OrderBrief Atlas data protection

Data Protection

This page explains how OrderBrief Atlas limits processing, supports merchant data requests, and aligns app-side records with Shopify uninstall and compliance workflows.

Merchant data protection agreement

This page forms part of the merchant data protection agreement for OrderBrief Atlas.

  • By installing or continuing to use OrderBrief Atlas, the merchant authorizes Project Pioneer to process the limited personal and order-related data described on this page solely to provide the app.
  • Project Pioneer acts only within the documented app workflow, retention settings, uninstall cleanup path, and Shopify compliance flows described here and in the Privacy Policy.
  • Merchants may stop this processing at any time by disabling processing in the app where available or uninstalling the app from the store.

Processing purpose

OrderBrief Atlas processes only the personal and order-related data needed for internal fulfillment review.

  • Processing is limited to generating note summaries, action text, queue priority, and checklist state.
  • The app does not use merchant data for advertising, resale, or external audience profiling.
  • The app keeps results inside its own database instead of writing summaries back to Shopify orders.

Merchant control and retention

Merchants control whether processing remains enabled and how long operational records are retained.

  • Processing can be disabled from the app settings.
  • Retention defaults to 90 days and can be reduced or increased within the app's allowed range.
  • Expired snapshots and webhook logs are purged by a scheduled maintenance job.

Compliance support

OrderBrief Atlas aligns its cleanup behavior with Shopify's compliance and uninstall flows.

  • shop/redact, customers/redact, and customers/data_request topics are subscribed through the app's compliance webhook configuration.
  • Uninstall and compliance events remove or deactivate shop-scoped records according to the app's cleanup path.
  • Operational support questions should be sent through the merchant support contact listed during app review.

Merchant and Project Pioneer responsibilities

The merchant-facing agreement is designed to make the app's processing boundaries explicit.

  • Project Pioneer will process personal data only for the documented fulfillment-review purpose and will not use the data for advertising, resale, or unrelated profiling.
  • Project Pioneer will honor the app's documented retention and cleanup paths, including uninstall and applicable Shopify compliance events.
  • Merchants remain responsible for providing lawful instructions, reviewing fulfillment decisions, and uninstalling the app if they no longer want OrderBrief Atlas to process store data.

Security posture today

OrderBrief Atlas documents its current safeguards and does not claim controls that are not in place.

  • Transport uses HTTPS for the public app and secure SQL connections for the hosted database.
  • Stored order-derived protected customer data and raw webhook payloads are encrypted at the application layer with a dedicated key that is held outside the database.
  • Protected customer data access remains subject to Shopify approval and environment-specific review.
  • The shared host still does not provide SQL Server TDE for this database, so OrderBrief Atlas relies on application-layer encryption rather than host-managed database encryption.