Privacy Policy
Privacy Policy
Last Updated: January 2026
FraudFighter (“we”, “our”, or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard information when you use our Shopify application.
1. Information We Collect
Merchant Account Information (Stored)
When you install FraudFighter, we collect and store:
- Your Shopify shop domain
- OAuth authentication tokens (stored securely)
- Basic user information for authentication (name, email of the user who installed the app)
- Permission scopes granted to the app
Customer Information (Processed, Not Stored)
Important: FraudFighter does NOT store customer personal information in our database.
When orders are created in your store, we temporarily process:
- Customer email addresses - checked against known fraud patterns (specifically the
buyforme.amazondomain) - Order identifiers - used to tag or cancel fraudulent orders
This information is processed in memory only and is not persisted to any database or storage system.
App Settings (Stored via Shopify)
Your FraudFighter configuration settings are stored as Shopify metafields on your shop, which means they are managed by Shopify’s infrastructure:
- Order tagging preferences
- Order cancellation preferences
- Custom tag names
- Robots meta tag settings
2. How We Use Your Information
We use the collected information for the following purposes:
- Authentication: To verify your identity and maintain your session
- Fraud Detection: To identify and block Amazon “Buy for Me” orders by checking customer email patterns
- Order Management: To tag or cancel orders identified as fraudulent based on your settings
- App Functionality: To provide and maintain the FraudFighter service
3. Data Retention
- Merchant Session Data: Retained while the app is installed. Automatically deleted within 48 hours after you uninstall the app.
- Customer Data: Not retained. Processed in real-time and immediately discarded.
- App Settings: Stored as Shopify metafields and managed according to Shopify’s data retention policies.
4. Data Sharing
We do not sell, trade, or otherwise transfer your information to third parties. Your data is used solely for providing the FraudFighter service.
We may disclose information if required by law or to protect our rights, property, or safety.
5. Data Security
We implement appropriate security measures to protect your information:
- All data is transmitted over HTTPS (encrypted in transit)
- OAuth tokens are stored securely
- We follow Shopify’s security best practices
- No customer personally identifiable information (PII) is stored in our systems
6. Your Rights
You have the right to:
- Access: Request information about what data we hold about you
- Deletion: Request deletion of your data by uninstalling the app (data is automatically deleted within 48 hours)
- Opt-out: Disable specific features (order tagging, cancellation) through the app settings
7. GDPR Compliance (European Users)
For users in the European Economic Area (EEA), we comply with GDPR requirements:
- We process data based on legitimate interest (fraud prevention) and contractual necessity
- We implement mandatory compliance webhooks to handle data access and deletion requests
- You may exercise your rights by contacting us at the email below
8. CCPA/CPRA Compliance (California Users)
For California residents, we comply with CCPA and CPRA requirements:
- We do not sell personal information
- You have the right to know what personal information we collect
- You have the right to request deletion of your personal information
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by updating the “Last Updated” date at the top of this page.
10. Contact Us
If you have any questions about this Privacy Policy or our data practices, please contact us at:
Email: alan.gibson@skylab.ltd