Privacy Policy
Last Updated: February 2026
1. Introduction
GMCFix.com ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services.
By using GMCFix.com, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our services.
Privacy First Approach
Your data is handled with the highest care. You can optionally connect your Google Merchant Center account for automated analysis, or provide screenshots manually. All data is used solely to generate your compliance report.
2. Information We Collect
2.1 Information You Provide
We collect information that you voluntarily provide when using our services:
- Account Information: Name, email address, and authentication provider data (Google, GitHub, or Apple)
- Company Information: Legal company name, registration number, VAT number, business address, phone number
- Website Information: Your e-commerce website URL, platform type, store model
- Business Details: Information about your business model, product sourcing, and inventory practices
- Google Merchant Center Data: Contact email, merchant ID, suspension type and date (entered manually or retrieved via optional OAuth connection)
- Screenshots: Images you upload from your Google Merchant Center account showing business information, account issues, and suspension details
- Payment Information: Processed securely by Stripe (we do not store your full credit card details)
2.2 Automatically Collected Information
When you access our services, we automatically collect:
- Usage Data: Pages visited, time spent, features used, and navigation patterns
- Device Information: Browser type, operating system, device type, screen resolution
- Log Data: IP address, access times, error logs, and performance metrics
- Cookies: Authentication tokens, session data, and preference settings
2.3 Website Analysis Data
To provide our services, we automatically analyze your publicly accessible website:
- Page content, structure, and metadata
- Product information and descriptions
- Contact information, policies, and legal pages
- Images, links, and technical implementation
- Site performance and accessibility metrics
2.4 Google Merchant Center Data (Optional OAuth Connection)
If you choose to connect your Google Merchant Center account, we access the following data using the Google Content API (scope: auth/content):
- Account information: business name, account ID, website URL
- Account issues and policy violations reported by Google
- Product status summary (total count, disapproved count)
- Data source/feed configuration and URLs
- Business address, phone number, customer service email
- Free listings and Shopping Ads program status
- Connected account links (e.g., Google Ads)
- Return policy configuration
This connection is entirely optional. You can always choose to enter details manually instead. You can disconnect at any time, and we will delete all retrieved GMC data from your submission upon request.
OAuth tokens are stored encrypted and used only to fetch your account data once. We do not maintain ongoing access to your account. You can revoke access at any time through your Google Account permissions.
3. How We Use Your Information
We use the collected information for the following purposes:
- Service Delivery: To analyze your website and Google Merchant Center situation and generate compliance reports
- AI Analysis: To process your data using our AI models (OpenAI GPT) for policy violation detection and recommendations
- Communication: To send you service updates, report notifications, and support responses
- Payment Processing: To process your one-time payment through Stripe
- Customer Support: To respond to your inquiries and provide technical assistance
- Service Improvement: To analyze usage patterns and improve our platform
- Legal Compliance: To comply with applicable laws and regulations
- Fraud Prevention: To detect and prevent fraudulent activities
4. Data Storage and Retention
4.1 Storage Infrastructure
Your data is stored securely using Google Cloud Platform (Firebase):
- Cloud Firestore: Structured data storage with encryption at rest
- Firebase Storage: Secure file storage for screenshots and reports
- Regional Storage: Data stored in US-Central region (Iowa, USA)
- Backups: Automated daily backups for data recovery
4.2 Retention Period
We retain your data for the following periods:
- Submission Data: 180 days (6 months) after report generation
- Account Data: Until you request account deletion
- Payment Records: 7 years (required by tax laws)
- Legal Hold: Longer retention if required by law
After 180 days, your submission data, including all screenshots and reports, is automatically deleted from our systems.
5. Data Security
We implement industry-standard security measures to protect your data:
- Encryption in Transit: All data transmitted using HTTPS/TLS 1.3
- Encryption at Rest: All stored data encrypted using AES-256
- Access Control: Role-based access with least privilege principle
- Firestore Security Rules: User data isolated and protected
- Authentication: OAuth 2.0 via trusted providers (Google, GitHub, Apple)
- Payment Security: PCI DSS compliant processing via Stripe
- Regular Audits: Security assessments and vulnerability scanning
- Monitoring: Real-time security monitoring and alerting
Important: No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
6. Data Sharing and Disclosure
6.1 Third-Party Services
We share data with the following service providers:
- Firebase/Google Cloud: Infrastructure and database hosting
- Stripe: Payment processing (they handle all payment card data)
- OpenAI: AI-powered analysis (anonymized data only)
- Authentication Providers: Google, GitHub, Apple (for sign-in)
- Google Content API: Used only when you connect your GMC account via OAuth. We read account data to generate your report. We do not write to or modify your GMC account.
6.2 Legal Requirements
We may disclose your information if required to:
- Comply with legal obligations, court orders, or government requests
- Enforce our Terms of Service
- Protect our rights, property, or safety
- Investigate fraud or security issues
6.3 Business Transfers
If GMCFix.com is acquired or merged, your data may be transferred to the new entity. You will be notified of any such change.
