Last updated: July 10, 2026
This policy describes how Talivio Technology OÜ, the operator of CreditOps, protects the personal data (customer name and email) that the app processes, and what we do if a security incident affects it. It supplements our Privacy Policy.
CreditOps is operated by a single-person team. This policy is intentionally sized to that reality: it is a concrete, followable process rather than a framework built for a larger organization. It covers the production server, database, and source code repository that store or process merchant and customer data on our behalf.
| Control | Status |
|---|---|
| All traffic encrypted in transit (HTTPS/TLS) | In place |
| Access to the production server and database limited to the operator | In place |
| Access logging for reads of customer name/email (sync and lookup operations) | In place — see Privacy Policy |
| Retention limits and deletion jobs tied to Shopify's mandatory GDPR webhooks | In place — see Privacy Policy |
| Customer name/email encrypted at rest in the database (AES-256) | In place |
| Nightly database backups, encrypted (AES-256), 30-day retention | In place |
| Formal password-manager / MFA policy for operator accounts | Not yet formalized |
We disclose gaps here rather than overstate our posture; merchants evaluating the app should weigh this against the sensitivity of the data involved (store credit balances and customer name/email — no payment card data, and no data beyond what Shopify itself already holds).
Any event that risks the confidentiality, integrity, or availability of the data in section 2 — for example, unauthorized access to the production server or database, a leaked or compromised Shopify access token, loss of a device with access to production systems, or a vulnerability that could have been exploited to read or alter merchant or customer data.
If you believe you've found a security vulnerability in CreditOps, please report it to [email protected]. We ask that you give us a reasonable opportunity to investigate and address a report before disclosing it publicly, and that you don't access, modify, or delete data that isn't yours while investigating.
Talivio Technology OÜ (registry code 16991406), Ahtri tn 12, Kesklinna linnaosa, Tallinn, Harju maakond, 15551, Estonia — [email protected].