Seekmodo

Seekmodo for BigCommerce — Privacy & Data Handling

Effective: 2026-06-10

This page describes, in BigCommerce App Marketplace review-team shape, what the Seekmodo for BigCommerceapp reads, writes, and forwards between your BigCommerce store, the Seekmodo gateway, and downstream sub-processors. It is a narrow disclosure scoped to the BigCommerce surface; the broader Seekmodo privacy policy is at /legal/privacy and the data processing addendum is at /legal/dpa.

1. OAuth scopes the app requests at install

BigCommerce shows shoppers the list of scopes the app is requesting on the install screen. Seekmodo for BigCommerce requests:

  • store_v2_information_read_only — read the store's hash, name, locale, currency, and timezone so we can pair the install to the correct Seekmodo tenant.
  • store_v2_products (read + write) — read your full product catalog (including variants, custom fields, images, and brand_id) so we can build the search index, and write minor projections (vehicle-fitment custom fields) that the BC native UI surfaces.
  • store_v2_customers (read + write) — read customer IDs needed to scope a logged-in shopper's saved garage, and write the four seekmodo.garage.* customer attributes that persist the shopper's vehicle picks. We do not read PII fields (email, phone, address, order history).
  • store_v2_content (read + write) — install and update the small Script Manager beacon that emits click-through signals back to the gateway for relevance learning.
  • store_v2_orders_read_only — read order line items only if the merchant opts into the recommendations-from-purchase-history feature; default is off, and the feature can be revoked from the connector admin page at any time.
  • store_v2_themes — install the search and vehicle-context storefront snippets. The app never modifies theme files the merchant didn't explicitly approve via the admin UI.

Scopes we never request: payments, checkouts (read or write), customer-passwords, customer-addresses, settings, or any v3-only admin scopes. Removing the app uninstalls the Script Manager snippet and clears the stored OAuth token; the gateway-side projection of your catalog is deleted within 30 days of uninstall (see §6).

2. What we store about your store

  • Store identitybc_store_hash, domain, app-install timestamp, paired tenant_id.
  • Catalog projection — your products and their public metadata, indexed for search and vehicle-fitment lookups. Updates flow through the BigCommerce store/product/* webhooks; backfill via a paged scan of GET /v3/catalog/products.
  • Search and click telemetry — every storefront search query, its result IDs, click positions, and dwell buckets. Stored per-tenant and used for relevance learning on your tenant. Aggregated and tenant-stripped before contributing to any cross-tenant model (see /legal/privacy §7).
  • Operational logs — IP, user-agent, latency, and response code per request to the Seekmodo Worker, kept 30 days for abuse and debugging.

3. What we store about your shoppers

For shoppers who never log in to your store, Seekmodo stores only their search queries plus a short-lived session id (rotated every 24 hours, used to dedupe rapid bots). We do not place shopper-identifiable cookies on your storefront.

For shoppers who are logged in to your store and have built a vehicle garage, we store four customer attributes against their BigCommerce customer ID:

  • seekmodo.garage.active_vehicle_id — the currently-selected vehicle id (numeric).
  • seekmodo.garage.slot.1, .slot.2, .slot.3, .slot.4 — up to four saved year | make | model entries.

These attributes are visible to you in the BigCommerce admin UI under the customer's record. We do not store names, emails, addresses, payment information, or order history against any external identifier; the garage state is purely vehicle-fitment metadata.

4. What we don't store

  • No checkout, cart-content, or payment data ever flows to Seekmodo. We don't request thestore_v2_checkouts scope and the OAuth token we hold cannot read it.
  • No customer PII beyond the numeric customer id (used as the attribute key) and the four garage attributes listed in §3. We never read email, phone, address, or order history.
  • No price-list or B2B-pricing data. The catalog projection uses the default, public price. B2B tenants who need per-group pricing should keep the BC native experience for those line items.

5. Sub-processors

Catalog and telemetry data flow through these sub-processors on your behalf:

  • Cloudflare, Inc. — runs the BigCommerce Worker, the search edge cache, and the Tail Worker that ships structured logs to a Numinix-owned R2 bucket. All traffic from BC to Seekmodo terminates at Cloudflare in North America.
  • Numinix Software Solutions Ltd. — operates the Seekmodo gateway and its Postgres + Redis backing stores in a North American data centre. Backups are encrypted at rest with AES-256.
  • NHTSA vPIC (publicly-funded VIN decoder service) — VIN strings submitted via the optional shopper-side VIN-decode feature are sent to vpic.nhtsa.dot.gov to resolve to year/make/model. NHTSA does not receive any BigCommerce data alongside the VIN.

We do not send BigCommerce data to advertising networks, AI training providers, or third-party analytics platforms. The aggregate-cross-tenant relevance model described in /legal/privacy §7 runs entirely inside Numinix infrastructure.

6. Retention & uninstall

Uninstalling the app from your BigCommerce admin sends a store/app/uninstalled webhook to the Seekmodo Worker, which immediately:

  • Revokes the stored OAuth token (cannot be re-used).
  • Stops accepting new catalog or telemetry data from your store.
  • Schedules a 30-day soft-delete on your tenant's search index, telemetry, and configuration. During the soft-delete window the data is hidden from all reads but recoverable on request. After 30 days it is hard-deleted from primary stores; encrypted backups roll off within 90 days.

Customer attributes written under seekmodo.garage.* remain on your customer records after uninstall; you can delete them via the BC admin or via DELETE /v3/customers/attributes/values.

7. GDPR / CCPA shopper requests

If a shopper exercises a GDPR (EU/EEA) or CCPA (California) access or deletion right against your store, you can forward the request to [email protected] with the customer id, and we will action it against your tenant's telemetry and garage records within 30 days as required by both regulations. The Seekmodo data processing addendum (/legal/dpa) formalises Numinix's role as a processor of your BigCommerce data.

8. Security & compliance posture

  • All traffic between your store, the Seekmodo Worker, and the gateway is TLS 1.2+; weak ciphers are disabled.
  • OAuth tokens are encrypted at rest in the gateway and never logged.
  • The Worker is observable via per-invocation structured trace logs (R2-backed); operator access to those logs is two-factor and audit-logged.
  • Full security posture at /legal/security.

9. Contact

Data protection contact: [email protected]. Security disclosures: [email protected] (PGP key at /legal/security). Mailing address and DPO contact are on the Numinix corporate page (linked from /about).

10. Changes to this page

Material changes to BC scopes, sub-processors, or retention practices are posted here and emailed to merchants who have the app installed at least 14 days before they take effect. The BigCommerce listing's "Last updated" field is kept in lock-step with the EFFECTIVE date at the top of this page.