Script Sentinel — Privacy Policy

Last updated: 2026-04-29

Script Sentinel is a Shopify Plus regression-testing app for the Shopify Scripts to Shopify Functions migration. It is read-only against the merchant's store and does not modify discounts, scripts, functions, or checkout behavior.

What we process

• Order data from the last 60 days, accessed via the Shopify Admin API read_orders scope. Used to generate deduped cart fixtures (representative carts) for regression testing.
• Product, discount, location, and shipping configuration via the corresponding read-only scopes (read_products, read_discounts, read_locations, read_shipping) for classification and risk grading.
• Shopify Functions metadata (id, title, app, API type, API version) via the Admin GraphQL shopifyFunctions query. Used to attribute observed outputs to the deployed Function that produced them.
• Merchant-pasted Shopify Script source code, treated as untrusted text. Source is rendered as plain text and never executed.

What we do NOT store

Script Sentinel does not retain customer-identifying data. The fixture extractor strips the following fields from every order before persistence:

• Customer names, emails, and phone numbers
• Full shipping or billing addresses
• Customer IDs, account references, or any free-text customer notes

The only retained address fields are the ISO-2 country code and the first three characters of the postal code (uppercased, alphanumeric only) — enough signal to validate postcode-based shipping rules without uniquely identifying a household. Customer tags retained for B2B classification are filtered: any tag containing whitespace or email syntax is dropped.

Sub-processors

Script Sentinel runs on the following infrastructure:

• Shopify — for OAuth, billing, and Admin API access (the data source).
• The app hosting provider for the Script Sentinel app instance. Order data flows through this server transiently to produce fixtures; only deduped non-PII fixture rows are persisted to the app's database.

No third-party analytics, advertising, or marketing tools are loaded.

Retention

• Active install: data is retained while the app is installed.
• App uninstall: sessions are deleted immediately. The merchant's shop record is marked uninstalled but retained briefly so re-installs can detect prior history.
• GDPR shop redact: 48 hours after uninstall, Shopify fires the shop/redact webhook. Script Sentinel hard-deletes the shop record and every related row (scripts, fixtures, audit reports, function outputs, drift runs, regression runs, alerts, charges) cascades automatically.
• GDPR customer redact / data request: Script Sentinel does not store customer-identifying data, so these webhooks are acknowledged with a 200 response after a logged audit entry.

Audit reports

Generated Migration Risk Audit PDFs and their underlying snapshots are retained for 12 months from the audit purchase date so the merchant can re-download. Snapshots are tied to the merchant's purchase record and inherit its deletion lifecycle.

Your rights

If you are a Shopify merchant using Script Sentinel and want to request a data export or deletion outside of the standard GDPR flow, contact your Shopify Plus partner manager or open an issue on the Script Sentinel app listing.

Changes to this policy

Material changes will be reflected in the "Last updated" date above and announced in the app dashboard before they take effect.