Scope

CartMoat is a Shopify app that enforces contribution-margin policies at checkout and produces audit evidence for decisions. This policy covers the CartMoat app, its API services, and the www.cartmoat.com website.

Data we collect

  • Shop and account data: shop domain, access tokens, granted scopes, install and uninstall timestamps, and shop region.
  • Configuration data: policy settings, rule scopes, thresholds, shipping and payment models, and cost overrides you configure.
  • Product and inventory data: product and variant identifiers, unit cost data, and collection metadata used for policy scoping.
  • Decision and audit data: decision kind, reason, rule code, hashed checkout identifiers, timestamps, and rollups.
  • Webhook event data: webhook topic and ID, plus optional webhook payload snapshots stored for audit. Payloads may include order or customer data supplied by Shopify.
  • Operational data: logs, error metadata, queue records, and aggregate service metrics.

Data sources

We receive data from:

  • Shopify APIs and webhooks.
  • Merchant-provided configuration in the CartMoat admin UI.
  • Decision events emitted by CartMoat enforcement logic.

How we use data

  • To compile and publish policy artifacts to Shopify.
  • To enforce policies across discounts, shipping, and payments.
  • To produce audit trails, decision logs, and rollups.
  • To support reliability, security, and incident investigation.

Data storage and subprocessors

CartMoat runs on Cloudflare infrastructure. Data is stored in Cloudflare Workers services, D1 databases, R2 object storage, and queues configured for the app. The marketing site is hosted on Cloudflare Pages.

We share data with Shopify only as required to operate the app (publishing policies, retrieving product data, and responding to Shopify webhooks). We do not sell customer or merchant data.

Retention and deletion

  • We retain data while the app is installed to provide policy enforcement and auditability.
  • App uninstall removes app settings and webhook event records. Other audit and decision records may remain until a Shopify shop redaction request is received or a deletion request is processed.
  • Shopify shop redaction triggers deletion of shop data from the primary database and registry records. Archived payloads stored in object storage are removed through maintenance cleanup or on request.

Shopper data requests

CartMoat is a service provider to merchants. If you are a shopper and want access or deletion of your data, contact the merchant directly. Shopify forwards privacy requests to app providers; CartMoat acknowledges data request and customer redaction webhooks but does not maintain a separate customer profile database.

Contact

Merchants can contact CartMoat through the support channel provided during onboarding. If you need confirmation of a deletion request, reach out through that channel.