Privacy Policy

CreditGuard stores only the data required to provide credit limit enforcement and payment tracking for your B2B Shopify store.

We store:

•Company and location identifiers (synced from your Shopify store)

•Credit limits and outstanding balances per company location

•Order amounts, order names, and payment due dates

•Payment behaviour statistics (on-time count, late count, average days late, consecutive streak)

•Blocked checkout attempt logs (auto-deleted after 90 days)

•Credit limit change audit logs (who changed it, when, old value, new value, and optional note)

We do not store:

•Buyer names, email addresses, or contact details

•Payment card details or financial account information

•Personally identifiable information beyond company and location names sourced from Shopify

Data stored by CreditGuard is used exclusively to provide the credit limit enforcement and payment tracking service. Specifically:

•Credit limits and balances are stored on Shopify metafields to power the checkout validation function

•Payment behaviour data is used to populate dashboard intelligence tables (Overdue Now, Consistently Late Payers, Strong Payers)

•Audit logs are maintained for your own reference and operational accountability

•Blocked attempt logs are used to display recent blocked checkout activity in the app

We do not sell, share, or use your data for advertising, marketing, or any purpose beyond providing the CreditGuard service.

We retain data as follows:

•**Active stores** — Data is retained for as long as CreditGuard is installed on your store.

•**Blocked attempt logs** — Automatically deleted after 90 days via a time-to-live index.

•**Post-uninstall** — After you uninstall CreditGuard, all your credit configuration data is retained for 30 days. If you reinstall within that window, your settings, limits, and balances are fully restored. After 30 days, all data is permanently and irreversibly deleted.

CreditGuard handles all mandatory Shopify GDPR webhooks:

•**customers/data_request** — If a customer requests a copy of their data, we will provide any information we hold relating to them.

•**customers/redact** — If a customer requests deletion of their data, we will delete all records we hold that are associated with them.

•**shop/redact** — After a store uninstalls and the 30-day retention period expires, we permanently delete all data associated with that store.

To submit a data request or deletion request, contact us at support@creditguard.app.

CreditGuard is built on MongoDB Atlas with encryption at rest and in transit. Access to production data is restricted to authorised personnel only. All communication between CreditGuard's servers and Shopify uses HTTPS with verified SSL certificates.

Shopify API credentials and webhook secrets are stored securely and never exposed to the client side.

When you uninstall CreditGuard:

•The checkout validation function is immediately removed — buyers can check out normally right away, regardless of their credit status.

•The payment customisation (which hid 'Pay on Account' for suspended accounts) is removed.

•Credit metafields remain on your Shopify company location records but are no longer enforced.

•CreditGuard retains your data for 30 days in case you reinstall. After that, it is permanently deleted.

If you have questions about this privacy policy, want to request access to your data, or want to request deletion of your data, contact us at:

support@creditguard.app