Draft: have counsel/security review before public launch.
CompetitorLens operates in read-only advisory mode. It never writes to your store, never reprices, and never sends campaigns or emails on your behalf.
We request the minimum Shopify scopes (read_products by default; read_orders/read_inventory only if you enable performance linking). No write scopes are requested. Access tokens are stored encrypted, never in plain text.
Your private store data is account-scoped. Public competitor data may be shared infrastructure (we monitor a public storefront once and reuse it), but your private data and interpretations are never visible to another account.
Every recommendation links to the source snapshot it came from, with a captured timestamp and content hash, so claims are auditable.
Any action with a side effect is gated behind explicit human approval. The system does not act autonomously on your store.
Report security issues to security@competitorlens.net (placeholder). Please allow time for triage during beta.
This is beta software. Formal audits, penetration testing, SLAs and certifications are not yet in place. Do not rely on it for critical security guarantees during beta.