Last updated: May 2026 · Applies to EU/EEA users (GDPR) and California users (CCPA)
Chris von Massow's SaaS Tools
Eschersheimer Landstraße 42 · 60322 Frankfurt am Main · Germany
contact@storecheckr.io
Free analysis (no account required)
DATA IP address
PURPOSE Rate limiting — max 4 free analyses per day
BASIS Art. 6(1)(f) GDPR — legitimate interest in preventing abuse
RETENTION 24 hours, automatically deleted
Purchase and account data
DATA Email address, billing country, plan type, purchase date
PURPOSE Contract performance: delivering access, sending reports, managing your subscription
BASIS Art. 6(1)(b) GDPR — performance of a contract
RETENTION Active subscription duration; billing records 10 years (§147 AO, German tax law)
Marketing communications
DATA Email address, plan type, country
PURPOSE New features, product updates, offers for existing customers
BASIS Art. 6(1)(a) GDPR — your consent (given at purchase)
RETENTION Until you unsubscribe
You may withdraw consent at any time via the unsubscribe link in any email.
Server and access logs
DATA IP address, request path, timestamp, HTTP status code
PURPOSE System stability, error diagnosis, security monitoring
BASIS Art. 6(1)(f) GDPR — legitimate interest in operational security
RETENTION Approximately 72 hours (Vercel platform default)
When you submit a store URL for analysis, the following processing occurs:
1. The URL is crawled by Firecrawl to extract publicly available page content (text, structure).
2. The extracted content is sent to Anthropic's API (Claude) for AI analysis.
3. The AI-generated result is temporarily cached in Upstash Redis (24 hours) for consistency.
What is not transmitted: No personal data belonging to the analyzed store's customers is sent to any processor. Only publicly accessible webpage content is processed.
AI training: Anthropic does not use data submitted via their API for model training, per their published API usage policy. You can verify this at anthropic.com/privacy.
BASIS Art. 6(1)(b) GDPR — performance of a contract
We use the following processors. All US-based processors are subject to Standard Contractual Clauses (SCCs) as issued by the European Commission, and we maintain or are in the process of establishing Data Processing Agreements (DPAs) with each.
| Processor | Purpose | Location | Transfer Basis |
|---|---|---|---|
| Vercel Inc. | Hosting, serverless functions, access logs | USA | EU SCCs / DPA |
| Stripe Inc. | Payment processing, invoicing | USA | EU SCCs / DPA |
| Resend Inc. | Transactional and marketing email delivery | USA | EU SCCs |
| Anthropic PBC | AI analysis of store content (URL + crawled text only) | USA | EU SCCs |
| Mendable.ai (Firecrawl) | Web crawling of submitted store URL | USA | EU SCCs |
| Upstash Inc. | Redis caching of rate limits, session data, analysis results | USA (EU region available) | EU SCCs |
Data transfers to the United States are carried out on the basis of Standard Contractual Clauses (SCCs) pursuant to Art. 46(2)(c) GDPR, as applicable. No adequacy decision currently covers the USA in full; the SCCs provide appropriate safeguards for these transfers.
We use only technically necessary cookies. No advertising or analytics cookies are set by us.
Stripe cookies — Set during the checkout flow for payment security and fraud prevention. These are technically necessary for payment processing. Stripe's cookie policy applies: stripe.com/privacy.
localStorage — We use your browser's localStorage to remember your subscriber email between sessions, so you do not have to re-enter it. This is not a cookie and is stored only on your device. Legal basis: Art. 6(1)(f) GDPR — legitimate interest in service usability.
No tracking pixels, analytics scripts, or advertising tools are deployed on this site.
Under the GDPR, you have the following rights, which you can exercise by contacting contact@storecheckr.io:
Access (Art. 15) — Request a copy of your personal data.
Rectification (Art. 16) — Correct inaccurate or incomplete data.
Erasure (Art. 17) — Request deletion of your data (“right to be forgotten”), subject to legal retention obligations.
Restriction (Art. 18) — Request restriction of processing in certain circumstances.
Portability (Art. 20) — Receive your data in a structured, machine-readable format.
Objection (Art. 21) — Object to processing based on legitimate interests.
Withdraw consent (Art. 7(3)) — Withdraw consent for marketing at any time without affecting past processing.
You also have the right to lodge a complaint with your local supervisory authority. In Germany: Hessischer Beauftragter für Datenschutz und Informationsfreiheit, Postfach 3163, 65021 Wiesbaden, datenschutz.hessen.de.
California residents have the right to know what personal information is collected, request deletion, and opt out of the sale of personal information. We do not sell personal information. To exercise your rights, contact contact@storecheckr.io.
IP addresses (rate limiting): 24 hours
Server access logs: ~72 hours (Vercel)
Subscriber email + plan: duration of active subscription
Analysis result cache: 24 hours
Marketing contact data: until unsubscribe
Purchase / billing records: 10 years (§147 AO)
We may update this Privacy Policy periodically. We will notify subscribers of material changes by email before they take effect. The current version is always available at storecheckr.io/privacy.