Terms of Service

Last updated: 1 May 2026

These Terms of Service ("Terms") govern your access to and use of the StorePulse Shopify application and related services (collectively, the "Service"), provided by Deepseatools ("we", "us", or "our"). By installing StorePulse from the Shopify App Store or otherwise using the Service, you ("Merchant" or "you") agree to these Terms.

Contents

Acceptance
Licence
Account & eligibility
Billing & subscriptions
Refunds
Acceptable use
AI features
Availability & modifications
Intellectual property
Disclaimer of warranties
Limitation of liability
Indemnification
Termination
Governing law
Data processing addendum
Contact

1. Acceptance

You accept these Terms when you install StorePulse on your Shopify store, click any "I agree" or equivalent button, or access or use the Service. If you do not agree, do not install or use the Service.

2. Licence

Subject to your compliance with these Terms, we grant you a limited, non-exclusive, non-transferable, revocable licence to access and use the Service for the purpose of monitoring your own Shopify store(s).

3. Account & eligibility

You must be at least 18 years old and capable of forming a binding contract under applicable law. You must have an active Shopify store to install StorePulse. You are responsible for keeping your Shopify account secure; we treat any actions taken via your authenticated Shopify session as authorised by you.

4. Billing & subscriptions

StorePulse offers Free, Starter, Pro, and Max plans. Paid subscriptions are billed through Shopify's subscription billing system and appear on your Shopify invoice.

Plan prices are listed on the Pricing page and inside the app.
Subscriptions renew automatically every 30 days until cancelled.
Plan upgrades are pro-rated and apply immediately.
Plan downgrades take effect at the next billing cycle.
AI credits refresh on the first day of each billing cycle and do not roll over.
The Free plan has no time limit and acts as the evaluation tier; paid plans do not include a time-limited free trial.

5. Refunds

All sales are final. We do not provide pro-rated refunds for partial billing periods, unused AI credits, or unused features within a billing period. If Shopify issues a refund as part of its standard billing dispute process, we will honour Shopify's decision.

Cancelled theme reviews do not consume credits, and cancelled subscriptions stop renewing immediately — you retain access until the end of the current billing period.

6. Acceptable use

You will not, and will not permit any third party to:

Use the Service in violation of any law, regulation, or third-party rights.
Reverse engineer, decompile, or attempt to extract source code from the Service.
Probe, scan, or test the vulnerability of any system or network without authorisation.
Submit false, misleading, or malicious data through the Service.
Use the Service to monitor stores or storefronts you do not own or control.
Resell, sublicence, or rebrand the Service without a separate written agreement.
Bypass or disable any rate limit, abuse-prevention, or security mechanism.

7. AI features

StorePulse uses Anthropic's Claude API to generate AI fix proposals, theme review findings, and similar suggestions. AI output is provided "as is":

AI suggestions are recommendations, not guaranteed correct fixes. Review them before applying to your live theme.
You remain responsible for testing changes before publishing.
We are not liable for losses arising from applying AI-generated code without verification.
AI credits, once consumed, are not refundable except where the AI feature failed entirely (e.g., a hard error returned by the API).

8. Availability & modifications

We strive for high availability but do not guarantee uninterrupted access. We may modify, suspend, or discontinue any part of the Service at any time, with reasonable notice for material changes that affect paid plans.

Cron-based features (uptime checks, scheduled scans, synthetic checkout monitor) are best-effort and may be delayed during platform incidents.

9. Intellectual property

The Service, including all software, design, text, graphics, and logos, is owned by Deepseatools and protected by intellectual property laws. These Terms grant you a usage licence only — they do not transfer any ownership rights.

You retain ownership of your storefront content. Telemetry data captured by the Service remains your data; we process it solely to operate the Service on your behalf.

10. Disclaimer of warranties

THE SERVICE IS PROVIDED "AS IS" AND "AS AVAILABLE", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND ACCURACY. WE DO NOT WARRANT THAT THE SERVICE WILL BE UNINTERRUPTED, ERROR-FREE, OR THAT DEFECTS WILL BE CORRECTED.

