FlowPort

High-volume Shopify operations

Public support, privacy, terms, and review resources for merchants and Shopify reviewers.

Privacy Policy

How FlowPort handles merchant and customer data.

This policy is written for Shopify app review and merchant due diligence. It describes the data categories used by the current FlowPort deployment and the controls around retention, artifacts, and deletion requests.

Privacy posture

Explain data use, storage boundaries, and compliance handling in plain language instead of legal fog.

Privacy pages for a Shopify app need to do real work: tell merchants what data is used, why it is used, where it is stored, and how redaction or access requests are handled.

Data purpose

Import, export, validation, artifact delivery

Artifact retention

7 days on the hosted stack

Privacy contact

dhookster@gmail.com

Purpose limitation

Installed-store data is used only for merchant-requested workflows supported by the app.

Compliance handling

Shopify compliance webhooks are verified and logged with minimal audit metadata.

Protected data posture

Customer and order access events are recorded to support review and incident response.

Data Use

Purpose limitation

FlowPort uses Shopify data only to power import, export, validation, queue coordination, and artifact delivery for the merchant that installs the app.

We process merchant configuration, job metadata, and the data needed to create import or export artifacts. We do not sell merchant or customer data and we do not use installed-store data for unrelated advertising or profiling.

Customer data is accessed only to perform the merchant-requested workflows supported by the app, such as customer imports, customer exports, and the validation reports attached to those jobs.

Storage

Where data is stored

The current production deployment uses managed AWS services.

PostgreSQL stores job state and Shopify installation records
S3-compatible object storage stores generated artifacts
Signed download links expire automatically
Artifact retention is currently set to 7 days on the hosted stack

Compliance

Deletion and data request handling

FlowPort exposes Shopify compliance webhook endpoints for data requests and redaction events.

We verify Shopify webhook HMAC signatures before accepting compliance requests. The app records a minimal audit log of compliance events so requests can be traced without retaining unnecessary payload data.

The hosted stack also records protected-data access events for customer and order job creation and protected artifact downloads. This supports operational review, retention controls, and incident investigation.

If you have a privacy inquiry, contact dhookster@gmail.com.

Contact

Privacy contact

Use this contact for privacy, deletion, and app-review questions.

Privacy email

dhookster@gmail.com