This Privacy Policy describes how 404 Shield ("we", "our", or "the App"), developed by Fullestop, collects, uses, and protects information when you install and use our Shopify application.
1. Information We Collect
When you install and use 404 Shield, we collect:
Shop information: Your Shopify store domain and access tokens required to interact with the Shopify Admin API.
Broken link data: URLs that return 404 errors on your storefront, including the broken URL path, referrer, hit count, and timestamps.
Redirect rules: URL redirect mappings you create within the app (from path → to path).
Scan logs: Records of internal scans performed on your store's products, collections, pages, and blog articles.
Alert settings: Email address and notification preferences you configure for broken link alerts.
Visitor data (via Storefront Tracker): When tracking is enabled, a lightweight script is injected into your storefront. This script captures 404 error events including the broken URL, referrer URL, and approximate user agent. No personally identifiable information (PII) about your store visitors is stored.
Plan information: Your subscription plan (Free or Pro) and billing status.
2. How We Use Your Information
We use the information collected to:
Detect and display broken links on your Shopify storefront
Create and sync URL redirects to your Shopify Admin
Send email alerts when broken link thresholds are exceeded
Provide AI-powered redirect suggestions
Generate reports and analytics on broken link trends
Maintain and improve the functionality of the App
We do not use your data for advertising, profiling, or any purpose beyond delivering the App's core functionality.
3. Data Storage and Security
Your data is stored in a secure MySQL database. We implement appropriate technical measures to protect your information against unauthorised access, alteration, disclosure, or destruction. Access to the database is restricted and all connections are encrypted.
Session tokens provided by Shopify are stored securely and used solely to authenticate API requests on your behalf.
4. Data Retention
Broken link records: Retained while the app is installed. You can manually delete records at any time from the dashboard.
Redirect rules: Retained while the app is installed. Deletable on demand.
Session data: Removed within 48 hours of app uninstallation.
All shop data: Permanently deleted within 30 days of receiving a shop/redact webhook from Shopify following uninstallation.
5. Data Sharing
We do not sell, rent, or share your data with third parties, except:
Shopify: We interact with the Shopify Admin API on your behalf to create redirects and read store content. This is governed by Shopify's Privacy Policy.
OpenRouter / AI Providers: When using AI-powered redirect suggestions, broken URL path data (not visitor PII) is sent via OpenRouter's API to the selected AI model provider (e.g., Meta, Google, or Mistral) to generate suggestions. No personal data is shared. See OpenRouter's Privacy Policy.
Resend: Email alerts are delivered via Resend. Only your configured alert email address is shared. See Resend's Privacy Policy.
Legal compliance: We may disclose data if required by law or to protect our legal rights.
6. Shopify Compliance Webhooks
As required by Shopify, we handle the following mandatory compliance webhooks:
customers/data_request: We acknowledge customer data requests. 404 Shield does not store personally identifiable customer information.
customers/redact: We acknowledge customer redact requests. No customer PII is stored.
shop/redact: Upon receiving this webhook (sent 48 hours after app uninstallation), we permanently delete all data associated with your store within 30 days.
7. Your Rights (GDPR & CCPA)
Depending on your location, you may have the right to:
Access the personal data we hold about your store
Request correction or deletion of your data
Restrict or object to the processing of your data
Data portability
To exercise any of these rights, please contact us at the email address below. We will respond within 30 days.
8. Cookies
The 404 Shield admin interface is an embedded Shopify app and uses Shopify's session cookies for authentication. Our storefront tracker script does not set any cookies on your visitors' browsers.
9. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. Continued use of the App after changes constitutes acceptance of the updated policy.
10. Contact Us
If you have any questions or concerns about this Privacy Policy or how we handle your data, please contact us: