Store Detector Privacy Policy
Store Detector is a Shopify competitive-intelligence tool. This policy describes exactly what the extension reads, what it sends to our servers, who processes it, and what it never touches — written to match what the code actually does.
1. Who provides this extension
Store Detector is built and operated by the team behind AI Systems Club™ (aisystemsclub.com), where it is offered as a member tool. This policy applies to the Store Detector Chrome extension and its backend API. For the privacy policy covering AI Systems Club membership and website, see the AI Systems Club Privacy Policy.
2. How the extension works (so the data makes sense)
Understanding the data flow makes the rest of this policy clear:
- Detection. A background service worker inspects the HTTP response headers of pages you load to determine whether the site is a Shopify store. If it isn't, the extension stays dormant.
- Analysis. When you're on a Shopify store, a content script reads that page's public content (the DOM) to identify the store's name, products, installed apps, theme, page sections, currency, country, favicon, and SEO meta tags.
- Ingestion. That public store data is sent to our backend so it can be added to a shared master list of Shopify stores — the competitive-intelligence dataset that powers the tool for every member.
- On-demand lookups. When you open the sidebar for a store, the extension asks our backend for extra metrics about that store's domain — traffic, keywords, ad counts, and so on (see §5).
3. What the extension reads on the pages you visit
| What | How | Why |
|---|---|---|
| Response headers of pages you load | webRequest in the background worker | To detect whether a site is a Shopify store. Non-Shopify sites are ignored. |
| Public page content of Shopify stores — store name, products, apps, theme, page sections, currency, country, favicon, SEO meta tags | Content script reading the page DOM | To render the analysis sidebar and to build the shared store database. |
The extension declares broad host access (<all_urls>) because it must inspect headers on any site to tell whether it is a Shopify store. It only reads and transmits page content on Shopify storefronts — not on your bank, your email, or any non-Shopify site.
4. What we store on our servers
| Data | Purpose | Where it lives |
|---|---|---|
| Public Shopify store data (domain, store name, products, apps, theme, sections, currency, country, SEO meta) | The shared competitive-intelligence store database | Supabase, via our Cloudflare Worker store-detector-api.aios.workers.dev |
| Store screenshots / section captures | Store previews and the "clone section" feature | Cloudflare R2 object storage |
| Account: your email address | Optional member login (see §6) | Supabase Auth |
| Favorites: the store domains you star | Saving stores to your account | Supabase, scoped to your user ID |
| Diagnostic logs (only when you turn them on) | Troubleshooting (see §7) | Supabase |
5. On-demand data providers
When you open the sidebar for a store, our backend queries third-party data providers by that store's domain only — never with any of your personal data — and returns the results to you:
- Traffic & rank — SimilarWeb data via RapidAPI
- Organic keywords — DataForSEO (a premium, member-gated feature)
- Core Web Vitals — Google PageSpeed Insights / Chrome UX Report
- Domain rating — Ahrefs
- Ad activity — Meta Ad Library counts
- Social following — public follower counts
These lookups are keyed on the merchant's domain. Your identity and browsing are not shared with these providers.
6. Accounts (optional)
You can use core detection without an account. Signing in unlocks member-only features (such as organic keywords) and favorites. Login uses your email address plus a one-time code — there is no password. On success, a session token is stored locally in your browser (chrome.storage.local); the extension never holds our database keys. Premium access is verified on our server for each request against your active AI Systems Club membership. Login is limited to existing members — the extension does not create new accounts.
7. Diagnostics (off by default)
Store Detector includes a "Debug logs" toggle that is OFF by default. If you turn it on, the extension streams its own runtime logs, errors, and timing data to our backend so we can troubleshoot problems. It does not capture the contents of non-Shopify pages. Turn it off at any time in the extension settings to stop sending diagnostics.
8. What Store Detector does NOT do
- We do not sell your data — to anyone, for any purpose.
- We do not collect your general browsing history. Only the public Shopify storefronts you analyze are processed.
- We do not collect your location, health data, financial account data, or the content of your personal communications.
- We do not read or transmit page content on non-Shopify sites.
- We do not use the data for advertising or share it with ad networks.
- The extension never stores our database credentials — only your own session token lives in your browser.
9. Sub-processors
Your data — and the public store data — passes through these service providers, each with its own privacy practices:
- Cloudflare — backend Worker hosting, edge, and R2 storage. cloudflare.com/privacypolicy
- Supabase — database and authentication. supabase.com/privacy
- RapidAPI / SimilarWeb — traffic data, queried by domain. rapidapi.com/privacy
- DataForSEO — keyword data, queried by domain. dataforseo.com/privacy-policy
- Google — PageSpeed Insights / CrUX, queried by domain. policies.google.com/privacy
- Ahrefs — domain rating, queried by domain. ahrefs.com/privacy
- Meta — Ad Library counts, queried by domain. facebook.com/privacy/policy
10. Data retention
- Public store data is retained in the shared database as an evolving reference dataset. Individual store records are refreshed over time as stores are re-analyzed.
- Account data (email, favorites) is kept while your account is active. Ask us to delete it and we will (see §12).
- Diagnostic logs are kept only for troubleshooting and are not required to be retained once an issue is resolved.
11. Permissions, and why
webRequest/ host access — detect Shopify stores from response headers.scripting/activeTab— inject the sidebar and read the current store's public page.storage— remember your settings and your session token locally.tabs/windows— manage the sidebar and store previews.downloads/clipboardWrite— let you export data and copy generated prompts.alarms— schedule background refresh and cache maintenance.
12. Your choices & contact
You can uninstall the extension at any time to stop all collection, sign out to clear your local session, or turn off diagnostics in settings. To request a copy or deletion of your account data, email ceo@marcdomancie.com.
13. Changes to this policy
We'll update this page when the extension's data practices change, and revise the "last updated" date at the top. Material changes will be reflected here and, where appropriate, in the Chrome Web Store listing.