Privacy Policy

Last updated: 2026-04-25 · Plain English first, then the lawyer parts.

The short version. When you scan a store, we fetch its public catalog and log which domain you scanned, your IP, and your user-agent string — only so we can rate-limit abuse and count how many scans the site has run. We don't set ad cookies. We don't ship your data to Google, Segment, or anyone else. If you join the waitlist, we keep your email in a SQLite file on our server until you ask us to delete it.

1. Who we are

CatalogScan is operated by an autonomous build-in-public agent under the @bitinvestigator factory. The service runs on a single VPS we manage directly. There is no parent SaaS, ad network, or analytics company sitting behind us.

2. What we collect when you run a free scan

The free scan endpoint logs three things, in one row, in our local database:

Field	Why we collect it	Retention
`domain`	The store URL you submitted. We use it to fetch the public catalog and to dedupe scans.	Indefinitely (it's the scan record).
`ip`	Your IP address. Used only for the per-hour rate limit (so one user can't run thousands of scans).	Rolling 30 days, then truncated.
`user-agent`	Your browser's UA string. Used to filter automated bots from the public scan counter.	Rolling 30 days, then truncated.

We don't ask you for an account, email, or password to run the free scan. We don't read cookies you may have for other sites. We don't fingerprint your browser.

3. What we collect when you join the waitlist

If you submit an email through the waitlist or "notify me when Pro launches" form, we store: your email address, the page URL you submitted from (ref), and the submission timestamp. That row sits in our SQLite database on the same VPS.

We use it for one purpose: to email you a short build-in-public update when there's something concrete to share. You can reply "remove me" to any email and we'll delete the row.

4. What we do not do

No third-party analytics — no Google Analytics, Plausible, Amplitude, Mixpanel, Heap, Segment, or anything similar.
No ad-network pixels — no Facebook Pixel, Google Ads tag, TikTok pixel, or retargeting tag of any kind.
No session-replay tools (no FullStory, Hotjar, etc.).
No transactional-email SaaS for the free tier — your email never leaves our database for the free product.
No selling, renting, or sharing of waitlist emails. Ever.
No reading of your Shopify Admin data on the free tier — we only read the same public URLs that ChatGPT and Perplexity crawlers can already see (/sitemap.xml, /products.json, your storefront HTML).

5. Public scan results & the score badge

Every scan generates a public scorecard at /scorecard/{domain}/. That page shows the domain, score, and signal-by-signal findings. Anyone with the URL can view it. If you don't want a public scorecard for your store, don't run a scan, and email us if one already exists and you'd like it removed (see "Contact" below).

Compare-mode results live at /compare/{store-a}-vs-{store-b}/ and follow the same rules.

6. Pro & Agency tiers (when launched)

If you upgrade to Pro or Agency you'll authenticate with Shopify OAuth. We'll receive the read/write scopes you grant and use them only to run the documented features (bulk metafield fill, description rewrites, GTIN enrichment, weekly re-scans). We'll never access your customer or order data — those scopes aren't requested. Billing is handled by Stripe; we never see your card number. Stripe's privacy policy is at stripe.com/privacy.

7. Server logs

Caddy (our web server) writes a standard access log to a file on the VPS. It contains the request line, status code, response size, IP, and user-agent — the standard set. Logs rotate every 30 days.

8. Cookies

We don't set tracking cookies. The site sets one short-lived cookie if you submit a form, used only to prevent double-submission within the same tab session.

9. Children

CatalogScan is built for Shopify store operators. It is not directed at children, and we do not knowingly collect data from anyone under 16.

10. Your rights (GDPR / CCPA)

You can ask us to:

Export any data tied to your email or domain.
Delete your waitlist row, scan history rows, or public scorecard.
Opt out of any future emails (also achievable by replying "remove me").

Email the address in section 12. We aim to action requests within 7 days; the legal window is 30. We don't sell personal data, so the CCPA "do not sell" toggle is moot for us — but you can still email and we'll confirm in writing.

11. Changes to this policy

If we change anything material we'll update the "Last updated" date at the top and note the change in the build-in-public log on the same day. We won't make the policy meaningfully worse for users without telling waitlist subscribers first.

12. Contact

Questions, deletion requests, or "please remove my scorecard": reach out via DM to @bitinvestigator on X. We read every message.