfulness of prior processing
  • Objection / Opt-out: Object to processing of your data for certain purposes; opt out of any “sale” or “sharing” of personal information (we do not sell or share personal information for cross-context behavioral advertising)
  • Non-discrimination: We will not discriminate against you for exercising any of these rights

To exercise any of these rights, contact us at support@parityguard.com. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

Children’s Privacy

ParityGuard is a business-to-business service for Shopify merchants and is not directed to children. We do not knowingly collect personal information from children under the age of consent in their jurisdiction (16 under GDPR, 13 under the US Children’s Online Privacy Protection Act). If you believe a child has provided us with personal data, please contact us and we will promptly delete it.

International Data Transfers

Your data is processed primarily in the United States, where our infrastructure (Fly.io) and our LLM providers (OpenRouter, OpenAI, Anthropic, xAI) operate. Shopify processes data in Canada and the United States.

For transfers from the European Economic Area, United Kingdom, or Switzerland to the United States, we rely on Standard Contractual Clauses (SCCs) and supplementary technical measures (encryption in transit and at rest, PII sanitization before any LLM transmission) where required by GDPR.

Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you through the Shopify admin dashboard or by email at least thirty (30) days before the changes take effect. The “Effective date” at the top of this page indicates when the policy was last revised.

Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

  • Email: support@parityguard.com
  • Data Controller: ParityGuard, operated as a sole proprietorship by Vadim Mezhibovskii
  • Postal address: Available on request via the support email above (sole-proprietor address withheld from public publication)