6.4 Google User Data — Prohibited Uses
In compliance with the Google API Services User Data Policy, we confirm that Google user data obtained through the Content API:
- Is not sold, transferred to advertising platforms, data brokers, or information resellers
- Is not used for serving ads, retargeting, personalized or interest-based advertising
- Is not used to determine credit-worthiness or for lending purposes
- Is used solely to provide the compliance analysis service you requested
- Is not shared with third parties except as described in this policy
7. Cookies and Tracking
We use cookies and similar technologies to:
- Authentication: Keep you signed in
- Preferences: Remember your language and settings
- Analytics: Understand how our service is used
- Security: Detect and prevent fraud
You can control cookies through your browser settings. Note that disabling cookies may affect service functionality.
8. Your Rights and Choices
You have the following rights regarding your personal data:
- Access: Request a copy of your personal data
- Correction: Update inaccurate or incomplete information
- Deletion: Request deletion of your data (subject to legal retention requirements)
- Export: Download your data in a portable format
- Opt-Out: Unsubscribe from marketing communications
- Withdrawal: Withdraw consent for data processing
To exercise these rights, contact us at privacy@gmcfix.com.
9. International Data Transfers
GMCFix.com is based in the United States. If you access our services from outside the US, your data will be transferred to and processed in the United States.
We comply with applicable data protection laws, including GDPR for European users and CCPA for California residents.
10. Children's Privacy
Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. Significant changes will be communicated via email.
Your continued use of our services after changes constitutes acceptance of the updated policy.
12. Contact Us
If you have questions or concerns about this Privacy Policy or our data practices, please contact us:
Email: privacy@gmcfix.com
Website: https://gmcfix.com/contact
Company: Online Mega Stores
Address: Pagorkowa 26, 83-331 Przyjazn, Pomorskie, Poland
VAT: PL9571022554
Response Time: We aim to respond within 48 hours
13. GDPR Rights (EU Residents)
If you are located in the European Union, the General Data Protection Regulation (GDPR) provides you with specific rights regarding your personal data.
13.1 Legal Basis for Processing
We process your personal data based on the following legal grounds:
- Contractual Necessity: To provide our compliance analysis services as requested
- Legitimate Interest: To improve our services, prevent fraud, and ensure security
- Consent: For analytics, marketing, and non-essential cookies (where applicable)
- Legal Obligation: To comply with financial and tax record-keeping requirements
13.2 Your GDPR Rights
Under GDPR, you have the following rights:
- Right to Information: Clear information about how we use your data
- Right of Access (Article 15): Request a copy of your personal data we hold
- Right to Rectification (Article 16): Correct inaccurate or incomplete data
- Right to Erasure (Article 17): Request deletion of your personal data
- Right to Restrict Processing (Article 18): Limit how we use your data
- Right to Data Portability (Article 20): Receive your data in a machine-readable format
- Right to Object (Article 21): Object to processing based on legitimate interest
- Rights Related to Automated Decision-making: Not to be subject to decisions based solely on automated processing
- Right to Withdraw Consent: Withdraw consent for processing at any time
- Right to Lodge a Complaint: File a complaint with your local data protection authority
13.3 Data Controller Information
Data Controller: Online Mega Stores
Address: Pagorkowa 26, 83-331 Przyjazn, Pomorskie, Poland
VAT: PL9571022554
Contact: privacy@gmcfix.com
Response Time: Within 30 days (as required by GDPR)
Representative in EU: Contact us for current representative details
13.4 International Transfers
Your data may be transferred to and processed in the United States. We ensure adequate protection through:
- Google Cloud Platform's GDPR compliance and certification
- Standard Contractual Clauses (SCCs) with service providers
- Technical and organizational measures for data security
- Regular security assessments and audits
13.5 Cookies and Consent
We use Google Consent Mode v2 to manage your cookie preferences. You can:
- Accept or reject non-essential cookies when you first visit our site
- Change your preferences at any time through our cookie banner
- Manage cookies through your browser settings
- Clear existing cookies and reset your preferences
How to Exercise Your Rights
To exercise any of your GDPR rights, please contact us at:
Email: privacy@gmcfix.com
Subject: "GDPR Request - [Your Specific Request]"
Include: Your name, email address, and specific request details
We will respond within 30 days and may ask for identity verification to protect your privacy.
Notice for California Residents (CCPA)
If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with specific rights regarding your personal information.
For CCPA-specific requests, please email: privacy@gmcfix.com with "CCPA Request" in the subject line.
Disclaimer: GMCFix.com is not affiliated with, endorsed by, or sponsored by Google LLC or Alphabet Inc. Google®, Google Merchant Center®, Google Shopping®, and related marks are trademarks of Google LLC. We are an independent service provider offering compliance analysis for e-commerce merchants.