Privacy Policy
Last updated: 2026-05-23
Marginflow ("we", "us") is a profit analytics tool for ecommerce merchants. This policy explains what data we collect, how we use it, and your rights. By installing or using the app you agree to this policy.
1. Data we collect
When a merchant installs Marginflow, we receive from Shopify:
- Store domain, name, email, country, currency, and Shopify plan
- Product data (titles, SKUs, prices, cost per item, inventory) — used to calculate margins
- Order data (totals, line items, discounts, refunds, payment fees) — used to aggregate revenue, COGS, and profit
We do not request or store customer-identifying information (names, emails, shipping addresses) from your orders. We aggregate order data per SKU and per day; individual customer records are not retained.
Account settings you enter (margin threshold, profit goal, business name, notification preferences, manual expenses) are stored against your store record.
2. How we use it
- Calculate profit margins, KPIs, and trends shown in the dashboard
- Generate AI-assisted insights (Pro plan only) by sending aggregated, non-personal metrics to Anthropic's Claude API
- Send push notifications about your store (if you enable them)
- Process subscription billing via Shopify's Billing API
3. Storage and security
- Data is stored in Cloudflare D1 (SQLite at the edge), hosted in Cloudflare's global network.
- Shopify access tokens are encrypted at rest using AES-GCM 256-bit before being written to the database.
- Sessions are signed cookies (HMAC-SHA256) with a 30-day TTL, marked HttpOnly + Secure + SameSite=Lax.
- All traffic is served over HTTPS (TLS 1.2+).
4. Third-party services
- Shopify — source of all merchant + store data, processes subscription billing.
- Cloudflare — hosting, edge database, CDN.
- Anthropic — receives aggregated metrics to generate AI insights (Pro plan only). No customer PII is sent.
5. GDPR / data deletion
We comply with Shopify's mandatory GDPR webhooks:
customers/data_request— we do not store customer PII; we acknowledge requests and confirm no data to return.customers/redact— we have nothing to redact for individual customers.shop/redact— fires ~48 hours after a merchant uninstalls the app. We hard-delete the shop record and all associated preferences, expenses, and subscription data.
You can request deletion at any time by uninstalling the app from your Shopify admin or emailing support@marginflow.uk.
6. Push notifications
If you enable notifications in Settings, we store the subscription endpoint provided by your browser/OS so we can deliver alerts. You can revoke permission at any time from your browser or in Settings.
7. Your rights
Under GDPR, CCPA, and similar regulations you have the right to access, correct, export, or delete your data. Contact us at support@marginflow.uk and we will respond within 30 days.
8. Changes
We'll update this page when our practices change and notify active merchants via in-app alert. Material changes will require re-consent.
Contact
Questions: support@marginflow.uk