> Data Access

Locations Plus is designed with data security and privacy in mind. We maintain a strict policy of only requesting permissions that are essential for the app's functionality.

Shopify Access Scopes

The app requires specific permissions to manage your locations effectively. Here's what each permission is used for:

read_inventory

  • Purpose: View inventory levels at each location
  • Usage:
    • Display inventory information in location tables
    • Verify inventory status for fulfillment settings
    • No inventory data is stored by Locations Plus

write_fulfillments

  • Purpose: Configure fulfillment settings for locations
  • Usage:
    • Enable/disable online order fulfillment
    • Set up local pickup options
    • Configure delivery zones
    • Update fulfillment service settings

write_locations

  • Purpose: Manage store locations
  • Usage:
    • Create and update location information
    • Configure location settings
    • Manage location status (active/inactive)
    • Set up custom fields
    • Handle bulk location updates

write_shipping

  • Purpose: Configure shipping and delivery settings
  • Usage:
    • Set up local delivery zones
    • Configure pickup options
    • Manage shipping settings per location

Customer Data Policy

Locations Plus does not:

  • Store any customer data
  • Access customer personal information
  • Track customer behavior or preferences
  • Retain order details

Data Storage

The app only stores:

  • Location information (addresses, names, settings)
  • Custom field configurations
  • Location backup data (when enabled)
  • App settings and preferences

All data is stored securely within your Shopify store's metafields or through Shopify's official APIs.

Compliance Webhooks

We implement Shopify's compliance webhooks to handle:

  • Data requests (customers/data_request)
  • Customer data redaction (customers/redact)
  • Shop data redaction (shop/redact)

These webhooks ensure proper data handling when:

  • A customer requests their data
  • A customer requests data deletion
  • A merchant uninstalls the app

API Access

  • All API access is through Shopify's official APIs
  • We use secure, authenticated connections
  • API requests are rate-limited to prevent overuse
  • Access tokens are securely stored and managed

Security Measures

  1. Data Encryption
    • All data in transit is encrypted using HTTPS
    • Secure storage of access tokens
    • No sensitive data stored in logs
  2. Access Control
    • Role-based access within the app
    • Secure authentication through Shopify
    • Regular security audits
  3. Data Minimization
    • Only essential data is collected
    • Regular cleanup of unused data
    • No unnecessary data retention

Third-Party Services

Locations Plus uses the following third-party services:

  • Shopify API (core functionality)
  • Redis (caching and performance)
  • No other third-party data processors

Questions or Concerns

If you have questions about data access:

  • Contact our support team
  • Review our privacy policy
  • Submit a data access request through Shopify