11. Limitation of liability

TO THE MAXIMUM EXTENT PERMITTED BY LAW, IN NO EVENT WILL DEEPSEATOOLS BE LIABLE FOR ANY INDIRECT, INCIDENTAL, CONSEQUENTIAL, SPECIAL, OR EXEMPLARY DAMAGES, INCLUDING LOST PROFITS, LOST DATA, OR LOSS OF GOODWILL, EVEN IF ADVISED OF THE POSSIBILITY.

OUR TOTAL CUMULATIVE LIABILITY FOR ANY CLAIM ARISING OUT OF OR RELATING TO THE SERVICE WILL NOT EXCEED THE GREATER OF (A) THE AMOUNTS YOU PAID US IN THE TWELVE (12) MONTHS PRECEDING THE EVENT GIVING RISE TO THE CLAIM, OR (B) ONE HUNDRED US DOLLARS (USD $100).

12. Indemnification

You agree to indemnify and hold harmless Deepseatools, its affiliates, and personnel from any claim, loss, or expense (including reasonable legal fees) arising out of (a) your use of the Service in breach of these Terms, (b) your violation of any law or third-party right, or (c) your storefront content.

13. Termination

You may terminate at any time by uninstalling StorePulse from your Shopify Admin. Termination is effective immediately; data is purged within 48 hours per our Privacy Policy.

We may suspend or terminate your access for material breach of these Terms or for behaviour that endangers the Service or other users. Where practical, we will provide notice and an opportunity to cure.

14. Governing law & disputes

These Terms are governed by the laws of India, without regard to conflict-of-law principles. Any dispute arising out of or relating to these Terms or the Service will be subject to the exclusive jurisdiction of the courts located in India. Nothing in these Terms limits any rights granted to you by Shopify Inc. as the platform operator.

15. Data processing addendum

This section forms a Data Processing Addendum ("DPA") incorporated into these Terms. It applies whenever Deepseatools processes Personal Data on the Merchant's behalf in the course of operating the Service, and is intended to satisfy Article 28(3) of the EU General Data Protection Regulation (GDPR), Article 28 of the UK GDPR, and equivalent obligations under the California Consumer Privacy Act (CCPA/CPRA) where applicable. Capitalised terms not defined here have the meanings given in our Privacy Policy.

15.1 Roles

The Merchant is the Data Controller and Deepseatools is the Data Processor with respect to any Personal Data processed by the Service in connection with the Merchant's Shopify store. Deepseatools processes Personal Data only on documented instructions from the Merchant — those instructions are given by installing the Service, configuring its features, and accepting these Terms.

15.2 Subject matter, duration, nature, and purpose

Subject matter: storefront monitoring, error tracking, performance metrics, alerts, theme review, accessibility scanning, and AI-assisted fixes for the Merchant's Shopify store.
Duration: for as long as the Service is installed on the Merchant's store, plus the retention windows described in Section 15.6 below. Personal Data is purged on uninstall in line with the Privacy Policy.
Nature of processing: automated collection, storage, indexing, aggregation, alert evaluation, and (where the Merchant has enabled the relevant feature) submission of error context to Anthropic for AI fix generation.
Purpose: solely to operate, secure, and improve the features of the Service the Merchant has subscribed to.

15.3 Categories of data subjects and Personal Data

Data subjects: the Merchant's storefront visitors and the Merchant's own staff users of the Shopify Admin.
Categories of Personal Data: a non-identifying random session ID stored in the visitor's sessionStorage; technical telemetry (browser, operating system, viewport size, language, timezone, page URL, referrer); error messages, stack traces, and breadcrumbs; performance metrics (LCP, CLS, INP, FCP, TTFB); aggregated, non-PII order data from Shopify webhooks (order id, totals, currency, financial status, fulfilment status, timestamps); aggregated refund counts and totals; inventory level changes.
Excluded: the Service does not store customer-identifying fields from order webhooks (no name, email, phone, billing address, shipping address, IP address). The Service does not capture form-input values, payment fields, or free-text content from any storefront page.

