How StoreTrust scans your store

We built this for merchants who want a fast read on trust gaps—not another tool that asks for admin access.

What we scan

We fetch the same HTML a first-time visitor would see on your public storefront—no login, no special permissions. For a typical run that means:

  • The homepage URL you enter
  • One product page we find linked from that homepage
  • Your store's public /cart page, if it loads

Checkout itself is usually on Shopify's hosted flow. We don't complete a purchase or load checkout as a logged-in shopper. Signals we label as checkout-related come from what's visible on cart and product pages, plus normal storefront markup—not from inside Shopify Admin.

What we don't access

  • Shopify Admin, apps, or theme code
  • Theme editor, unpublished drafts, or password-protected previews
  • Customer accounts, orders, or any shopper data that isn't already on a public page
  • Your store's login—we never ask for it

If a URL returns a login wall or empty cart for guests, we work with what the public request returns. That can make a scan partial; it doesn't mean we're trying to bypass protections.

How long we keep scan data

We store the scan result (score, issues list, and the metadata we need to show your report) on our side so you can open the link again and so we can keep the product stable. Today, on our main scanner, completed records roll off after about 7 days during routine storage cleanup, alongside a cap on how many old scans we keep at once.

If you pay for the full report, access is also tied to a short-lived browser cookie—currently up to 30 days. After that window, the same link may not reopen the paid view even if you still have the URL.

If we change hosting or retention for compliance reasons, we'll update this page and the privacy policy when it materially affects you.

How to delete a report

There isn't a self-serve delete button in the product yet. Email support@storetrust.io from an address we can reasonably tie to the store (or forward your receipt). Include your store URL and, if you have it, the scan link or scan ID. We'll remove the scan record from our systems or tell you plainly if something can't be deleted for a legal or operational reason.

For broader data requests, the same inbox—see also our Privacy Policy.