PRIVACY PROTOCOL

Privacy Policy

Last updated: 2026-05-31

This Privacy Policy explains how The Nerd Brigade ("we", "us") collects, uses, and protects information in connection with our website and our Shopify application, Monitor (the "App"). By installing or using the App, you agree to this Policy.

1. Information we access through Shopify

When a merchant installs the App, Shopify grants us read-only access to the following, used solely to run store-health checks:

  • read_orders — to detect order-volume anomalies (e.g. a sudden drop versus your previous day or 7-day average).
  • read_products — to validate product pages and discover variants for cart/checkout checks.
  • read_inventory and read_locations — to validate inventory and shipping-rate checks.

We do not sell this data and do not share it except as needed to provide the service (see "Service providers" below).

2. Information you provide

  • Monitoring configuration: storefront and product URLs, thresholds, and check settings.
  • Notification recipients: names and email addresses you enter to receive alerts.
  • Integration endpoints: webhook URLs and Slack webhook URLs you choose to configure.
  • SMTP credentials (optional): if you configure your own mail server, the password is encrypted at rest using AES-256-GCM and is only decrypted server-side when sending your alerts.

3. Customer (buyer) data

The App monitors storefront health; it does not collect or process your customers' personal data for our own purposes. Order information accessed via Shopify is used in aggregate for volume monitoring and is not used to build profiles or sold to anyone.

4. How we use information

We use the information above only to operate the App: running scheduled and on-demand checks, generating alerts and uptime statistics, delivering notifications through the channels you configure, and providing support.

5. Where data is processed

The App is hosted on cloud infrastructure located in the United States, and all information is stored and processed within the United States.

6. Service providers

  • Shopify — the platform through which the App is installed and authorized.
  • U.S.-based cloud hosting & infrastructure providers — application hosting, database, and background processing.
  • Email, webhook, and Slack endpoints that you configure to receive alerts.

7. Data retention

Check results and notification logs are automatically deleted after 90 days. Your monitoring configuration is retained while the App is installed. When you uninstall the App, or upon a valid erasure request, your data is deleted in accordance with the compliance webhooks below.

8. GDPR / CCPA compliance webhooks

As required for Shopify apps, we implement Shopify's mandatory compliance webhooks:

  • customers/data_request — respond to a customer's request for their data.
  • customers/redact — delete a specific customer's data on request.
  • shop/redact — delete a shop's data after the App is uninstalled.

9. Security

Data is transmitted over HTTPS and stored on managed infrastructure. Sensitive secrets such as SMTP passwords are encrypted at rest (AES-256-GCM). No method of transmission or storage is 100% secure, but we take reasonable measures to protect your information.

10. Your rights

Depending on your jurisdiction, you may have rights to access, correct, export, or delete your personal data, and to restrict or object to certain processing. To exercise these rights, contact us at TheNerd@thenerdbrigade.com.

11. Changes to this Policy

We may update this Policy from time to time. Material changes will be reflected by updating the "Last updated" date above.

12. Contact

Questions about this Policy? Reach The Nerd Brigade at TheNerd@thenerdbrigade.com.