Protected Customer Data Access
Review evidence prepared: July 10, 2026
Gradient Smart Discount requests only Shopify's base protected customer data access because its core inventory analysis depends on order and order-line history. It does not request the optional Name, Email, Phone, or Address fields.
Access request
- Requested: base protected customer data for app functionality and analytics.
- Shopify OAuth scope:
read_orders. - Not requested: customer Name, Email, Phone, and Address fields.
- Analytics: merchant-facing sales and campaign analytics calculated by Gradient, not third-party advertising or tracking analytics.
Partner Dashboard evidence
These screenshots show the protected-data request reasons and that all four optional customer-identifying fields remain unselected.


Specific functionality requiring this access
Gradient reads the merchant's previous 60 days of order data to retrieve order identifiers and timestamps, line-item and variant identifiers, quantities, current quantities, refunds, discount allocations, and monetary totals. It aggregates those values per variant to:
- calculate sales velocity and sell-through;
- classify products as Fast, Normal, Slow, or Insufficient Data;
- identify slow-moving inventory for merchant review;
- evaluate progress during controlled markdown campaigns; and
- produce campaign sales, revenue, and refund reporting.
These functions cannot be calculated from product and inventory data alone. Order-line history is the minimum data needed to know whether inventory is selling, how quickly it is selling, and whether a campaign is meeting the merchant's selected goal.
Data minimization
Gradient does not request, read, or store:
- customer names, email addresses, phone numbers, or addresses;
- payment information or customer account records;
- customer profiles or a local customer model; or
- storefront browsing behavior.
Stored order-line snapshots contain operational identifiers, quantities, refund quantities, monetary values, currency, discount allocations, and Shopify timestamps. They do not contain customer identity fields.
Data protection
- Data is isolated by the authenticated Shopify shop.
- Shopify API traffic uses HTTPS/TLS.
- Production PostgreSQL data and backups are encrypted at rest.
- Shopify access tokens are encrypted at rest using AES-256-GCM.
- A verified
shop/redactwebhook triggers deletion of the shop's identifiable data. - Gradient does not sell or share this data with advertisers, analytics providers, or data brokers.