Makr3D Shopify app: data handling

What we access

When you install the app and authorise it, Makr3D requests the minimum access needed to fulfil your orders:

• Orders(read): so we can fulfil the items you have mapped to Makr3D. This includes the protected customer fields needed to produce and deliver the parcel: the buyer's name and shipping address (to address and post it), phone (required by carriers and customs, especially for international delivery), and email (order and tracking contact).
• Products (read): so you can map your products to a Makr3D Print option.
• Fulfilment (write): so we can mark the order fulfilled and write the tracking number back to your Shopify order.

We do not access your customers list, themes, online store content, or payment details, and we do not request scopes beyond those above.

What we store

For each connected store we store an encrypted access token, your shop domain, your product mappings, and the orders routed to us for fulfilment (including the shipping address required to deliver them). Order data is retained for as long as needed to fulfil and support the order and to meet our legal and accounting obligations.

Billing

Makr3D fulfils physical goods, so fulfilment is billed directly by Makr3D rather than through Shopify billing. You add a payment method to your Makr3D account and are charged per order we fulfil.

Deletion and data requests

We honour Shopify's mandatory privacy webhooks. When you uninstall the app and request shop redaction, we delete your stored token and product mappings and stop processing your data. For a customer data request or customer redaction, we compile or delete the relevant stored data within 30 days. You can also email [email protected] at any time.

Security

Access tokens are encrypted at rest. All data is transmitted over TLS. Every Shopify webhook we receive is verified with an HMAC signature, and the embedded app verifies the Shopify session token on every request.