Privacy Policy

SymbioPulse stores only the account, store, report, webhook, and audit data required to provide commerce intelligence and operational review workflows.

Shopify access tokens, webhook secrets, and provider credentials are treated as secrets and must be stored in environment variables or encrypted application storage.

Customer or order data connected from Shopify should be used only for merchant-approved reporting, support, and compliance workflows. Shopify privacy webhooks for customer data requests, customer redaction, and shop redaction are HMAC verified, stored idempotently, and acknowledged by the application.

When Shopify sends a shop redaction request, SymbioPulse clears stored Shopify tokens and webhook state for that shop and marks the installation redacted.