Privacy Policy
Last updated: March 18, 2026
ShieldFlow ("we", "our", "us") is a Shopify application that provides AI-powered checkout fraud protection.
This Privacy Policy describes how we collect, use, and protect information when you install and use
ShieldFlow.
1 Information We Collect
From Your Shopify Store
- Store information: Shop domain, plan type
- Checkout data: Email addresses, IP addresses, cart contents, and timestamps associated with checkout events
- Order data: Order IDs, order status, and cancellation information
Generated by ShieldFlow
- Device fingerprints: Anonymous browser fingerprints used to identify unique devices
- Fraud scores: Risk scores calculated by our AI detection engine
- Detection logs: Records of which fraud rules were triggered
2 How We Use Your Information
We use collected information solely for:
- Fraud detection: Analyzing checkout patterns to identify and block suspicious activity
- Protection logs: Displaying checkout events and verdicts in your ShieldFlow dashboard
- Analytics: Aggregating statistics about blocked threats and money saved
- Email notifications: Sending fraud alerts to your configured notification email
- Service improvement: Improving our fraud detection algorithms
3 Data Sharing
We do not sell, rent, or share your data with third parties, except:
- Shopify: We interact with Shopify's APIs to manage orders and subscriptions
- IP Geolocation: We query ip-api.com with customer IP addresses for country detection (no personally identifiable information is shared)
- Email platforms: If you enable Klaviyo/Mailchimp integration, we interact with those APIs to clean fake profiles
4 Data Retention
- Checkout events: Retained for 90 days, then automatically deleted
- Daily statistics: Retained for 1 year (aggregated, non-personal)
- Shop settings: Retained while the app is installed
- On uninstall: All shop data is deleted within 48 hours per Shopify's GDPR requirements
5 Data Security
- API keys are encrypted at rest using AES-256 encryption
- All data is transmitted over HTTPS
- We use Shopify's session token authentication
- Database access is restricted to authorized services only
6 GDPR Compliance
We comply with GDPR and Shopify's mandatory data protection requirements:
- Data access requests: We respond to customer data requests via Shopify's compliance webhooks
- Data deletion: We delete or anonymize customer data upon request via Shopify's redaction webhooks
- Data portability: Contact us to request an export of your data
7 Your Rights
You have the right to:
- Access the personal data we hold about your store's customers
- Request deletion of all data by uninstalling the app
- Configure what data is collected via ShieldFlow settings
- Opt out of email notifications at any time
8 Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes through the ShieldFlow dashboard.
9 Contact Us
For privacy-related questions or data requests: