Security

Your store's data, handled with care.

We keep our security story simple and honest: read-only access, encryption in transit, GDPR-compliant data handling, and no selling of your data.

Read-only access

Statty AI requests only read-only Shopify permissions — for your orders, customers, products, inventory, fulfillments and returns. The app reads your data to build analytics; it does not modify your store.

Encrypted in transit

All data moves between Shopify, our servers and your browser over encrypted HTTPS/TLS connections. Sensitive application secrets are stored encrypted at rest.

GDPR data webhooks

We implement Shopify's mandatory privacy webhooks — customer data-request, customer redaction and shop redaction — so data-access and deletion requests are honoured.

Delete anytime

Uninstall Statty AI from your Shopify admin at any time. When you uninstall, we stop syncing your store and your associated data is removed in line with our data-retention practices.

Least-privilege access

Access to production systems is limited to the people who operate the service, and authentication to your dashboard is protected with secure, token-based sessions.

No selling of your data

We do not sell your store or customer data, and we don't share it with third parties for advertising. Your data is used to power your analytics — nothing else.

Your rights

You stay in control of your data

You can request access to, or deletion of, the data associated with your store at any time — directly through Shopify's privacy tools or by contacting us. For full detail on what we collect and why, see our Privacy Policy.

Security FAQ

Straight answers on security.

What Shopify permissions does Statty AI use?
Read-only scopes only: read access to products, orders, customers, inventory, fulfillments, draft orders and returns. Statty AI never requests write access to your store.
How is my data protected in transit?
Every connection between your browser, our API and Shopify uses HTTPS/TLS encryption. Application secrets such as API keys are encrypted at rest.
What happens to my data if I uninstall?
Uninstalling from your Shopify admin immediately stops all syncing. Your data is then removed in line with our retention practices, and Shopify's shop-redaction webhook is honoured.
Do you hold formal security certifications?
Statty AI is a young product and we don't claim certifications we haven't earned. Rather than list badges, we're transparent about exactly what we do: read-only access, encryption in transit, GDPR webhooks, and no selling of your data. If you have a specific compliance requirement, get in touch.

Have a security question?

We're happy to walk through exactly how Statty AI handles your data.