Privacy Policy
Last updated July 7, 2026
GateKeeper ("we", "us") is a Shopify app built by 8th Origin LLC that blocks unwanted storefront traffic and automatically flags, holds, or cancels risky orders. Because fraud screening is its job, GateKeeper does read order data from your store. This policy explains exactly what we read, what we keep, and what we never keep.
What we read (but do not store)
When a new order is created, Shopify sends it to us and we evaluate it against the rules you configured. During that evaluation — in memory only — we look at:
- Order details — order total, currency, payment gateway, financial status, and order tags.
- Shipping and billing country codes — to check country rules and billing/shipping mismatch.
- Customer signals — the customer's prior order count (to detect first-time customers) and Shopify's own fraud risk assessment for the order.
None of those fields are written to our database. Customer names, emails, phone numbers, and street addresses are never read into the app's rule engine and never stored.
What we store
- Store information — your
.myshopify.comdomain and your plan. - Staff account — the name and email of the staff member who installs GateKeeper, from your Shopify session, used only to authenticate you into the app.
- Your configuration — firewall settings, country/IP rules, and order rules. This is data you create.
- Order action log — when a rule matches, we record the order id, order number, order total, currency, the action taken (cancel / hold / flag), the rule name, and the risk level. No customer identity fields.
- Storefront block events — when the firewall blocks a visitor, we record the visitor's IP address, country code, user agent, and the page path, so you can see what was blocked and why. Allowed visitors are not logged.
How we use it
Solely to operate the app for you: enforce the rules you configure, show you your own activity and analytics, authenticate you into the admin, and provide support. We do not sell data, share it with advertisers, or use it to train models.
Sub-processors
We share the minimum necessary with the infrastructure that runs the app: Shopify (platform and APIs), Vercel (application hosting and edge network — this is also where a blocked visitor's IP and country are derived), and Neon (database hosting). Each processes data only to provide their service to us.
Retention & deletion
We keep your data only while GateKeeper is installed. When you uninstall, Shopify sends us a shop/redact request and we delete everything we hold for your store — configuration, rules, block events, and order action logs. When Shopify sends a customers/redact request for a specific customer, we delete the order action log rows for that customer's orders. For customers/data_request, there is nothing beyond Shopify's own order records to return, because we store no customer identity fields.
Security
Data is transmitted over HTTPS and access tokens are stored server-side. Our Shopify permissions are the minimum for the job: read_orders (evaluate new orders and read risk) and write_orders (cancel or tag the orders your rules catch).
Your choices
You can remove all data we hold at any time by uninstalling GateKeeper from your Shopify admin. For any privacy request, email us and we will respond promptly.
Changes
If this policy changes, we will update the date above and, for material changes, notify installed merchants.
Contact
8th Origin LLC — danny@8thorigin.com