Legal

Privacy Policy

Aegis Preorder · Last updated 2026

This Privacy Policy explains what data the Aegis Preorder app ("the App", "we") accesses and how we use it when installed on a Shopify store.

Data we access

  • Orders & line items — to identify pre-order selling plans, record the deposit and remaining balance, and drive deferred balance charges.
  • Products — to write the pre-order widget metafields (state, selling plan, deposit percent, ETA) the storefront reads.
  • Fulfillment orders & fulfillments — to place and release fulfillment holds so pre-orders don't ship before you're ready.
  • Payment mandate — the vaulted payment method associated with the order, used solely to charge the remaining balance when it becomes due.

We request only the scopes needed for this: read_products, write_products, read_orders, write_orders, read_fulfillments, write_fulfillments, read_payment_mandate, write_payment_mandate, write_merchant_managed_fulfillment_orders. We do not request access to customer profiles (read_customers).

Customer data & PII

Aegis does not store standalone customer personal information (names, emails, phone numbers, addresses) as records. Our records are keyed by shop + orderId. A vaulted payment mandate reference and currency are associated with an order only to collect the deferred balance.

How we use it

Solely to provide the App's function: classifying pre-orders, applying holds, tracking allocation caps, and collecting deposits and balances (with retries on failure). We do not sell data or use it for advertising.

Where it is stored

Pre-order configuration, allocation-cap state, fulfillment-hold state, ledger entries, and charge logs are stored in our application database (managed PostgreSQL, encrypted at rest and in transit with sslmode=require). Pre-order widget metafields are stored on your Shopify store.

Retention & deletion

We honor Shopify's mandatory data-protection webhooks (customers/data_request, customers/redact, shop/redact). Because no individual customer PII is stored as a record, customers/redact is a no-op acknowledgment. On app uninstall and on a shop/redact request, all merchant store data we hold is permanently deleted.

Marketing list

Separately from the App, our public website may collect an email address you voluntarily submit to join our early-access list. This is prospect/marketing data — not merchant store data — and you can have it removed any time by emailing us.

Contact

For privacy requests, contact support@worqflow.org.