Legal

Privacy Policy

WRIT — Order Rules & MOQ for B2B · Last updated June 30, 2026

This Privacy Policy explains what data the WRIT — Order Rules & MOQ for B2B app ("the App", "we") accesses and how we use it when installed on a Shopify store. WRIT is built for data minimisation: it enforces B2B order rules and minimums at checkout without collecting customer personal information.

Data we store

  • Your shop domain — the .myshopify.com domain of the store the App is installed on, plus the Shopify access token needed to call the Admin API on your behalf.
  • B2B company identifiers — for each managed company, its Shopify Company GID and display name, used to key the order rules to the right company.
  • Buyer identifiers — where you configure a per-buyer override, the buyer's Shopify Customer GID and an optional display label you enter. We do not store customer names, emails, phone numbers, or addresses.
  • Rule configuration — the order rules you set: minimum order value, maximum order value (integer cents), minimum item quantity, currency, and product case-pack sizes.
  • Audit log — an append-only record of rule, buyer-override, case-pack, company-import and settings changes, with the actor and timestamp.

We request the minimum scopes needed (read_companies, write_companies, read_products, write_products, read_validations, write_validations). The checkout gate is a Shopify Function that reads the rule values from metafields at checkout — we do not receive or store order contents, and we do not request access to customer profiles.

How we use it

Solely to provide the App's function: resolving your per-company and per-buyer order rules, writing the effective rule values to metafields on your store, and enforcing minimum/maximum order value, minimum item quantity, and per-product case-pack multiples at checkout. We do not sell data or use it for advertising.

Where it is stored

Configuration, buyer overrides, case-pack settings, and audit logs are stored in our application database (managed PostgreSQL, encrypted at rest and in transit). The resolved company rule state and product case-size values are written to metafields stored on your Shopify store. Money is stored as integer cents.

Retention & deletion

We honor Shopify's mandatory compliance webhooks. On app uninstall and on a shop/redact request, all of your shop's data we hold (configuration, company rules, buyer overrides, case-pack settings, audit log, and the stored access token) is permanently deleted. On a customers/redact request we delete any per-buyer override keyed to that customer and re-sync the affected companies. We also honor customers/data_request.

Sub-processors

WRIT runs on Shopify (platform & APIs) and a managed cloud database/host. We do not share your data with third parties for their own purposes.

Contact

For privacy requests, contact briano@worqflow.org.