Protected Customer Data Access

Review evidence prepared: July 10, 2026

Gradient Smart Discount requests only Shopify's base protected customer data access because its core inventory analysis depends on order and order-line history. It does not request the optional Name, Email, Phone, or Address fields.

Access request

  • Requested: base protected customer data for app functionality and analytics.
  • Shopify OAuth scope: read_orders.
  • Not requested: customer Name, Email, Phone, and Address fields.
  • Analytics: merchant-facing sales and campaign analytics calculated by Gradient, not third-party advertising or tracking analytics.

Partner Dashboard evidence

These screenshots show the protected-data request reasons and that all four optional customer-identifying fields remain unselected.

Shopify Partner Dashboard showing protected customer data requested for app functionality and analytics, with optional customer fields not selected
Base protected-data request and its declared purposes.
Shopify Partner Dashboard showing Name, Email, Phone, and Address as unselected optional protected customer fields
Name, Email, Phone, and Address are not requested.

Specific functionality requiring this access

Gradient reads the merchant's previous 60 days of order data to retrieve order identifiers and timestamps, line-item and variant identifiers, quantities, current quantities, refunds, discount allocations, and monetary totals. It aggregates those values per variant to:

  • calculate sales velocity and sell-through;
  • classify products as Fast, Normal, Slow, or Insufficient Data;
  • identify slow-moving inventory for merchant review;
  • evaluate progress during controlled markdown campaigns; and
  • produce campaign sales, revenue, and refund reporting.

These functions cannot be calculated from product and inventory data alone. Order-line history is the minimum data needed to know whether inventory is selling, how quickly it is selling, and whether a campaign is meeting the merchant's selected goal.

Data minimization

Gradient does not request, read, or store:

  • customer names, email addresses, phone numbers, or addresses;
  • payment information or customer account records;
  • customer profiles or a local customer model; or
  • storefront browsing behavior.

Stored order-line snapshots contain operational identifiers, quantities, refund quantities, monetary values, currency, discount allocations, and Shopify timestamps. They do not contain customer identity fields.

Data protection

  • Data is isolated by the authenticated Shopify shop.
  • Shopify API traffic uses HTTPS/TLS.
  • Production PostgreSQL data and backups are encrypted at rest.
  • Shopify access tokens are encrypted at rest using AES-256-GCM.
  • A verified shop/redact webhook triggers deletion of the shop's identifiable data.
  • Gradient does not sell or share this data with advertisers, analytics providers, or data brokers.