Home / security

Security Policy

Access model

We never ask for your Shopify login or password. You create a revocable Admin API token per store, scoped read-only on the source. You can revoke either token at any moment, and we ask you to revoke both at handover.

Encryption

Tokens are encrypted at rest with AES-256-GCM; decryption requires a key held only in the runtime environment, never in the database. All traffic is TLS. Payment data never touches our systems — checkout is entirely Stripe-hosted.

Infrastructure

The service runs on Cloudflare's network with the database and application in the same trust boundary; admin access is password-protected and credential reveals are deliberate, logged actions.

During migration

Your source store is accessed read-only. Working exports are retained only for the re-migration window of your package, then deleted.

Disclosure

Found a vulnerability? support@shopify2shopify.pages.dev — we respond within one business day.