Privacy policy
Effective date: 2026-07-14
东莞独域科技有限公司 operates Duyu Store Setup. This policy explains how the app handles merchant store data.
Data the app processes
The app processes the shop domain, granted access scopes, encrypted Shopify access and refresh tokens, token expiry and health metadata, and basic shop metadata such as store name, country, and currency.
To prepare and execute approved store setup work, the app processes the page content, policy text, Market configuration, merchant-owned delivery profile configuration, and automatic basic discount settings selected for that change. It stores the submitted variables, current and target snapshots, approval digest, input hash, execution result and status, and timestamps needed for review, idempotency, and rollback evidence.
Security and audit records can include the shop domain, action, request IP address, user agent, and timestamp. The app does not request or store customer, order, product, payment, report, file, or theme data.
How data is used
Data is used only to authenticate the store, display connection health, prepare merchant-reviewable change plans, execute approved changes, prevent duplicate execution, and maintain security and audit evidence.
Storage and security
OAuth credentials are encrypted at rest and are never returned by public application endpoints. Data is transmitted over HTTPS. Merchant-facing requests require a valid Shopify session token, and service requests require a separate service credential.
Shopify supplies the commerce platform and authentication services. Cloudflare supplies the Worker and D1 hosting used to process and store app data. We do not sell merchant data or disclose it for advertising.
Retention and deletion
Credentials, configuration plans, execution records, OAuth state, and audit records are retained while needed to operate and secure the installed app. Credentials are disabled when the app is uninstalled. When Shopify sends a validated shop-redaction request, the app deletes the shop credential, plans, execution records, OAuth state, and audit records associated with that shop.
Privacy requests
The app subscribes to Shopify's mandatory privacy webhooks. Because it stores no customer records, customer data requests and customer-redaction requests are acknowledged without retaining the webhook payload.
Merchants can contact us to ask about app data or request assistance with deletion. We may update this policy when the app or Shopify requirements change; the effective date above identifies the current version.
Contact
Questions can be sent to support@dycross.com.