1 year.
Stored for up to 1 year, then permanently deleted on a rolling cleanup pass.
Trust & legal
Privacy policy.
Last updated May 2026. We collect the minimum data needed to operate the service. We do not sell, rent, or share your personal data for advertising.
Who we are
Who runs ClearConsent.
ClearConsent (“we”, “us”, “our”) operates the website clearconsent.app. We provide an automated privacy compliance scanning tool for small e-commerce businesses. You can reach us at [email protected].
What we collect
Data we collect.
We collect the minimum data needed to operate the Service. Every category, every field, and how long we keep it.
| Category | What we collect | How long we keep it |
|---|---|---|
| Account Identity | Business name and contact email provided through your Shopify install, plus your subscription state. You sign in through Shopify — ClearConsent does not create or store a separate password for you. | Life of account + 30 days, then permanently deleted. |
| Scan submissions URLs & results | URLs you ask us to scan, plus the trackers, cookies, and privacy signals detected on those URLs. | Up to 1 year, then permanently deleted. |
| Payment Subscription only | Subscription plan and billing state from Shopify's Billing API. We never see or store your credit card number — Shopify holds all payment details. | Life of account. |
| Shopify integration Encrypted tokens | Shop domain and access token, stored encrypted at rest with Fernet. We access only the API scopes you authorize at install time. | Life of integration. Access tokens are deleted or revoked immediately on uninstall; limited app configuration may be retained briefly according to our uninstall and redaction process. |
| Contact form Inquiry messages | Email address and message content you submit, stored to respond and follow up. | Up to 1 year. |
| Essential cookies Always active | Session cookie (HttpOnly, Secure), scan-session cookie, CSRF token. No third-party tracking. | 14 days / 24 hours / per-request. |
| Analytics cookies Opt-in only | PostHog product analytics — only loaded if you accept analytics. Pseudonymous user ID; no email, name, or other personal data is sent. | Per your cookie banner choice; revocable any time. |
| IP address Rate limiting | Used at request time to enforce rate limits and block abuse. Not associated with your account record. | Not stored long-term. |
What we do not collect.
- Customer order & product data — your store catalog stays in Shopify; we never see what visitors browse.
- Marketing attribution — no Meta Pixel, no Google Ads, no LinkedIn Insight on clearconsent.app.
- Visitor identity — no customer names, emails, order details, or full IPs; consent records may store non-identifying consent choices, timestamps, and coarse region for audit purposes.
- Credit card numbers — Shopify Billing holds those, never us.
How we use it
How we use your data.
We use your data to provide and operate the scanning service, authenticate your account and manage your subscription, respond to support requests, and prevent abuse via rate limiting.
To score how thoroughly a scanned store's privacy policy covers the required topics, ClearConsent sends substantive policy text (roughly 3,000+ characters) to our AI sub-processor Anthropic (Claude API) for automated topic-coverage grading. This applies to every scan, including the free public diagnostic; thin or unreadable pages are not sent. Per Anthropic's commercial terms, this text is not used to train models and is processed under Anthropic's Data Processing Addendum.
We do not use your data for advertising, profiling, or any purpose beyond delivering the Service.
Sharing
Data sharing.
No sale, no rent, no share for advertising
We do not sell, rent, or share your personal data for advertising. We share limited data only with operational service providers needed to run ClearConsent, or where required by law. There is no second tier of data flow beyond the operational sub-processors below.
Service providers we use to operate the Service are each contractually bound to process data only on our behalf. The current sub-processor list with each provider's role and primary processing location is maintained at /sub-processors.
Retention
Data retention.
Four retention windows, all enforced automatically.
Active account.
Retained while your account is active. Soft-deleted on request, permanently deleted within 30 days.
1 year.
Inquiry messages submitted via the contact form are retained for up to 1 year, then deleted.
2 years.
Administrative activity logs retained for up to 2 years. Failed-login records purged after 90 days.
Cookies
Cookies we set.
Two cookie categories on clearconsent.app — one essential, one optional. We do not use advertising cookies or any third-party tracking for ad purposes.
Always active.
Session cookie — keeps you logged in. HttpOnly, Secure, 14-day max age.
Scan-session cookie — links anonymous scans to your browser. 24-hour expiry.
CSRF token — protects against cross-site request forgery.
Opt-in only.
PostHog — only loaded if you click “Accept Analytics” on the cookie banner. Tracks anonymized page views and feature usage with a pseudonymous user ID; no email, name, or other personal data is sent. Change your preference any time via the “Cookie Preferences” link in the site footer.
Your rights
Your rights.
Depending on your location, you may have the right to do six things with the data we hold.
See what we have.
Request a copy of the personal data we hold about you. We respond within 30 days.
Delete it all.
Request deletion of your account and associated data. Soft-delete is immediate; permanent deletion follows within 30 days.
Fix what's wrong.
Update inaccurate personal data — account email, business name, anything we've stored that's drifted out of date.
Export your data.
Receive your data in a structured, machine-readable format so you can take it elsewhere.
Opt out of sale.
We do not sell your data, so there is nothing to opt out of. The right is preserved should that ever change.
Email support.
To exercise any of these rights, email [email protected]. You can also manage your email preferences at any time.
Security
How we protect your data.
Six technical safeguards, layered.
HTTPS everywhere.
All connections use TLS 1.2 or higher with HSTS enforced for two years on the primary domain.
Bcrypt hashing.
Merchants sign in through Shopify. The administrative login password is stored as a one-way bcrypt hash — plaintext passwords never touch our database or logs.
Signed cookies.
Session cookies are HMAC-signed via itsdangerous, HttpOnly, Secure in production, with a 14-day max age.
SSRF protection.
Scan submissions are validated before fetch to block private IPs, localhost, and metadata endpoints.
Rate limiting.
Per-endpoint rate limits on auth, scan, and banner-generation routes plus brute-force lockout after repeated failed logins.
Logged operations.
Sensitive operations log with request IDs to a structured log. Sentry receives error events configured to avoid unnecessary PII; PostHog receives opt-in product analytics using pseudonymous identifiers and limited usage events.
Children
Children's privacy.
The Service is not directed to children under 13. We do not knowingly collect data from children. If you believe we have, contact us and we will delete it promptly.
Changes
Changes to this policy.
We may update this Privacy Policy from time to time. The “Last updated” date at the top reflects the most recent revision. Continued use of the Service after changes constitutes acceptance. For material changes, we may provide additional notice where required.
Questions?
Reach out.
Questions about this policy, a data request, or anything else — email [email protected] or use the contact form.