Security Policy
Access model
We never ask for your Shopify login or password. You create a revocable Admin API token per store, scoped read-only on the source. You can revoke either token at any moment, and we ask you to revoke both at handover.
Encryption
Tokens are encrypted at rest with AES-256-GCM; decryption requires a key held only in the runtime environment, never in the database. All traffic is TLS. Payment data never touches our systems — checkout is entirely Stripe-hosted.
Infrastructure
The service runs on Cloudflare's network with the database and application in the same trust boundary; admin access is password-protected and credential reveals are deliberate, logged actions.
During migration
Your source store is accessed read-only. Working exports are retained only for the re-migration window of your package, then deleted.
Disclosure
Found a vulnerability? support@shopify2shopify.pages.dev — we respond within one business day.