1. Introduction
This Privacy Policy describes how Modelcars LLC (“we,” “us,” or “our”) collects, uses, shares, and protects information in connection with CatalogCheck, a free, read-only Shopify application that helps merchants identify gaps in their product catalog — such as missing images, thin descriptions, missing tags, missing categories, and duplicate SKUs.
CatalogCheck is part of the ProfitAware suite of applications. This policy applies specifically to CatalogCheck. For information about other applications in the suite, please refer to their respective privacy policies.
By installing or using CatalogCheck, you agree to the collection and use of information in accordance with this policy.
2. Information We Collect
2.1 Information Collected from Shopify
When you install CatalogCheck, we use Shopify’s Admin API to read the following information from your store. CatalogCheck requests the read_products scope only and never writes, edits, or deletes anything in your store.
- Product data (read-only): product titles, descriptions, images, vendor, product type, tags, category, handles, and a single SKU per product (used for duplicate detection)
- Shop information: shop domain
- Authentication data: OAuth access tokens and refresh tokens used to communicate with Shopify on your behalf
CatalogCheck does not access, collect, or store:
- Customer personal data
- Order data
- Payment information
- Storefront analytics
- Inventory levels or pricing
CatalogCheck does not mirror your full Shopify catalog. We persist only compact issue summaries for the products that are flagged by a scan (product ID, handle, title, SKU, vendor, product type, and the list of issue reasons). Product descriptions, images, and other content are read transiently during a scan to evaluate against your criteria and are not stored.
2.2 Information You Provide Directly
When you use CatalogCheck, you may provide:
- Scan filter preferences: thresholds for image counts, description length, title length, and the set of checks you choose to run (tags, product type, category, duplicate SKU)
- Scope filters: optional vendor, product type, or created-after date filters that limit which products a scan covers
CatalogCheck does not collect a separate account email or account information beyond what is already associated with your Shopify store.
2.3 Automatically Collected Information
We automatically generate the following records during normal operation:
- Scan history: timestamps, scan IDs, the filters used, number of products scanned, number flagged, and per-issue-type tallies
- Flagged-product summaries: for each scan, the list of products that matched any flag criteria (compact summaries as described in Section 2.1, not full product data)
- Error and diagnostic logs: API errors and system events for troubleshooting
- Usage metrics: aggregate counts of scans and feature usage for service improvement
3. How We Use Your Information
We use the information described above to:
- Identify products in your catalog that meet the flag criteria you configure
- Generate scan results showing which products are flagged and why
- Provide a CSV export of flagged products that you can download
- Maintain a history of scans for your reference
- Refresh expired Shopify access tokens using the associated refresh tokens
- Communicate with you about service updates and support
- Diagnose errors and improve the service
- Comply with legal obligations
4. Third-Party Service Providers (Subprocessors)
CatalogCheck relies on the following third-party services to operate. Information is shared with these providers only to the extent necessary to deliver the service.
| Provider | Purpose | Data Shared |
|---|---|---|
| Shopify | Source of product data; OAuth and webhook delivery | Shop and product data per the read_products OAuth scope |
| Base44 | Application hosting, database, and serverless functions | All operational data described in Section 2 |
CatalogCheck does not use AI services, web scraping services, advertising networks, or analytics providers. We do not sell your information. We do not share your information with third parties for their own marketing purposes.
Each subprocessor processes data under its own privacy and security terms. We select subprocessors that maintain industry-standard security practices.
5. Data Retention
- Operational data (OAuth tokens, scan history, flagged-product summaries) is retained for as long as CatalogCheck is installed on your store.
- Scan history records and flagged-product summaries are retained for 90 days, after which they are automatically deleted.
- Error and diagnostic logs are retained for 30 days.
- Upon app uninstallation: Shopify sends a
shop/redactwebhook 48 hours after uninstall. We delete all data associated with your shop within 30 days of receiving this webhook, except where retention is required for legal or audit purposes.
6. Shopify Compliance Webhooks
In accordance with Shopify’s requirements, CatalogCheck subscribes to and processes the following mandatory compliance webhooks:
customers/data_request— CatalogCheck does not collect customer personal data; we acknowledge this webhook and respond confirming no customer data is held.customers/redact— same as above; CatalogCheck holds no customer-level data to redact.shop/redact— triggers deletion of all shop-associated data (scan history, flagged-product summaries, and the store record) as described in Section 5.
7. Your Rights
Depending on your jurisdiction, you may have the following rights regarding personal information we hold about you:
- Access: request a copy of the personal information we hold about you
- Correction: request correction of inaccurate information
- Deletion: request deletion of your information
- Restriction: request that we restrict processing of your information
- Portability: request a portable copy of your information
- Objection: object to certain types of processing
To exercise any of these rights, contact us at support@profitaware.io. We will respond within the timeframe required by applicable law.
You may also revoke CatalogCheck’s access to your data at any time by uninstalling the app from your Shopify admin.
8. International Data Transfers
CatalogCheck is operated from the United States. If you access the service from outside the United States, your information will be transferred to, stored, and processed in the United States. Where required by law (e.g., GDPR), we rely on appropriate transfer mechanisms such as Standard Contractual Clauses.
9. Security
We implement reasonable technical and organizational measures to protect your information, including:
- TLS encryption for data in transit
- Secure storage of OAuth tokens and credentials
- Access controls limiting who within our organization can access merchant data
- Regular review of subprocessor security practices
No method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.
10. Children’s Privacy
CatalogCheck is a business-to-business service and is not directed to individuals under the age of 16. We do not knowingly collect personal information from children.
11. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last Updated” date at the top of this policy and, where appropriate, notify you via email or in-app notification. Continued use of CatalogCheck after changes become effective constitutes acceptance of the revised policy.
12. Contact Us
If you have questions about this Privacy Policy or our data practices, contact us at:
Modelcars LLC
Email: support@profitaware.io
CatalogCheck is part of the ProfitAware suite. For the privacy policy governing other applications in the suite, please refer to the relevant application’s listing.