Security
How ProfitPilot protects merchant data, accounts, and operational access.
Data Encryption
Shopify tokens and sensitive records are encrypted at rest with AES-256. Traffic between browsers, Shopify, and ProfitPilot is protected with TLS 1.3.
Access Model
ProfitPilot is designed around read-only Shopify access for analytics and reporting. We do not modify store products, pricing, orders, or operational settings.
SOC 2 Readiness
Our internal controls are structured around documented policies for access, logging, retention, change management, and security review to support SOC 2 readiness.
Data Retention Policy
We retain operational data only as needed for analytics, reporting, compliance, and support. Tokens are revoked when a store disconnects, and retained records follow defined cleanup windows.
Incident Response
We maintain an incident response workflow for detection, containment, investigation, remediation, and merchant communication where required. Severity is triaged and reviewed after resolution.
Responsible Disclosure
If you identify a potential security issue, contact us privately so we can investigate quickly and coordinate a responsible fix before public disclosure.
Security contact
For security-related questions, incident coordination, or responsible disclosure, contact:
noreply@profitpilot.app