Privacy Practices
WandStore is built with privacy as a core architectural principle. This page describes how customer data is handled and protected in the current product.
Privacy-by-design architecture
Section titled “Privacy-by-design architecture”WandStore is designed to limit data use to what is needed to generate personalized storefront content for eligible signed-in customers. In practice, this means:
- No browsing tracker — WandStore does not rely on browsing history, clickstream tracking, fingerprinting, or advertising cookies for personalization.
- Shopify customer and order context powers personalization — The app uses customer and order data available through Shopify, along with merchant-configured brand settings and product data, to generate personalized storefront content.
- Sensitive contact and payment fields are excluded — WandStore does not use payment information, customer passwords, or phone numbers for personalization.
The exact data used can vary by feature and merchant configuration. For a detailed breakdown, see Data Usage.
Encryption and transport security
Section titled “Encryption and transport security”All data in WandStore is protected in transit:
- HTTPS/TLS everywhere — Connections between the customer’s browser, WandStore, Shopify’s APIs, and supporting services use encrypted transport.
- No plaintext transmission — Customer data is never transmitted over unencrypted connections.
Authentication security
Section titled “Authentication security”WandStore uses Shopify’s official Customer Account API with PKCE (Proof Key for Code Exchange) for authentication. This is the same security standard used by major tech companies:
- OAuth 2.0 + PKCE — Prevents authorization code interception attacks.
- CSRF protection — State parameters prevent cross-site request forgery.
- Token rotation — Access tokens expire and are refreshed automatically.
Customers authenticate directly with Shopify — WandStore never sees or stores passwords.
Edge infrastructure
Section titled “Edge infrastructure”WandStore runs on Cloudflare’s global edge network, which provides:
- Global distribution — Data is processed at the edge server nearest to the customer, minimizing data travel.
- DDoS protection — Built-in protection against denial-of-service attacks.
- SOC 2 compliance — Cloudflare maintains SOC 2 Type II certification for its infrastructure.
Data minimization
Section titled “Data minimization”WandStore follows the principle of data minimization and avoids collecting data that is not needed for product functionality:
- No tracking cookies — WandStore does not place tracking cookies or use fingerprinting.
- No behavioral tracking — WandStore does not track page views, clicks, or browsing behavior. It relies solely on Shopify purchase history.
- No third-party sharing — Customer data is not shared with advertising networks, analytics providers, or data brokers.
- Limited-purpose storage — Cached personalized storefront content and related customer data are stored only to support product features, merchant workflows, and deletion/compliance obligations.
Suggested privacy policy language
Section titled “Suggested privacy policy language”Merchants using WandStore may want to add language like this to their store’s privacy policy:
We use WandStore to personalize the shopping experience for eligible signed-in customers. When you sign in, WandStore uses Shopify customer and order data, along with store product and brand settings, to generate personalized storefront content. WandStore does not use payment information, passwords, phone numbers, or browsing-history tracking for this personalization. Personalized storefront content may be cached to improve performance and can be refreshed or removed as store data changes.
Compliance
Section titled “Compliance”For specific regulatory compliance information:
- GDPR Compliance — European data protection
- Data Usage — Complete data usage breakdown