FraudFlag
Legal

Privacy Policy

Last updated: 4 May 2026

This document describes how FraudFlag ("we", "us", or "our") collects, uses, and protects information when you ("the merchant") use the FraudFlag Shopify app ("the Service").

FraudFlag is operated by FraudFlag Ltd, located at Peaceland Estate, Lagos, Nigeria.

This Privacy Policy, together with our Terms of Service, constitutes our data-protection agreement with you. By installing FraudFlag you agree to its terms.

1. What we collect

When you install FraudFlag we receive, via the Shopify APIs and webhooks:

  • Your shop domain, shop billing country, and shop currency.
  • For every order placed after installation: order ID, order name, total price and currency, customer email, customer name, phone, billing and shipping addresses (country code plus street-level detail where relevant to scoring), shipping method, fraud-analysis messages Shopify attached to the order, and the customer's Shopify order-history count.

We also store the following information you enter directly:

  • The email address you nominate for FraudFlag alerts.
  • The list of email domains you block.
  • Your alert preferences (which risk levels trigger emails; the medium-risk threshold).

2. How we use it

We process the minimum personal data required to score orders and notify you about risky ones. Use is strictly limited to the purposes below:

  • Score each new order against our risk-signal library and present the result to you in the FraudFlag admin UI.
  • Send email alerts for orders that meet thresholds you have explicitly enabled.
  • Send the optional Monday-morning digest summarising the previous week.
  • Show aggregated counts and values in your FraudFlag dashboard.

We do not use your data for any other purpose. We do not profile individual shoppers, do not use your data to train machine-learning models, and do not sell your data.

3. Who we share it with

We share data only with:

  • Shopify — source of the data; access is governed by the scopes you approved at installation.
  • Railway (our hosting provider) — hosts the operational database and servers that run FraudFlag.
  • Resend (our email provider) — receives only the recipient email, subject, and body of alerts you have enabled.

We do not share data with advertisers, analytics providers, or any party outside the processors listed above.

International data transfers. FraudFlag Ltd is based in Nigeria, and Railway operates server infrastructure primarily in the United States. If you or your customers are located in the European Economic Area or the United Kingdom, personal data we process may be transferred outside those regions. Our processors maintain industry-standard security controls and their own published privacy frameworks; we transfer the minimum data necessary to deliver the Service.

4. How long we keep it

  • Order scores, signals, and bullets — retained while your app installation is active. Deleted on receipt of Shopify's shop/redact webhook (sent approximately 48 hours after uninstall).
  • Sessions — deleted immediately on Shopify's app/uninstalled webhook.
  • Individual customer data — deleted on receipt of Shopify's customers/redact webhook.

5. Your rights and consent

FraudFlag honours Shopify's mandatory GDPR webhooks:

  • customers/data_request — we log the request. Because FraudFlag holds no structured PII beyond what Shopify already shows you in the admin order detail, you can fulfil the request directly from Shopify.
  • customers/redact — we delete all scored-order data associated with the specified customer email and orders.
  • shop/redact — we delete all data associated with your shop.

Customer consent. FraudFlag does not interact directly with your shoppers and collects no consent from them. Shopify, as the data controller for shopper interactions on your store, manages all shopper-facing consent flows.

Sale of data. FraudFlag does not sell merchant or shopper personal data, so there is no data-sale opt-out to honour.

Automated decision-making. FraudFlag does not make automated decisions with legal or significant effects on individual shoppers. Risk scores and signals are advisory information shown to you; the merchant makes every fulfilment decision.

To exercise data-protection rights outside of Shopify's tooling, contact us at [email protected].

6. Cookies

FraudFlag sets no first-party tracking cookies. Authentication uses Shopify's session cookies managed by Shopify App Bridge.

7. Security and data handling

Encryption in transit and at rest. All data transmitted between your Shopify store, FraudFlag, and our third-party processors is encrypted via HTTPS/TLS. Data stored in the production database (Railway-managed PostgreSQL) is encrypted at rest on the underlying storage. Credentials are held only in environment variables on the hosting provider and are never committed to source control.

Encrypted backups. Railway maintains automated backups of the production database; these backups are encrypted at rest. Backup data is removed on the same schedule as live data when a shop is redacted.

Test and production separation. Development and test data live in a separate local database. No real merchant or shopper data is used in development or testing.

Data loss prevention. Every Shopify webhook is HMAC-verified before processing, so spoofed or tampered payloads cannot enter the database. Merchant inputs (alert email, blocked domains, threshold values) are validated before being persisted. Automated database backups are retained by the hosting provider as a recovery layer. FraudFlag does not accept arbitrary file uploads from merchants or shoppers.

Access control. FraudFlag is operated by a single founder; no broader staff has access to merchant data. Administrative access to the hosting provider, database console, and email provider is protected by strong unique passwords and two-factor authentication.

Access logging. Server-side request and webhook events are logged on the hosting provider, including any access to or modification of merchant data. Logs are accessible only to the founder and retained for the period the hosting provider supports.

Incident response. If we detect or are notified of a security incident affecting merchant data, we will: contain the incident; investigate its scope and root cause; notify affected merchants by email within 72 hours of confirming the breach (or sooner where required by law); and report to relevant authorities under GDPR Article 33 or other applicable regulations.

8. Changes

We may update this policy. The "Last updated" date at the top indicates the current version. Material changes will be emailed to merchants with an alert email on file.

9. Contact

Questions? Email [email protected].