Privacy Policy

Last updated: March 10, 2026

TrueBeacon ("we", "us", "our") is a profit analytics application for Shopify merchants. This privacy policy explains what data we collect, how we use it, and your rights regarding that data.

1. Data We Collect

When you install TrueBeacon, we access the following data from your Shopify store:

  • Order data — order totals, line items, refunds, and timestamps for revenue and profit calculations.
  • Product data — product names, variants, images, and inventory cost (cost_per_item) for COGS tracking.
  • Customer data — customer count and first-order dates for new vs. returning metrics, cohort analysis, and lifetime value calculations. We do not collect names, emails, or addresses for analytics purposes.
  • Store metadata — shop name, currency, timezone, and Shopify plan for app configuration.
  • Ad platform tokens — if you connect ad platforms (Meta, Google, Snapchat, AppLovin, TikTok), we store encrypted OAuth tokens to fetch ad spend data on your behalf.
  • Cost configuration — COGS overrides, shipping costs, variable costs, fixed costs, and transaction fee settings you enter in the app.

2. How We Use Your Data

Your data is used exclusively to provide profit analytics:

  • Calculate revenue, costs, and profit (P&L reporting with CM1, CM2, CM3 contribution margin tiers).
  • Generate lifetime value (LTV) analytics by product, variant, and month.
  • Build customer cohort retention heatmaps.
  • Calculate customer acquisition cost (CAC) and new customer ROAS.
  • Display customizable KPI dashboards.
  • Fetch ad spend from connected advertising platforms.

We do not sell, share, or use your data for advertising, profiling, or any purpose other than delivering the TrueBeacon service to you.

3. Data Storage & Security

  • Database — Your data is stored in Supabase (PostgreSQL) with row-level security.
  • Encryption at rest — All sensitive financial data and API tokens are encrypted with AES-256-GCM before storage.
  • Encryption in transit — All connections use TLS 1.2+.
  • Hosting — The application is hosted on Vercel with automatic DDoS protection and edge security.
  • Access control — Shopify session token authentication in embedded mode; secure cookie-based authentication in standalone mode. All API endpoints are scoped to the authenticated shop.

4. Third-Party Services

We use the following third-party services to operate TrueBeacon:

  • Supabase — database hosting and authentication infrastructure.
  • Vercel — application hosting and edge network.
  • Sentry — error monitoring (no PII is sent; errors contain only technical context).
  • Resend — transactional email delivery (onboarding, alerts).
  • Ad platforms (Meta, Google Ads, Snapchat, AppLovin, TikTok) — we connect to these on your behalf to fetch ad spend data. We only read data; we never modify your ad campaigns.

5. MCP Server & AI Assistant Access

TrueBeacon offers an optional MCP (Model Context Protocol) server that allows compatible AI assistants (Claude, Cursor, Windsurf) to query your profit data. Key privacy details:

  • Access requires an API key that you generate in the Settings page.
  • The API key is scoped to your shop only.
  • Data is served directly from your TrueBeacon account — it does not pass through any third-party AI service on our side.
  • You can revoke API keys at any time from Settings.

6. GDPR Compliance & Your Rights

If you are in the European Economic Area, you have the following rights under the General Data Protection Regulation:

  • Right to access — Request a copy of all data we store about your shop and customers.
  • Right to erasure — Request deletion of your data. We handle Shopify's mandatory customers/redact and shop/redact webhooks automatically.
  • Right to data portability — Export your P&L data, cost settings, and analytics via the Export feature in the app (CSV and PDF).
  • Right to rectification — Update or correct your cost data at any time via the Cost Editor.

To exercise any of these rights, email us at support@truebeacon.ai.

7. Data Retention

  • Active accounts — Your data is retained as long as the app is installed and your subscription is active.
  • After uninstall — When you uninstall TrueBeacon, Shopify sends an app/uninstalled webhook. We retain your data for a 48-hour grace period (in case of accidental uninstall), after which Shopify triggers a shop/redact webhook and we permanently delete all shop data.
  • Customer data requests — When a customer requests data deletion through your Shopify store, we redact their personal identifiers from our records while preserving anonymized financial aggregates.

8. Cookies

When used in standalone mode (outside the Shopify admin), TrueBeacon uses a secure, HTTP-only session cookie for authentication. We do not use tracking cookies, advertising cookies, or any third-party cookie-based analytics.

9. Children's Privacy

TrueBeacon is a business tool for Shopify merchants. We do not knowingly collect data from anyone under the age of 16.

10. Changes to This Policy

We may update this privacy policy from time to time. Material changes will be communicated via email to the address associated with your account. Continued use of the app after changes constitutes acceptance of the updated policy.

11. Contact

For questions about this privacy policy or your data, contact us at: support@truebeacon.ai