15.4 Processor obligations

Deepseatools will:

process Personal Data only on the Merchant's documented instructions, including with regard to international transfers, unless required to do so by law (in which case Deepseatools will, where lawful, inform the Merchant);
ensure that personnel authorised to process Personal Data are bound by confidentiality obligations;
implement and maintain the technical and organisational measures described in Section 15.7;
assist the Merchant, taking into account the nature of processing and the information available, in fulfilling its obligations to respond to data-subject requests under the GDPR, the UK GDPR, the CCPA/CPRA, and equivalent laws — including by triggering deletion via the customers/redact, customers/data_request, and shop/redact webhooks Shopify sends;
assist the Merchant in ensuring compliance with its obligations regarding security of processing, breach notification, data protection impact assessments, and prior consultations under Articles 32 to 36 of the GDPR;
at the Merchant's choice, delete or return all Personal Data after the Service relationship ends — Deepseatools' default is to delete;
make available to the Merchant all information necessary to demonstrate compliance with this DPA and allow for and contribute to audits, including inspections, conducted by the Merchant or another auditor mandated by the Merchant. Routine compliance is demonstrated through the Privacy Policy, this DPA, and Deepseatools' subprocessor list. Additional audit requests may be subject to reasonable notice and confidentiality obligations.

15.5 Sub-processors

The Merchant grants Deepseatools a general authorisation to engage sub-processors to perform specific processing activities on the Merchant's behalf. The current list of sub-processors is published in Section 5 of the Privacy Policy and includes the purpose and the categories of data each sub-processor accesses. Deepseatools imposes data-protection obligations on each sub-processor that are no less protective than those in this DPA. Deepseatools will provide reasonable notice (by updating the Privacy Policy) of any intended addition or replacement of a sub-processor, giving the Merchant the opportunity to object. If the Merchant reasonably objects on data-protection grounds, the Merchant may terminate the affected portion of the Service.

15.6 Retention and deletion

Personal Data captured by the Service is retained according to the Merchant's plan: 7 days (Free), 30 days (Starter), 90 days (Pro), or 180 days (Max). Data exceeding these windows is automatically purged daily by Deepseatools' retention worker. On uninstall, Deepseatools flags the merchant record and deletes Personal Data within 48 hours, except where retention is required by law. Customer-specific deletion requests received via Shopify's customers/redact webhook are honoured immediately.

15.7 Security measures

Deepseatools implements the following technical and organisational measures:

Encryption in transit: all data is transmitted over TLS 1.2 or above. The Service does not accept plaintext HTTP.
Encryption at rest: the operational database (Cloudflare D1) and key/value store (Cloudflare KV) encrypt data at rest using AES-256 with provider-managed keys.
Access control: production systems are accessible only to authorised Deepseatools personnel via authenticated, auditable interfaces. API keys and webhook signing secrets are stored as platform-managed secrets and are not exposed in logs or environment dumps.
Webhook authenticity: Shopify webhooks are verified by HMAC signature before processing. Idempotency keys prevent duplicate processing.
Tenant isolation: every database query is scoped by merchant_id; data from one merchant is never aggregated, benchmarked, or exposed to another merchant.
Logging and monitoring: the Service logs operational events (alert dispatches, queue processing, webhook receipts) and uses Cloudflare's platform-level abuse and rate-limiting protections.
Vendor management: sub-processors are selected and monitored against the criteria in Section 15.5.

15.8 International transfers

Some sub-processors process Personal Data outside the European Economic Area or the United Kingdom. Where this occurs, Deepseatools relies on the European Commission's Standard Contractual Clauses, the UK International Data Transfer Addendum, or an equivalent adequacy mechanism with each affected sub-processor.

15.9 Personal data breach notification

Deepseatools will notify the Merchant without undue delay (and in any case within 72 hours of becoming aware) of any Personal Data breach affecting the Merchant's data, with sufficient information for the Merchant to meet its own notification obligations to supervisory authorities and data subjects.

15.10 Order of precedence

In the event of a conflict between this DPA and the rest of these Terms, this DPA prevails with respect to the processing of Personal Data. In the event of a conflict between this DPA and the Shopify Partner Program Agreement, the Shopify Partner Program Agreement prevails.

16. Contact

Questions about these Terms:

Email: support@deepseatools.in
Operator: Deepseatools (India)