← Back to App

Privacy Policy for Bharse Security Scanner

Last Updated: November 14, 2025

1. Introduction

This Privacy Policy describes how Bharse Security Scanner ("we", "our", or "the App") collects, uses, and protects information when you use our Shopify application.

2. Information We Collect

2.1 Store Information

When you install our App, we collect:

• Store domain and basic store details
• App configuration settings
• Scan preferences and schedules

2.2 Scan Data

During security scans, we analyze:

• Theme files and code
• Installed app permissions
• Script tags and third-party integrations
• Store configuration settings
• Public-facing security settings

2.3 Usage Data

We collect analytics data through PostHog to improve the App:

• Feature usage (which scans you run, reports you export)
• Session duration and frequency
• Error logs and performance metrics

3. Information We Do NOT Collect

We explicitly do not collect, access, or store:

• Customer personal information (names, addresses, emails)
• Order data or transaction details
• Payment information or credit card data
• Product inventory or pricing
• Private customer communications
• Any personally identifiable information (PII) of your customers

4. How We Use Your Information

We use collected information to:

• Perform security scans and generate reports
• Provide scan history and trend analysis
• Improve the App's features and performance
• Send notifications about critical security findings
• Provide customer support
• Ensure compliance with Shopify's requirements

5. Data Storage and Security

5.1 Storage

• Scan results are stored in encrypted databases (CockroachDB PostgreSQL)
• All data is transmitted over HTTPS/TLS
• Secrets are managed using GCP Secret Manager
• Data is stored in secure cloud infrastructure (Google Cloud Platform)

5.2 Retention

• Scan history: Retained according to your subscription plan (30 days Free, 90 days Professional, 1 year Enterprise)
• Account data: Retained while your subscription is active
• Deleted data: Permanently removed within 30 days of account deletion

5.3 Security Measures

• Industry-standard encryption at rest and in transit
• Regular security audits
• Access controls and authentication
• Automated backups
• Monitoring and intrusion detection

6. Data Sharing

We do not sell, rent, or trade your information. We may share data only:

6.1 With Service Providers

• Google Cloud Platform (hosting)
• CockroachDB (database)
• Cloudflare R2 (file storage)
• Upstash (caching)
• PostHog (analytics)

All service providers are contractually obligated to protect your data and use it only for providing services to us.

6.2 Legal Requirements

We may disclose information if required by law, court order, or to:

• Comply with legal processes
• Protect our rights and property
• Prevent fraud or security threats
• Protect user safety

7. GDPR Compliance

For users in the European Economic Area (EEA):

7.1 Your Rights

You have the right to:

• Access your personal data
• Rectify inaccurate data
• Request data deletion
• Object to data processing
• Data portability
• Withdraw consent

7.2 GDPR Webhooks

We implement Shopify's required GDPR webhooks:

• `/customers/data_request` - Provides your data
• `/customers/redact` - Deletes customer data
• `/shop/redact` - Deletes shop data

7.3 Data Processing

We process data based on:

• Your consent (installing the App)
• Contractual necessity (providing the service)
• Legitimate interest (improving the App)

8. Cookies and Tracking

We use the following tracking technologies:

• Session cookies: To maintain your login state
• Analytics cookies: PostHog for usage analytics (can be opted out)
• Performance cookies: To monitor App performance

You can control cookies through your browser settings.

9. Third-Party Links

Our App may contain links to third-party websites or services:

• We are not responsible for their privacy practices
• Review their privacy policies separately
• We do not endorse or control third-party content

10. Children's Privacy

Our App is not intended for users under 18 years of age. We do not knowingly collect information from children.

11. International Data Transfers

Your data may be transferred to and processed in:

• United States (Google Cloud Platform)
• European Union (if applicable)

We ensure appropriate safeguards are in place for international transfers.

12. Your Choices

You can:

• Access Data: Request a copy of your scan data
• Delete Data: Uninstall the App to delete all data
• Opt-Out Analytics: Contact us to disable PostHog tracking
• Export Data: Download scan results as PDF/CSV/JSON
• Update Settings: Modify scan preferences in the App

13. Data Breach Notification

In the event of a data breach:

• We will notify you within 72 hours (GDPR requirement)
• Notification will include nature of breach and remediation steps
• We will report to relevant authorities as required by law

14. Changes to This Policy

We may update this Privacy Policy by:

• Posting the updated version on our website
• Notifying you via email or in-app notification
• Changes effective 30 days after notice

Continued use after changes constitutes acceptance.

15. Contact Us

For privacy-related questions or requests:

• Email: support@bharse.com
• Website: https://ss.bharse.com
• Data Subject Requests: Submit through Shopify admin or email support@bharse.com
• GDPR Requests: Use our GDPR webhook endpoints

16. Compliance

This Privacy Policy complies with:

• General Data Protection Regulation (GDPR)
• California Consumer Privacy Act (CCPA)
• Shopify's App Store requirements
• Industry best practices

---

Effective Date: November 14, 2025

Version: 1.0

By using Bharse Security Scanner, you acknowledge that you have read and understood this Privacy Policy.