1) Overview
RiskMate is a Shopify app that helps merchants identify potentially risky orders using transparent, rule-based checks (for example: order amount thresholds, item count thresholds, and country mismatch signals).
RiskMate processes only the minimum data required to provide its functionality. RiskMate does not sell personal data and does not use Shopify data for advertising or marketing.
2) Data we access
Depending on the merchant’s configuration and granted scopes, RiskMate may access the following Shopify resources:
Orders (Admin API)
- Order identifiers (for example: order ID)
- Order totals and currency
- Order creation time
- Payment status (for example: paid / pending)
- Billing and shipping country (country-level only)
- Line item count / quantities (as needed for configured rules)
Customers (Admin API) – minimal identifiers
- Customer ID and/or customer creation time, strictly to determine whether an order is from a new vs. returning customer
3) How we use data
RiskMate uses Shopify data only for the purposes below:
- Analyze new or updated orders in near real time when webhooks are received
- Apply configured rule-based checks to compute a risk level (e.g., Low / Medium / High)
- Record which rules were triggered for transparency and auditability
- Add merchant-visible tags to orders (for example:
risk:high) and display a risk assessment in the app UI
RiskMate does not automatically contact customers. Final decisions about order handling remain with the merchant.
4) Legal basis and merchant authorization
The merchant authorizes RiskMate’s access to Shopify data during app installation through Shopify’s OAuth flow and the scopes granted. RiskMate uses the accessed data only as described in this policy and in the app’s functionality.
5) Data storage and retention
RiskMate stores limited risk evaluation records to provide app functionality (for example, to show the risk level, triggered rules, and evaluation time in the app).
- We retain stored data only as long as needed to provide the service to the merchant.
- When the app is uninstalled, RiskMate deletes stored merchant data related to the app’s functionality.
If you need earlier deletion or have questions about retention, contact us at riskmateapp@gmail.com.
6) Data sharing
RiskMate does not sell personal data. We do not share Shopify customer data with third parties for marketing or advertising.
We may use infrastructure providers (for example hosting and database services) to operate RiskMate. These providers process data only to deliver their services to us and are not permitted to use the data for their own purposes.
7) Security
Data transmitted between Shopify and RiskMate is encrypted in transit using HTTPS/TLS. We apply industry-standard safeguards designed to protect data stored by RiskMate. No method of transmission or storage is 100% secure, but we work to maintain appropriate technical and organizational measures.
8) Cookies and tracking
RiskMate does not use tracking cookies or advertising trackers. If cookies are used at all, they are limited to what is necessary for app functionality (for example, session/authentication required for an embedded Shopify app).
9) Subscription and billing
Billing for RiskMate is handled by Shopify (where applicable). RiskMate does not collect or store merchants’ payment card details.
10) International transfers
RiskMate may process and store data in locations where its service providers operate. We take steps to ensure appropriate safeguards are in place consistent with applicable data protection requirements.
11) Changes to this policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date.
12) Contact
If you have questions about this Privacy Policy or want to request deletion of stored data, contact: riskmateapp@gmail.com.