Security & Privacy Guarantee
How we protect your data
Read-Only Access Only
We request the minimum permissions needed.
Your Shopify API token: read_orders, read_analytics only.
We CANNOT modify your store, create orders, or change anything.
Free Scan — Zero Storage
When you run a Free Scan:
→ Your credentials are sent over HTTPS
→ Processed entirely in server memory (RAM)
→ Report generated and returned to you
→ All credentials deleted immediately
→ Nothing written to database
→ Nothing logged
Encrypted Storage (Paid Accounts)
For monthly subscribers who save connections:
→ AES-256-CBC encryption for all API tokens
→ Encryption key separate from database
→ Tokens never appear in logs
Infrastructure Security
→ Database: Neon PostgreSQL, EU Frankfurt (ISO 27001)
→ Hosting: Vercel (SOC 2 Type II certified)
→ All traffic: TLS 1.3 encrypted
→ No third-party analytics or tracking scripts
We Will Never:
❌ Sell your data
❌ Use your data for advertising
❌ Share your revenue data with competitors
❌ Modify anything in your Shopify store or ad accounts
Questions about security? team@calyxra.com