GMC Checker
← Back to home

Privacy Policy

Last updated: April 21, 2026

Who We Are

GMC Checker ("we," "us," or "our") operates the website gmccheck.com and the GMC Checker Shopify app. We provide automated compliance checking for Google Merchant Center requirements. This Privacy Policy describes how we collect, use, and protect your information.

Our Commitments

  • We use Google Merchant Center access only to provide the compliance dashboard, monitoring, alerts, issue analysis, and recommendations you request.
  • Our Google Merchant Center product and feed access is read-only. We do not create, edit, delete, or upload Merchant Center products, feeds, campaigns, or account settings.
  • We do not sell Google Merchant Center data, use it for advertising, or use it to train AI models.
  • We do not store complete raw Google API responses or full Merchant Center exports. We store only the limited connection records, report records, and cached status or issue snapshots needed to operate the product.

Information We Collect

Information You Provide

  • Store URL and email address — provided when you run a compliance check or install our Shopify app.
  • Store name and contact details — retrieved from Shopify when you install the app, used to personalize your compliance report.
  • Payment information — processed securely through Shopify Billing or Polar.sh. We never store credit card details on our servers.

Information Collected Automatically

  • Website content — when you run a scan, we crawl your store's publicly accessible pages to check compliance. This includes page content, navigation structure, product pages, structured data, and policy pages.
  • Google Merchant Center data — if you connect Google Merchant Center, we access Merchant Center account identifiers, account status, account issues, product statuses, product issue details, feed health information, product report data, and performance/reporting metrics needed to show compliance and monitoring results. This is accessed via Google OAuth 2.0 using the https://www.googleapis.com/auth/content scope after your explicit consent.
  • Technical data — browser type, IP address, and pages visited on our site or app. We use this for security, debugging, analytics, and product improvement.

How We Use Your Information

  • Compliance analysis — your store content is sent to AI services (including Anthropic and OpenRouter, and OpenAI if enabled) for compliance evaluation, summaries, and fix recommendations. We do not use your content or Google Merchant Center data to train AI models.
  • Reports and alerts — we email compliance reports and score change alerts to the address you provide.
  • Google Merchant Center monitoring — we read Merchant Center product status, feed, account issue, and reporting data to identify product disapprovals, account-level issues, status changes, and Shopify/GMC mismatches.
  • Service improvement — aggregated and de-identified usage information helps us improve compliance rules and detection accuracy.
  • Support — to respond to your questions and troubleshoot issues.

Google Merchant Center Access

GMC Checker requests the Google OAuth content scope because Google's Merchant APIs expose Merchant Center account, product, feed, issue, and reporting data through that scope. We use this access for a narrow compliance and monitoring purpose.

  • Read-only product and feed use — we read Merchant Center data, but we do not create, update, delete, or upload products, feeds, campaigns, or Merchant Center settings.
  • Limited operational actions — Google may require us to register API access for your Merchant Center or subscribe to product status notifications so the dashboard can stay current. These actions do not modify your product listings, feed contents, campaigns, or account settings.
  • User-initiated review requests — if you click a request-review action in GMC Checker, we may send that specific review request to Google on your behalf. We do not request reviews without your action.
  • No advertising use — Google Merchant Center data is never sold, used for ads, transferred to advertising platforms, or used to profile users outside GMC Checker.
  • Google policy compliance — GMC Checker's use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy including the Limited Use requirements.

Sharing, Transfer, and Disclosure of Google User Data

In this Privacy Policy, "Google user data" means Google Merchant Center data we receive through Google APIs after you connect your account. We share, transfer, or disclose Google user data only as described below, and only to provide, secure, maintain, or improve GMC Checker.

  • Google — to call Merchant Center APIs, maintain OAuth access, revoke tokens, subscribe to product status notifications, register API access when Google requires it, and submit a review request only when you initiate that action.
  • Cloud hosting, database, storage, and worker providers — Vercel, Supabase/PostgreSQL, Supabase Storage, Trigger.dev, and backend worker infrastructure process limited Google user data so GMC Checker can store encrypted tokens, run syncs and scans, cache status snapshots, and display your dashboard.
  • Email delivery providers — Resend may process report or alert content when we email Google Merchant Center status, issue, or compliance updates you request or enable.
  • AI service providers — Anthropic, OpenRouter, and OpenAI, where enabled, may process limited excerpts or derived issue/status data needed to generate summaries, recommendations, fix templates, or appeal drafts. We do not send OAuth tokens to AI providers, and Google user data is not used to train AI models.
  • Security, analytics, and diagnostics providers — PostHog, Vercel Analytics, application logs, and error diagnostics may process minimal metadata or error details needed to debug, secure, and improve the app. We do not intentionally send OAuth tokens, full raw Google API responses, or full Merchant Center exports to analytics tools.
  • Legal and safety disclosures — we may disclose information if required by law, legal process, or to protect users, GMC Checker, or the public from fraud, abuse, or security threats.

We do not share, transfer, or disclose Google user data to advertisers, data brokers, information resellers, credit-worthiness services, lenders, or other third parties for advertising, retargeting, interest-based advertising, sale, resale, lending, or unrelated profiling.

Third-Party Services

We use the following services to operate GMC Checker:

  • Google — Merchant Center API access with your OAuth consent and PageSpeed Insights for site performance checks.
  • Spider Cloud — website crawling for some Shopify/backend compliance scans. Your store's public pages may be crawled to gather content for analysis.
  • Anthropic, OpenRouter, and OpenAI — AI-assisted analysis, summaries, fix templates, and appeal drafts.
  • Shopify — Shopify app platform, Shopify store access, billing, and optional Shopify data connection.
  • Clerk — account authentication for the dashboard.
  • Polar.sh and Shopify Billing — payment and subscription processing.
  • Supabase and PostgreSQL database hosting — scan, report, connection, notification, and dashboard data storage.
  • Supabase Storage — private screenshot/evidence storage when a scan captures screenshots.
  • Resend — transactional email delivery for reports and alerts.
  • Trigger.dev and backend workers — background scan processing.
  • Vercel — application hosting, deployment, and web analytics.
  • PostHog — product analytics, error tracking, and session diagnostics. We use this to debug and improve the app, not for advertising.

How We Store Google Merchant Center Data

When you connect Google Merchant Center, we store only what is needed to keep the connection and dashboard working:

  • Connection data — selected Merchant Center account ID/name, connection status, last sync time, and encrypted OAuth access/refresh tokens. OAuth tokens are encrypted at rest using AES-256-GCM.
  • Cached snapshots — derived product status, product issue, account issue, mismatch, and aggregate statistics used to render the dashboard, compare changes over time, and send alerts.
  • No full raw exports — we do not keep complete raw Google API response payloads or full Merchant Center exports for separate reuse.
  • Deletion — disconnecting Google Merchant Center revokes the Google grant where possible and deletes the connection record and related cached snapshots from our dashboard database. You can also revoke access directly in your Google Account.

Data Retention

  • Dashboard sites, scans, findings, alerts, and cached GMC snapshots — retained while your account/site is active so we can show historical trends and monitoring results. Deleting a site or account removes associated dashboard records.
  • Shopify app data — retained while the Shopify app is installed. Uninstalling the app or disconnecting integrations removes the associated connection data we control.
  • One-time check reports — retained so you can access the report by its unique URL, unless you ask us to delete it.
  • Crawled page content — used during analysis. We retain report findings, scores, URLs, screenshots or evidence excerpts where needed for the report, but we do not intentionally keep a full raw copy of every crawled page after report generation.

Data Security

We implement industry-standard security measures including encrypted data transmission (TLS/SSL), encrypted OAuth token storage (AES-256-GCM), private server-side credential handling, and access controls. Sensitive credentials are not exposed in client-side code.

Your Rights

You have the right to:

  • Access — request a copy of the data we hold about your store.
  • Deletion — request deletion of your data by uninstalling the Shopify app or contacting us.
  • Disconnect — revoke GMC access at any time from within the app.
  • Revoke Google access — revoke GMC Checker's Google access from your Google Account permissions page at any time.
  • Opt out — unsubscribe from email alerts at any time.

Cookies

Our website and dashboard use cookies and similar technologies for required functionality such as authentication, session management, and interface preferences. We also use analytics and diagnostic tools, including PostHog and Vercel Analytics, to understand app usage, detect errors, and improve reliability. We do not use third-party advertising cookies.

Children's Privacy

Our service is not directed to individuals under 18. We do not knowingly collect personal information from children.

Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated date. Continued use of our service after changes constitutes acceptance.

Contact Us

If you have questions about this Privacy Policy, contact us at info@gmccheck.com.