Legal

Privacy Policy

Effective date: February 27, 2026 · Applies to the Fulfillment Risk Monitor Shopify app

Overview

Fulfillment Risk Monitor ("the app", "we", "us") is a Shopify embedded app that monitors fulfillment workflows and surfaces at-risk orders before customers are affected. This policy explains what data we access, how we store and use it, and what controls you have as a merchant.

We are committed to collecting only the minimum data needed to deliver the service. We do not collect, store, or process customer personal information such as names, addresses, email addresses, or payment details.

Data We Collect

When you install the app, we request OAuth access to your Shopify store. We use that access to read the following data:

Category	Fields stored	Purpose
Orders	Order ID, order number, created/updated/cancelled timestamps, financial status, fulfillment status, total price, currency	Risk evaluation — detecting unfulfilled or delayed orders
Fulfillments	Fulfillment ID, status, tracking number, tracking company, tracking URL, location ID, created/updated timestamps	Tracking coverage checks and partial-fulfillment detection
Fulfillment Orders	Fulfillment order ID, status, hold reason, assigned location ID, responsibility type (merchant vs. 3PL)	Detecting blocked or on-hold fulfillment flows and routing risks to the correct source
Locations	Location ID, name, fulfillment service flag, address fields	Grouping orders by fulfillment source for threshold configuration and analytics
Shop settings	Shopify store domain, store timezone, merchant-configured risk thresholds, notification preferences (email address, Slack webhook URL)	Personalising risk thresholds and delivering alert notifications
OAuth sessions	Shopify session token, access token, shop domain, scopes	Authenticating API requests made on behalf of your store

What we do NOT collect

Customer names, email addresses, phone numbers, or mailing addresses
Payment or card details of any kind
Product descriptions, pricing, or catalog data
Customer browsing or behaviour data
Any data from stores where the app is not installed

How We Use Your Data

Risk detection — order and fulfillment records are evaluated every 30 minutes against your configured thresholds to identify delayed, blocked, partial, or tracking-missing risks.
Notifications — when a new risk is detected, we send an alert to the email address and/or Slack webhook you configured in Settings. We use AWS Simple Email Service (SES) for email delivery.
Analytics — aggregated, non-personal metrics (risk counts, SLA rates, fulfillment source performance) are pre-computed and stored to power the Analytics dashboard.
Historical sync — on initial install, we backfill up to 60 days of order history to establish a baseline for risk evaluation and threshold suggestions.
Threshold recommendations — we analyse your historical fulfillment patterns to suggest appropriate risk thresholds for your store. This analysis is performed entirely within our infrastructure using your data; it is not shared.

We do not use your data for advertising, profiling, or any purpose outside of operating the app features described above.

Data Storage & Security

Where data is stored

All data is stored in Amazon Web Services (AWS) infrastructure in the US East (N. Virginia) region. We use Amazon DynamoDB for structured data storage and AWS Lambda for serverless compute. Data is encrypted at rest and in transit (TLS 1.2+).

Retention

Order & fulfillment records — retained while your store has the app installed. Records for orders older than 90 days that carry no active risk are eligible for removal during periodic cleanup.
Risk records & analytics — retained while the app is installed to support historical reporting.
OAuth session tokens — retained while the app is installed and active. Revoked immediately upon uninstall.
After uninstall — we begin deletion of all store data within 48 hours of receiving the app/uninstalled webhook from Shopify.

Access controls

Access to production data is restricted to authorised personnel only, governed by AWS IAM policies with least-privilege principles. We do not have standing access to your Shopify admin or store data outside of the OAuth scopes granted during install.

Third-Party Services

Service	Provider	Purpose	Data shared
Cloud infrastructure	Amazon Web Services (AWS)	Hosting, storage, and compute	All app data (stored in AWS)
Email delivery	AWS Simple Email Service (SES)	Sending risk alert emails	Risk summary content and your configured notification email address
Slack notifications	Slack Technologies (optional)	Sending risk alerts to your Slack channel	Risk summary content, sent to the webhook URL you provide. We do not store Slack user data.
Shopify platform	Shopify Inc.	Source of order and fulfillment data via API	OAuth credentials; data is pulled from Shopify, not pushed to them by us

We do not sell, rent, or share your data with any third party for marketing, advertising, or commercial purposes.

Shopify Access Scopes Requested

During installation, we request the following Shopify API scopes. Each scope is used only for the purpose stated.

Scope	Why it's needed
`read_orders`	Fetch order status, timestamps, and financial/fulfillment state for risk evaluation and historical sync
`read_fulfillments`	Fetch fulfillment records including tracking information to detect missing-tracking risks
`read_locations`	Fetch store locations to group fulfillment sources and power per-location threshold configuration
`read_inventory`	Reserved for a planned feature to surface inventory availability context alongside delay risks (not currently active)
`read_merchant_managed_fulfillment_orders`	Receive webhook events for merchant-managed fulfillment orders (holds, routing, acceptance)
`read_assigned_fulfillment_orders`	Receive webhook events for fulfillment orders assigned to fulfillment services
`read_third_party_fulfillment_orders`	Receive webhook events for third-party (3PL) managed fulfillment orders

Your Rights & Controls

Data deletion — uninstalling the app from your Shopify admin triggers immediate revocation of access and deletion of all associated store data within 48 hours.
Data access — you can request a summary of data we hold for your store by contacting us at the address below.
Notification opt-out — you can disable email and/or Slack notifications at any time from the app's Settings page without affecting risk monitoring.
Threshold control — all risk thresholds are configurable by you from Settings. You can also disable risk evaluation for specific fulfillment sources.

Additional Notes

Children's privacy

The app is a business tool intended for Shopify merchants. We do not knowingly collect data from individuals under the age of 13.

Policy changes

We may update this policy from time to time. Material changes will be communicated through the app or via the email address on your shop account. Continued use of the app after a change constitutes acceptance of the updated policy.

Governing law

This policy is governed by applicable law in the jurisdiction where we operate. If you have questions about GDPR, CCPA, or other regional privacy rights, please contact us directly.

Contact Us

Questions, data requests, or concerns about this privacy policy can be sent to:

Fulfillment Risk Monitor
Email: admin@buildensity.app

We aim to respond to all privacy-related inquiries within 5 business days.