Legal
Privacy Policy
WRIT — Order Rules & MOQ for B2B · Last updated June 30, 2026
This Privacy Policy explains what data the WRIT — Order Rules & MOQ for B2B app ("the App", "we") accesses and how we use it when installed on a Shopify store. WRIT is built for data minimisation: it enforces B2B order rules and minimums at checkout without collecting customer personal information.
Data we store
- Your shop domain — the
.myshopify.comdomain of the store the App is installed on, plus the Shopify access token needed to call the Admin API on your behalf. - B2B company identifiers — for each managed company, its Shopify Company GID and display name, used to key the order rules to the right company.
- Buyer identifiers — where you configure a per-buyer override, the buyer's Shopify Customer GID and an optional display label you enter. We do not store customer names, emails, phone numbers, or addresses.
- Rule configuration — the order rules you set: minimum order value, maximum order value (integer cents), minimum item quantity, currency, and product case-pack sizes.
- Audit log — an append-only record of rule, buyer-override, case-pack, company-import and settings changes, with the actor and timestamp.
We request the minimum scopes needed (read_companies, write_companies, read_products, write_products, read_validations, write_validations). The checkout gate is a Shopify Function that reads the rule values from metafields at checkout — we do not receive or store order contents, and we do not request access to customer profiles.
How we use it
Solely to provide the App's function: resolving your per-company and per-buyer order rules, writing the effective rule values to metafields on your store, and enforcing minimum/maximum order value, minimum item quantity, and per-product case-pack multiples at checkout. We do not sell data or use it for advertising.
Where it is stored
Configuration, buyer overrides, case-pack settings, and audit logs are stored in our application database (managed PostgreSQL, encrypted at rest and in transit). The resolved company rule state and product case-size values are written to metafields stored on your Shopify store. Money is stored as integer cents.
Retention & deletion
We honor Shopify's mandatory compliance webhooks. On app uninstall and on a shop/redact request, all of your shop's data we hold (configuration, company rules, buyer overrides, case-pack settings, audit log, and the stored access token) is permanently deleted. On a customers/redact request we delete any per-buyer override keyed to that customer and re-sync the affected companies. We also honor customers/data_request.
Sub-processors
WRIT runs on Shopify (platform & APIs) and a managed cloud database/host. We do not share your data with third parties for their own purposes.
Contact
For privacy requests, contact briano@worqflow.org.