Privacy Policy

Mastiff: Order Limits & MOQ, a Shopify app by EMERGENESIS LLC.
Last updated July 11, 2026.

This policy explains what Mastiff stores, what it does not store, and what happens to your data when you uninstall. It is short because the app collects very little.

The short version

What the app stores

Data Where it lives Why
One session row per shop: the shop's domain, the OAuth access token Shopify issues at install, and the list of permissions (scopes) granted Our database, hosted on Railway Without it the app cannot make authenticated calls to your store. This is the only record we keep.
The order-limit rules you create Shopify metafields, on your own store Rules belong to your store. We read and write them through Shopify's API; we do not keep a copy.

Mastiff authenticates with a shop-level (offline) access token, not a per-user one. That means the session row is tied to the store, not to whoever installed it, and no staff member's name, email address, or user ID is stored.

What the app does not store

Mastiff does not have access to protected customer data, and does not ask Shopify for it. It never receives customer names, email addresses, phone numbers, shipping addresses, payment details, or order history.

When a shopper reaches checkout, Shopify runs our validation function and passes it the contents of that cart: quantities, per-item prices, and the product, variant, and collection identifiers needed to decide whether a rule applies. That information is used to make one decision, in the moment, and is never written to our database or sent anywhere else. No customer is identified in it.

Where your data is processed

No other third parties receive data from Mastiff. The app contains no analytics, no advertising trackers, and no third-party scripts.

Deleting your data

Uninstalling the app is enough. Shopify notifies us, we delete the stored access token for your shop, and Shopify removes the app-owned metafields that held your rules. Nothing is retained.

Mastiff also implements Shopify's three mandatory privacy webhooks, so that requests to access or erase customer data are handled automatically. Because the app holds no customer data, those requests return nothing to disclose and have nothing to erase.

If you want confirmation in writing that your data has been removed, email the address below and you will get an answer.

Changes to this policy

If this policy changes, the date at the top of the page changes with it. If a change ever affects what data the app collects, merchants with the app installed will be told directly, not quietly.

Contact

EMERGENESIS LLC
[email protected]