Skip to main content

Understanding Store Locator Data Usage & Scopes

Merchants, Compliance Teams, Developers, Privacy Teams

RP Promap Help Series

Store Locator Data Usage & Scopes

Understanding Store Locator Data Usage & Scopes

Last Updated: May 2026
Product: RP Promap / Store Locator
Audience: Merchants, Compliance Teams, Developers, Privacy Teams

Overview

The Store Locator app processes several categories of merchant, location, and customer interaction data in order to power locator functionality, analytics, imports, dealer submissions, and storefront integrations.

This article explains:

  • What data the Store Locator app collects

  • Why the data is processed

  • Where the data is stored

  • Which third-party services may process the data

  • Public API surfaces and integrations

  • Retention and access considerations

This document is intended to support operational transparency, internal reviews, and privacy/compliance assessments.

Regarding personal data (PII): Our Store Locator app does not collect or store end-user personal information such as names, email addresses, or phone numbers. The app only displays the merchant’s store list and does not require storefront visitors to log in or provide personal information.

Regarding location data:

  • If the merchant enables the “Find nearest store” feature, the app will ask the browser to request permission to access the visitor’s location. The browser always shows a confirmation popup, and the visitor can decline it.

  • If the visitor allows access, the coordinates are used to calculate the distance to the nearest stores via Google Maps API.

  • The coordinates may be recorded in an anonymized form, not linked to any specific account or individual, to generate heatmap analytics that help the merchant understand which areas visitors are searching from.

Google Maps: The app uses Google Maps API with each merchant’s own API key, so address/location processing is also subject to Google’s Privacy Policy.

In summary: the app does not process PII. Location data is only collected if the visitor gives permission, and it is stored anonymously for merchant analytics purposes.

Data Categories

1. Merchant Account & Tenancy Data

Examples of Data

  • Shop domain

  • Merchant email

  • Shop owner information

  • Store address

  • Country and timezone

  • Shopify access tokens

  • Plan and install status

Data Source

Collected through Shopify install and synchronization workflows.

Why It’s Used

This data allows the application to:

  • Authenticate merchant stores

  • Connect the app to Shopify

  • Manage billing and plan features

  • Support tenant-level configuration

  • Control publishing and installation state

Storage

Stored in:

  • shops

  • stores

Third-Party Processors

  • Shopify APIs

  • Brevo

  • Intercom

Retention Notes

  • Soft delete behavior exists for shop/store models

  • No automatic purge or TTL was identified

Access Scope

Available primarily through authenticated admin and API flows.

2. Store Location Master Data

Examples of Data

  • Store title and description

  • Address information

  • Latitude and longitude

  • Contact details

  • Operating hours

  • Tags and filters

  • Images and map markers

  • Share and priority settings

Data Source

Collected from:

  • Merchant admin UI

  • CSV imports

  • Dealer approval conversions

Why It’s Used

Used to:

  • Render locator maps and listings

  • Power location searches

  • Display business information

  • Generate storefront experiences

  • Provide directions and filtering

Storage

Stored in:

  • locations

Third-Party Processors

  • Google Maps Geocoding API

Retention Notes

  • Data is persistent until deleted

  • Single and bulk delete paths exist

Access Scope

  • Authenticated admin CRUD APIs

  • Public locator JSON endpoint for storefront delivery

3. Locator Configuration & UI Settings

Examples of Data

  • Google API keys

  • Radius and distance settings

  • Map style configuration

  • Feature toggles

  • Localization labels

  • Default map center

  • Display field settings

Why It’s Used

This configuration controls storefront behavior and map rendering.

Storage

Stored in:

  • settings

Third-Party Processors

  • Google Maps Platform APIs

Retention Notes

Long-lived configuration data with no explicit TTL identified.

Access Scope

Authenticated admin settings interfaces and APIs.

4. Customer Search History & Heatmap Data

Examples of Data

  • Country code

  • Search payloads

  • Dates and timestamps

  • Shop references

Why It’s Used

Used for:

  • Search analytics

  • Heatmaps

  • Geographic insight reporting

  • Dashboard reporting

Storage

Stored in:

  • customer_search_histories

Public Endpoint

POST /api/customer-search-history

Retention Notes

Date indexes exist, but no automatic purge scheduler was identified.

5. Engagement Metrics

Examples of Data

  • Click metrics

  • View metrics

  • Country codes

  • Interaction dates

Why It’s Used

Supports:

  • Dashboard analytics

  • Engagement reporting

  • Store performance analysis

Storage

Stored in:

  • metrics

  • Related tag metric tables

Public Endpoints

POST /api/metric POST /api/tag-metric-queue

Retention Notes

No explicit TTL or purge process identified.

6. Dealer & Stockist Submission Data

Examples of Data

  • Applicant information

  • Dealer/store details

  • Contact information

  • Submission status

  • Approval/rejection state

Why It’s Used

Supports:

  • Dealer application workflows

  • Approval moderation

  • Automatic location creation

  • Notification delivery

Storage

Stored in:

  • dealer_approvals

  • dealer_forms

  • submission_mail_queues

  • mail_queues

Public Endpoint

POST /api/dealer-approval

Third-Party Processors

  • Google Geocoding APIs

  • Email delivery services

Retention Notes

No automatic purge policy identified.

7. Import & Export Processing Data

Examples of Data

  • CSV upload paths

  • Import queue settings

  • Duplicate handling configuration

  • Import status flags

  • Exported location CSVs

Why It’s Used

Used for:

  • Bulk location imports

  • Queue processing

  • CSV exports

  • Migration workflows

Storage

Stored in:

  • file_upload_history

  • import_queues

  • Temporary storage paths

Third-Party Processors

  • Google Geocoding APIs

Retention Notes

Import history and queues persist unless manually removed.

8. API Key Diagnostics & Integration Checks

Examples of Data

  • API validation results

  • Integration diagnostics

  • Usage tracking

Why It’s Used

Supports:

  • Integration troubleshooting

  • API health checks

  • Usage monitoring

Storage

Stored in:

  • report_api_key

Access Scope

Authenticated settings and integration interfaces only.

9. Operational Telemetry & Error Monitoring

Examples of Data

  • Queue metadata

  • Runtime logs

  • Error tracking context

  • Alert payloads

Why It’s Used

Used for:

  • Reliability monitoring

  • Operational troubleshooting

  • Queue diagnostics

  • Alerting workflows

Third-Party Processors

  • Sentry

  • Slack webhooks

Retention Notes

Retention depends on infrastructure configuration.

Third-Party Services & Processors

The Store Locator platform may interact with the following external systems:

Google Maps Platform

Used for:

  • Geocoding

  • Maps rendering

  • Distance calculations

  • Autocomplete services

  • Geolocation services

Shopify APIs

Used for:

  • Merchant synchronization

  • Theme integration

  • Store metadata

  • Script and storefront operations

Brevo

Used for:

  • Merchant contact synchronization

  • CRM enrichment workflows

Intercom

Used for:

  • Merchant communication workflows

  • Contact tagging and enrichment

Email Delivery Providers

Depending on deployment configuration:

  • Mailgun

  • Amazon SES

  • SparkPost

  • SMTP providers

Slack Webhooks

Used optionally for:

  • Operational notifications

  • Logging alerts

  • Monitoring events

Security & Access Overview

The platform separates data access into:

  • Authenticated admin operations

  • Internal services

  • Public storefront APIs

Most sensitive operations require authenticated merchant or admin access.

Public endpoints are intentionally scoped for storefront integrations and analytics ingestion.

Retention Summary

The reviewed implementation indicates:

  • Persistent storage by default

  • Soft delete behavior in select models

  • Limited automated cleanup workflows

  • No global TTL or automatic purge policies identified in reviewed code

Organizations should review infrastructure-level retention settings separately.

Best Practices

To maintain operational and compliance readiness:

  • Regularly review stored dealer submissions

  • Rotate and monitor Google API keys

  • Restrict admin access appropriately

  • Audit public API usage periodically

  • Configure external logging retention policies

  • Review imported CSV datasets before upload

Additional Notes

This article reflects a code-level review of:

  • Models

  • Controllers

  • Services

  • Validators

  • Routes

  • Queue integrations

  • Import/export systems

It is intended as a technical and operational reference for merchants and implementation teams.

RP Promap Help Series

© Rose Perl Technology

Related Articles
Why are the stores not showing on my store locator page?
Why does the store locator display errors related to geocoding, such as "Unable to find address”?
RP Promap Store Locator – Import File Guide
How can I troubleshoot and resolve issues with the Store Locator feature?
How to resolve geocoding errors in the store locator feature?
Did this answer your question?