Privacy Policy

Last updated: April 2026

ECGT Guard (“we”, “us”) is committed to protecting your privacy. This policy explains what data we collect, how we use it, your rights under the UK and EU General Data Protection Regulation (GDPR), and the third-party services we use.

Data we collect and why

When you request a free audit we collect:

• Email address and Shopify store URL — to send your compliance report. Lawful basis: legitimate interests (providing the service you requested).
• Public product data— titles, descriptions, and tags fetched from your store's public Shopify Storefront API. This data is passed to Anthropic's Claude API for AI classification and is not stored after your report is generated. Lawful basis: legitimate interests.

If you tick the optional “notify me when ECGT Guard launches” checkbox, we will also use your email address to send you a single product-launch notification. Lawful basis: consent. You can withdraw this consent at any time by emailing contact@ecgtguard.com.

Data retention

Your email address and store URL are retained for up to 12 months from the date of your audit request, after which they are deleted. Scan results are kept for 24 hours for the purpose of report generation and then deleted.

Third-party services

We use the following sub-processors. Where a provider is based outside the UK/EEA, transfers are covered by Standard Contractual Clauses (SCCs) or an equivalent adequacy mechanism.

• Supabase (EU region) — database hosting your email address, store URL, and audit results.
• Anthropic (USA, SCCs) — AI classification of public product descriptions. No personal data is included in prompts.
• Resend (USA, SCCs) — transactional email delivery of your audit report.
• Cloudflare Turnstile (USA, SCCs) — bot detection CAPTCHA. Processes your IP address and browser signals to verify requests are human-generated. No cookies are set. Cloudflare Privacy Policy.

Your rights

Under UK/EU GDPR you have the right to:

• Access the personal data we hold about you
• Rectification of inaccurate data
• Erasure (“right to be forgotten”)
• Restriction of processing
• Data portability
• Object to processing based on legitimate interests
• Withdraw consent at any time (where processing is based on consent)

To exercise any of these rights, email contact@ecgtguard.com. We will respond within 30 days. You also have the right to lodge a complaint with your local supervisory authority (in the UK: the ICO; in the EU: your national data protection authority).

Contact

For privacy enquiries, email contact@ecgtguard.com.