Privacy Policy
Privacy contact: [email protected]
1. Who this policy covers
This policy describes how UnFraudFilter ("we", "us", "the App") handles data when a Shopify merchant ("you", "the Merchant") installs and uses our app on a Shopify store. It also describes how we handle limited information about end customers ("Customers") whose orders the App scores.
We are not the system of record for any order. Shopify is. We are a sidecar service that reads order data the Merchant authorizes us to access, scores it for fraud risk, and writes back tags, notes, or cancellation instructions.
2. What data we receive
When a Merchant installs the App, they grant us a Shopify access token scoped to:
read_orders— order data, payment results, addresses, line itemswrite_orders— apply tags, notes, and cancel ordersread_customers— customer creation date and aggregate purchase history
For every order placed on the Merchant's store after install, we receive a webhook from Shopify and pull the following from Shopify's GraphQL Admin API:
- Shopify order ID
- Order total and currency
- Customer email address
- Customer account creation date
- IP address used to place the order
- Country codes for billing and shipping addresses (not full addresses)
- Card BIN (first 6 digits — never the full PAN, never the CVV)
- AVS and CVV result codes from the payment processor
- Line item quantities and SKUs
We do not receive or store:
- Full credit card numbers
- CVV / security codes
- Customer postal addresses (only country codes)
- Customer names (we don't query them)
- Order notes the customer or merchant entered
3. What we do with it
For each order, we:
- Run a deterministic rule engine using the Merchant's chosen signal configuration.
- Compute a final fraud risk score (0–100) and a band (low / medium / high).
- If the Merchant has configured an automatic action (cancel, hold, or verify-by-email) for that band, we instruct Shopify to perform it.
- Persist the score, the signals that fired, the chosen action, and the order ID in our database for 90 days.
We do not sell, share, or transfer any Merchant or Customer data to third parties for marketing, advertising, or analytics purposes.
4. Where data is stored
The app and its database are hosted on cloud infrastructure located in the United States. All data in transit is TLS-encrypted. Data at rest is encrypted by the hosting provider.
5. How long we keep it
| Data | Retention |
|---|---|
| ScoreHistory rows (order ID, signals, score, action) | 90 days, then automatically deleted |
| Customer email and IP address (used for velocity scoring) | 90 days, automatically deleted with the ScoreHistory row |
| ShopConfig (your settings, thresholds, custom rules) | For the lifetime of your install + up to 48 hours after uninstall |
| Shopify session tokens | For the lifetime of your install; deleted immediately on app/uninstalled |
6. Sub-processors
We use the following service providers to operate the App. Each handles a specific function and does not have access to data outside that function.
| Sub-processor | Function | Location |
|---|---|---|
| Shopify | Source of order/customer data; recipient of action instructions | Global |
| Cloud hosting provider | App and database hosting | United States |
We do not use any LLM provider, AI model API, or third-party analytics service in the core scoring pipeline. All scoring is performed by deterministic code we control.
If we ever add a sub-processor for any future feature, we will update this list at least 30 days before the change goes into effect.
7. What we deliberately don't track
The Shopify App Store dashboard lets app developers attach third-party tracking to their listing and install funnel. We have left every one of those fields blank:
- No Google Analytics. No Measurement ID, no API Secret. Listing page views and install conversions are not reported to Google.
- No Google remarketing. No conversion ID. Visitors to our App Store listing are not added to a Google ad audience.
- No Facebook Pixel. No Pixel ID, no Access Token. Visitors are not added to a Meta ad audience.
The same applies elsewhere in our product:
- This site (unfraudfilter.com) loads no analytics SDK, no tag manager, no session-replay or heatmap script.
- Inside the Shopify admin, the app itself does not collect usage telemetry for marketing or ad-targeting purposes.
Shopify permits all of the above and most apps in the App Store use at least one of them. We don't, because measuring you in order to remarket to you is inconsistent with selling a transparent, deterministic product.
8. Customer rights (GDPR / CCPA / similar)
Customers whose order data was processed by the App may exercise the following rights through the Merchant:
- Access: request a copy of any data we hold about them
- Deletion: request deletion of their data
- Portability: request the data in a portable format
Shopify provides standardized webhooks (customers/data_request and customers/redact) that the Merchant's customer-facing privacy flow can invoke. When these webhooks arrive, we honor them within Shopify's required timelines (30 days for access, 10 days for deletion).
Merchant uninstall: when a Merchant uninstalls the App, Shopify sends us a shop/redact webhook 48 hours later. At that point we delete all data associated with the Merchant's shop.
9. Security
- TLS 1.2+ for all data in transit
- Database encryption at rest
- HMAC verification on every Shopify webhook
- Access tokens stored encrypted in the database
- Production access limited to listed engineers; reviewed quarterly
- No data exported off the production environment except by the GDPR data-request flow
We have not undergone SOC 2 audit at this time. If our business reaches a scale where it is required, we will pursue it.
10. International transfers
The app and database are hosted in the United States. Order data is processed there regardless of where the Customer placed the order. Merchants operating in jurisdictions with cross-border data transfer rules (EU, UK, and others) are responsible for disclosing this transfer in their own customer-facing privacy notice and ensuring their use of the App complies with those local rules.
11. Changes to this policy
We will notify Merchants in writing (via the contact email associated with their Shopify account, and via a public changelog on this site) at least 30 days before any material change to this policy.
12. Contact
Privacy questions, data requests, or complaints: [email protected]
For Shopify-mediated requests, use the Shopify privacy webhooks documented at shopify.dev/docs/apps/build/privacy-law-compliance.