Legal

Security

How we protect your data and your merchants' data — encryption, access controls, audit trails, incident response.

In review with legal counsel

We've drafted this document internally and it's currently with a qualified lawyer. We're deliberately not publishing unreviewed legalese — it creates real liability for us and doesn't protect you. The final version lands here as soon as review completes.

Meanwhile, the short version

We store what we need, nothing else. Shop data, merchant lifecycle events, and your team's audit trail. No cross-customer data sharing.
We don't send email ourselves. Your ESP does — we orchestrate. Your sender reputation stays yours.
GDPR + Shopify compliance is wired. Deletion webhooks, DSR access + erasure, per-shop encryption keys, configurable retention windows, INSERT-only audit log.
You own your data. Export any time from the compliance settings page. 30-day grace period after cancel, then hard delete.

← Back to home Email us a question