Last updated: June 8, 2026
LeakXP ("we", "the app") is a conversion-audit app for Shopify stores, operated by Xplorence. This policy explains what data the app accesses, why, and how we protect it.
To do its job, LeakXP accesses the following from the merchant's Shopify store through Shopify's APIs:
We practice data minimization. When LeakXP reads orders, it uses only order totals to compute aggregate revenue. We do not collect or store customer names, email addresses, phone numbers, shipping addresses, or individual order details. We do not use customer personal data for marketing, profiling, automated decision-making, and we never sell any data.
We store the merchant's store domain and contact email (for alerts), scan results (which contain no customer personal data), the merchant's chosen settings, and aggregate revenue figures. Data is retained while the app is installed and deleted on request or on uninstall via Shopify's data-deletion (shop redaction) webhooks.
Data is encrypted in transit (TLS/SSL) and at rest. Access is limited to the app's own systems. We use the minimum Shopify permissions required for the features above.
We use trusted infrastructure providers to run the app: hosting (Render), database (Neon), transactional email (Resend), Google PageSpeed Insights (speed measurement), and Anthropic (AI text generation for action plans and product-content suggestions). Only the data needed for each function is shared, and never customer personal data beyond aggregates.
Reading order data is optional and off by default — the merchant enables it in Settings and can switch back to entering numbers manually or using defaults at any time. Uninstalling the app stops all data access and triggers deletion of stored data.
Questions about this policy or your data? Email alerts@xplorence.com.