FAQs

To offer our new Image Monitoring feature, StoreLock requires additional access to your store's content and assets. Specifically, we need permission to read your product images, collection images, and related metadata so we can perform reverse image searches and detect unauthorized use across the web.

These updated permissions allow StoreLock to:

• Access your product and collection images - So you can select which images to monitor for unauthorized use
• Read product and collection metadata - To provide context and properly identify your images in infringement reports
• Store image fingerprints - To efficiently track your images across multiple scans without repeatedly downloading them
  ‍

Your privacy and security remain our top priority. StoreLock only accesses the specific data needed to protect your content. We never modify your products, collections, or store settings. We don't share your data with third parties except for the reverse image search service (Google Cloud Vision AI), which operates under strict confidentiality agreements.

If you have questions about these permissions or our data handling practices, please email us at hello@storelock.app.

StoreLock collects only the data necessary to provide copy protection and monitoring services for your store. Here's what we collect and why:

‍Data We Collect:

• Store domain and metadata - To identify your store and enable copy detection
• Copy incident data - When someone attempts to copy your content, we log the domain, timestamp, and type of copy attempt to alert you
• Product and collection images - For Image Monitoring, we access images you choose to monitor and create digital fingerprints for reverse image searches
• Alert email addresses - Email addresses you add to receive incident notifications
• App usage data - Basic analytics about how you use the app to improve our service
  ‍

Data We Do NOT Collect:

• Customer personal information or purchase data
• Payment or financial information
• Store passwords or authentication credentials
  ‍

How We Use Your Data: Your data is used solely to provide StoreLock's protection services. For Image Monitoring, we share selected images with Google Cloud Vision AI to perform reverse image searches, but this is done under strict confidentiality agreements. We never sell your data to third parties or use it for advertising purposes.

Data Retention: If you uninstall StoreLock, your configuration data and incident history will be deleted within 30 days. For more information about our privacy practices, please contact us at hello@storelock.app.

There are several ways to verify that StoreLock is protecting your store:

1. Check the App Embed Status:

Open the StoreLock app from your Shopify admin. At the top of the main settings page, you should see a banner indicating that "StoreLock is enabled on your store." If you see a warning banner instead, click the 'Enable StoreLock' button to activate protection.

2. Test Copy Protection (Incognito Mode):

Open your store in an incognito/private browser window (important: you must not be logged in to Shopify). Try to right-click on an image or select text on your product pages. If StoreLock is working, these actions should be blocked. You can also try keyboard shortcuts like Ctrl+C or Cmd+C to verify they're disabled.

3. Monitor Incident Reports:

If someone attempts to copy your store or if Image Monitoring finds your images elsewhere, you'll receive incident reports in the app dashboard and via email (if alert emails are configured). Check the 'Detections' section to see any detected attempts.

4. Verify Browser Compatibility:

StoreLock works on all modern browsers (Chrome, Firefox, Safari, Edge) and requires JavaScript to be enabled. If visitors have JavaScript disabled, the copy protection will not work for those users.

If you've verified all of these and still have concerns about whether StoreLock is working, please contact us a hello@storelock.app and we'll help diagnose any issues.

StoreLock's copy protection works on all modern web browsers and devices, including:

Supported Browsers:

• Google Chrome (desktop and mobile)
• Mozilla Firefox (desktop and mobile)
• Safari (desktop and mobile)
• Microsoft Edge
• Opera
• Brave

Supported Devices:

• Desktop computers (Windows, Mac, Linux)
• Mobile phones (iOS and Android)
• Tablets (iPad, Android tablets)

Requirements:

StoreLock requires JavaScript to be enabled in the visitor's browser to provide copy protection. Most users have JavaScript enabled by default, but if a visitor has disabled JavaScript or uses a text-only browser, the copy protection will not be active for that session.

Known Limitations:‍

StoreLock focuses on preventing casual copying by typical visitors. However, it cannot prevent determined users from using specialized tools like browser developer tools, screenshot software, or source code inspection. The app provides a strong deterrent against opportunistic copying while monitoring for more sophisticated theft attempts through the Fraudulent Store Detection and Image Monitoring features.

To add a team member to the alert email that is sent out when a copy incident is detect, simply navigate to the main settings page.

Find the 'Add Alert Emails' section, then click the 'Add Alert Email' at the top-right corner of the section. Enter the new email in the popup and click the 'Save' button.

If you're not receiving alert emails when copy incidents are detected, here are some common reasons and solutions:

1. Check your spam/junk folder: Alert emails from StoreLock may be filtered as spam by your email provider. Check your spam folder and mark StoreLock emails as "not spam" to ensure future emails reach your inbox.
2. Verify your email address: Make sure the email address you added to the alert emails list is correct and doesn't have any typos. You can check and update this in the main settings page under the 'Add Alert Emails' section.
3. No incidents detected yet: Alert emails are only sent when StoreLock detects a copy incident. If no incidents have been detected, you won't receive any emails. You can view past incidents in the 'Detections' section of the app.
4. Email provider blocking: Some corporate or institutional email providers have strict security filters that may block automated emails. Contact your IT department to whitelist emails from StoreLock (hello@ and legal@storelock.app).
   ‍

If you've checked all of these and still aren't receiving emails, please contact us at hello@storelock.app with your email address and we'll help troubleshoot the issue.

