Curbcut — Privacy Policy

Last updated: 6 June 2026

Curbcut provides accessibility auditing and EU Accessibility Act compliance tools for Shopify merchants. This policy explains what we process and why. Contact: privacy@curbcut.eu.

What we collect

• Store identifiers — your .myshopify.com and primary storefront domain.
• Store profile basics — store name and contact email, from Shopify's Admin API, used to pre-fill your accessibility statement.
• Audit results — the public URLs we scan and the accessibility issues found. These describe your website's HTML, not any person.
• Authentication data — the offline access token Shopify issues, stored securely.

We scan only the publicly accessible pages of your storefront.

What we do NOT collect

Curbcut does not collect, store, or process your customers' personal data. We never access orders, customer records, or checkout data.

How we use it

To run audits, show you results, generate your accessibility statement, send monitoring alerts (if you opt in), and bill your subscription. Billing is handled entirely by Shopify; we never see your payment-card details.

Sharing

We do not sell your data. We share data only with the infrastructure providers needed to run the service (hosting, database) and with Shopify. The audit runs on the open-source axe-core engine within our own systems.

Retention & deletion

We keep audit results while Curbcut is installed. On uninstall we delete your sessions (app/uninstalled) and all stored audits (shop/redact, ~48h later). You can also request deletion any time at privacy@curbcut.eu.

Your GDPR rights

If you are in the EU/EEA or UK you may access, correct, export, or delete your data, and object to processing. Email privacy@curbcut.eu and we respond within 30 days.

Security

Access tokens are stored securely and all traffic uses HTTPS. Access to production data is limited to what is necessary to operate the service.

Contact

privacy@curbcut.eu