What the MVP may collect
- Submitted public store domain.
- Generated demo score bucket and category summary.
- Email address only when a report or update intent form is submitted.
- Basic validation events such as audit start, audit complete, report intent, checkout start, report start, delivery success, and support-risk signals.
- UTM parameters, ad click IDs, landing page, and referrer values when present so paid validation can be measured without storing ad account credentials.
What is not collected
- No store admin credentials.
- No payment credentials.
- No customer records or private store data.
- No login-only pages and no bot-protection bypass attempts.
Local QA behavior
When this site runs locally, forms may save intent records in browser localStorage for QA because Netlify Forms is not available. Local QA data stays in that browser unless cleared.
Payment processor boundary
If paid report checkout is enabled, payment is handled by the approved payment provider. StoreSignal pages should not request card numbers, bank details, passwords, tax IDs, identity documents, or payout details.
Future live audits
If live crawling is added, the free audit should still limit pages, avoid expensive model calls, and store only the minimum evidence needed to deliver a self-serve report.