Trust & Security

Trust, Privacy & Security at Nugglets

How Nugglets handles your store, order, and customer-related data, and the controls you have over your connection.

Last updated: June 14, 2026 · Applies to nugglets.com and the Nugglets ecommerce platform.

Plain-English summary: Nugglets is a dashboard you connect your store to. We use your store data only to run the features you choose, we ask for the least access needed, and you can disconnect or request deletion at any time.

1. How Nugglets uses store data

When you connect a store, Nugglets accesses only the information needed to provide the features you use, such as:

Store sales and order totals
Product names, SKUs, pricing, and inventory levels
Order and fulfillment status
Refund and return information
Store analytics and profit calculations
Connected-store settings required for the dashboard

Nugglets does not sell merchant data or customer data.

Nugglets does not use store data for advertising purposes.

Nugglets only uses connected-store data to provide, improve, secure, and support the platform.

2. Data minimization

We request the minimum amount of access needed for the Nugglets features you choose to use. Our Shopify connection is read-only and limited to orders, products, inventory, and locations. We do not request customer names, addresses, phone numbers, or emails unless a feature genuinely requires them, and we never request payment card details.

3. Security practices

These are the safeguards we have in place today:

✓

HTTPS everywhere. The website and app are served over encrypted HTTPS connections.

✓

Encrypted access tokens. Shopify access tokens are encrypted at rest and only decrypted in memory when needed.

✓

Secure OAuth flow. Connections use Shopify's official authorization with a signed, expiring, account-bound state check.

✓

Tokens never reach the browser. Access tokens live server-side and are never exposed in frontend code or responses.

✓

Verified webhooks. Every Shopify webhook is checked with an HMAC signature before it is processed; invalid requests are rejected.

✓

Least-privilege scopes. We request only read-only access to the data the dashboard needs.

✓

Role-based access. Access to account features is controlled by roles and permissions within each workspace.

✓

Access removed on disconnect. When you disconnect a store or it is uninstalled, the stored access token is cleared.

✓

Privacy webhooks honored. We process Shopify's data-request, customer-redact, and shop-redact webhooks.

✓

Payments handled by Stripe. Card payments are processed by Stripe; Nugglets never stores your full card number.

✓

Regular backups. Account data is backed up so it can be restored if something goes wrong.

✓

Logging and dependency updates. Sensitive actions are logged, and we keep dependencies updated for security fixes.

4. Merchant control

You control your connection. You can disconnect a store, request account deletion, or ask questions about your data at any time.

View Privacy Policy View Terms of Service View Data Processing Addendum Request Data Deletion Contact Privacy Support

5. What we access from Shopify

Before any data flows, you review and approve the exact permissions on Shopify's own authorization screen. Nugglets requests read-only access to:

Store performance data — orders, sales, refunds, and fulfillment status, to calculate revenue and profit.
Product and inventory data — products, variants, SKUs, pricing, and inventory levels, to show your catalog and stock.
Analytics data — store-level metrics needed for profit tracking and reporting.
Customer information — only when a specific feature genuinely requires it. We avoid collecting customer names, emails, phone numbers, and addresses unless necessary.

You stay in control: you will always see Shopify's official permission screen before approving access, and you can disconnect at any time.

6. Common questions

Does Nugglets sell my data?

No. Nugglets does not sell merchant data or customer data, and does not use your store data for advertising. We use connected-store data only to provide, improve, secure, and support the Nugglets platform.

Can Nugglets change or place orders in my store?

No. The Shopify connection is read-only. Nugglets reads orders, products, inventory, and locations to power your dashboard; it does not edit your store.

What happens when I disconnect?

Disconnecting clears the stored access token so Nugglets can no longer reach your store. You can also request deletion of your Nugglets account and data at any time.

How do I request my data or a deletion?

Use the data request page to request access, correction, deletion, or to disconnect a store. To protect accounts, we may verify ownership before processing a request.