Trust

Security

How ProfitPilot protects merchant data, accounts, and operational access.

Data Encryption

Shopify tokens and sensitive records are encrypted at rest with AES-256. Traffic between browsers, Shopify, and ProfitPilot is protected with TLS 1.3.

Access Model

ProfitPilot is designed around read-only Shopify access for analytics and reporting. We do not modify store products, pricing, orders, or operational settings.

Webhook Verification

Incoming Shopify webhooks are verified before ProfitPilot processes them.

Data Retention Policy

We retain operational data only as needed for analytics, reporting, compliance, and support. Tokens are revoked when a store disconnects, and retained records follow defined cleanup windows.

Store Disconnect Handling

When a store disconnects, ProfitPilot revokes access tokens and applies its retained-data cleanup rules.

Responsible Disclosure

If you identify a potential security issue, contact us privately so we can investigate quickly and coordinate a responsible fix before public disclosure.

Security contact

For security-related questions, incident coordination, or responsible disclosure, contact:

no-reply@profit-pilot.io