The message sent by StoreLock uses a legal template from Georgetown Law School containing the necessary information to begin the Digital Millenium Copyright Act (DMCA) takedown process.

If you would like to edit or add to this message, you may do so by typing in the box that is displayed when clicking the 'Send Takedown Request' button from the StoreLock app.

StoreLock provides strong protection against most normal attempts to copy from your site, but it's important to understand both what it can and cannot prevent:

What StoreLock CAN Prevent:

• Right-click context menus on images and text
• Text selection and highlighting
• Common keyboard shortcuts (Ctrl+C, Ctrl+A, etc.)
• Drag-and-drop of images
• Most casual copying attempts by typical visitors
  ‍

What StoreLock CANNOT Prevent:

• Screenshots: Visitors can take screenshots of your site using their device's screenshot tools
• Browser Developer Tools: Technical users can inspect page source code to access image URLs and text
• JavaScript Disabled: If a visitor disables JavaScript in their browser, StoreLock's protections won't load (though this is rare—most sites require JavaScript to function)
• Automated Scraping: Sophisticated bots can copy your entire site structure and content
  ‍

How StoreLock Compensates:

Because no copy protection is foolproof, StoreLock focuses on detection and response. The Fraudulent Store Detection feature monitors for automated site copying and full store clones, while Image Monitoring tracks your images across the web. When sophisticated copying is detected, StoreLock alerts you immediately and provides tools to send DMCA takedown notices.

Think of StoreLock as a multi-layer security system: it prevents casual theft, detects serious infringement, and gives you the tools to take action. We continuously monitor browser changes and update our protection methods to stay ahead of new copying techniques.

Sophisticated hackers can set up automated scripts to copy your entire website to show under a new domain relatively easily. In the event that a hacker does this, they will also copy StoreLock. It will prevent the site from being viewed on this new fake domain and alert you as soon as it is detected.

Additional routing domains are only used by Shopify stores built using Hydrogen, Shopify's headless commerce platform. If your Shopify store is built using this, and uses a routing domain in your Shopify settings, you must add it here. Additional authorized domains can also be used to allow speed or accessibility testing tools to bypass StoreLock's protections.

Image Monitoring is a premium StoreLock feature that searches the internet for unauthorized use of your product and collection images. Using reverse image search technology, it finds websites that have copied your images, whether they're selling counterfeits or using your photography without permission, and gives you the tools to take action.

The system uses Google Cloud Vision AI to perform reverse image searches across the web. It identifies both exact copies and visually similar versions of your images, even if they've been cropped, resized, or slightly modified. When matches are found, they're grouped by domain and analyzed to determine if the use is commercial (someone selling products).

When you first use Image Monitoring, you receive 25 free scans to try the feature at no additional cost. These free trial scans are automatically applied to your monitoring jobs, allowing you to test the service before incurring any usage charges.

For example, if you set up a monitoring job for 10 images to scan weekly (40 total scans per month), your first 25 scans will be free, and you'll only be charged $0.20 per scan for the remaining 15 scans ($3.00).

You can track your remaining free trial scans in the Image Monitoring dashboard. Once your free scans are used up, standard usage charges ($0.20 per scan) will apply to all future scans.

No. You choose exactly which images to monitor through a visual gallery interface. This lets you prioritize your most valuable or most-copied images while controlling costs. You can add or remove images from monitoring at any time.

You choose the scanning frequency for your monitored images: one-time, daily, weekly, or monthly. This gives you control over both coverage and cost—scan high-risk images more frequently and lower-priority images less often.

‍

You'll receive an incident report in your StoreLock dashboard. Each incident includes:

• The domain where your image was found
• WHOIS information (registrar, creation date, abuse contact)
• Evidence URLs for the page and the image itself
• Whether it's an exact or partial match
• Whether the use appears to be commercial (selling products) or other unauthorized use

Multiple image violations on the same domain are grouped together so you're not overwhelmed with separate alerts.

You can report abuse to the domain registrar and/or host from the 'Detections' page. Simply click to view an incident's details, then draft and send DMCA takedown notices directly from StoreLock's interface, just like you do for full site copy alerts. The notice is pre-populated with all the violation details—evidence URLs, image matches, and domain information—so you can review, customize if needed, and send it to the appropriate abuse contact.

After you send a DMCA takedown notice through StoreLock, the process typically follows these steps:

1. Initial Contact (1-3 days):

Your takedown notice is sent to the domain registrar's abuse contact email. Most registrars will acknowledge receipt within 1-3 business days, though some may not send a confirmation.

2. Investigation Period (3-10 days):

The registrar or hosting provider will investigate your claim and may contact the site owner to request they remove the infringing content. Under the DMCA, service providers are required to respond to valid takedown notices in a timely manner.

‍3. Resolution (varies):

If your claim is valid and properly submitted, the infringing content should be removed or the entire site may be taken down. However, response times vary significantly—some sites are removed within days, while others may take weeks. Unresponsive registrars or sites hosted in certain countries may not comply at all.

What StoreLock Does: StoreLock helps you draft and send the initial DMCA notice with all necessary legal information and evidence. However, StoreLock cannot guarantee that registrars will respond or comply, as this is outside our control.

What You Can Do:

• If you don't receive a response within 10 business days, you can send a follow-up notice
• For persistent infringers or non-responsive registrars, you may need to consult with an intellectual property attorney
• Keep records of all takedown notices sent and any responses received
• Consider sending notices to the site's hosting provider in addition to the domain registrar

If you have questions about the DMCA process or need assistance with a specific case, contact us at hello@storelock.app.

You can ignore specific domains (like authorized retailers or review sites) so they won't appear in future detections for any of your images. You can also ignore specific images entirely if you decide you don't want to track them anymore. All ignored items are managed in a dedicated tab where you can review and restore them if needed.

Fraudulent Store Detection monitors for websites that clone your entire store—copying your layout, product descriptions, and branding. Image Monitoring is more targeted: it tracks specific images across the entire web, regardless of whether the site looks anything like yours. Someone could steal one product photo for their own unrelated store, and Image Monitoring would catch it. The two features used together provides more comprehensive protection.

No tool can guarantee 100% coverage. Image Monitoring searches broadly using Google's Vision AI, but some uses may not be indexed or may be modified enough to evade detection. It's a powerful early warning system that catches most infringement, but it's not omniscient. Heavily altered images, images on sites that block crawlers, or very new sites may not appear immediately.

StoreLock Premium costs $4.99 per month and includes all protection features:

• Copy Protection - Prevents right-click, text selection, and keyboard shortcuts on your storefront
• Fraudulent Store Detection - Monitors for websites that clone your entire store
• DMCA Takedown Tools - Send legal takedown notices directly from the app
• Alert Emails - Get notified when incidents are detected
• Image Monitoring - Track your images across the web (usage-based charges apply)

Image Monitoring has additional usage-based charges of $0.20 per image scanned, with a $20 monthly spending cap by default to keep costs predictable.

You can manage your StoreLock subscription directly through your Shopify admin. To cancel or modify your subscription:

1. Open the StoreLock app from your Shopify admin
2. Click the menu icon (⋯) in the top right corner of the app
3. Select "Manage App"
4. From there, you can view your current subscription, adjust your Image Monitoring spending limit, or uninstall the app

If you uninstall StoreLock, your subscription will be canceled and you will no longer be charged. Your protection features will stop working immediately, and any active Image Monitoring jobs will be canceled. If you have any questions about billing or need help, please contact us at hello@storelock.app.

Domain squatting (also called cybersquatting or typosquatting) is when someone registers a domain name that looks similar to your store's domain in order to impersonate your brand, deceive your customers, or profit from your reputation. Examples include swapping letters (mystr0e.com), adding words (mystoreoutlet.com), or using a different extension (mystore.net when you own mystore.com).

StoreLock checks hundreds of variations of your store's domain across more than 15 detection techniques, including:

• Different domain extensions (.net, .shop, .store, .co, .org, and dozens more)
• Common prefixes and suffixes (my-, get-, -outlet, -official, -deals, etc.)
• Typos like transposed letters, doubled characters, or missing characters
• Keyboard-adjacent substitutions (letters near yours on a QWERTY keyboard)
• Lookalike characters (replacing "o" with "0", "l" with "1", etc.)
• Phonetic equivalents (replacing "ck" with "k", "ph" with "f", etc.)
• Unicode homoglyphs — characters from other alphabets that look identical to Latin letters

‍

StoreLock runs an automated scan for your store every night at 2:00 AM Eastern Time. You can also trigger a manual scan at any time from your StoreLock dashboard. Manual scans are limited to once per day and reset at midnight ET.

StoreLock scans your store's primary custom domain and any additional custom domains you've added in the Routing Domains section. Shopify's built-in .myshopify.com domain is never scanned, nor are system domains like Google Translate or Archive.org.

Findings are first reviewed by the StoreLock team to confirm they represent a real threat. Once approved, the domain is added to your Fraudulent Stores list and you receive an alert email. From there, you can send a takedown notice to the registrar or hosting provider directly from your StoreLock dashboard.

Automated DNS scans can produce false positives — legitimate sites that happen to have a similar domain name. Our review step filters these out so you only receive alerts about genuine impersonation threats, reducing noise and wasted time.

A typical scan checks several hundred domain variants and usually completes within a few minutes. You can watch live progress in the StoreLock dashboard while it runs.

No. Once a domain has been reviewed and marked as approved or rejected, it will not generate a new alert on future scans. If a domain is still pending review, its detection date will be updated but it will not be counted again.

Yes — domain squatter detection is included on all StoreLock subscription plans at no extra charge.

Once StoreLock adds the domain to your Fraudulent Stores list, you can send an automated abuse report to the domain's registrar and/or hosting provider directly from the Past Incidents page. StoreLock also submits confirmed cases to CleanDNS, an industry anti-abuse network, to accelerate takedown.

You can contact StoreLock support by emailing us at hello@storelock.app or using the contact form on our website..