FanDX Shop Privacy Policy

Last updated: June 19, 2026

FanDX Shop is a Shopify application that connects Shopify stores to Discord communities. This policy explains what information we collect, how we use it, and your rights.

1. Who This Covers

This policy covers two groups:

• Merchants: Shopify store owners who install FanDX Shop
• Discord members: fans and customers who interact with the bot in a connected server

2. Information We Collect

From merchants

When you install and connect your store, we collect and store:

• Shopify store domain, shop ID, store name, contact email, description, and currency
• Shopify API credentials (admin access token, storefront access token), stored encrypted
• Customer Account API client credentials, if you configure account linking, stored encrypted
• Your Discord server ID
• Configuration you set in the bot: admin roles, announcement channels, hub message location

From Discord members

When you interact with the bot, we may collect:

• Discord user ID
• Shopify Customer ID, only set if you voluntarily link your Shopify account
• OAuth tokens for the Shopify Customer Account API, stored encrypted, used to maintain your session and fetch order history
• Wishlist items (product and variant IDs you save)
• Cart contents (products and quantities added while browsing)
• Order history: order IDs, amounts, and fulfillment status, read from Shopify to power order notifications and milestone tracking
• Drop and price-drop alert preferences
• Discount codes issued to you based on your Discord roles

We do not collect names, email addresses, payment details, or shipping addresses from Discord members. Any personal information entered during Shopify checkout is handled directly by Shopify under their own privacy policy.

3. How We Use Your Information

We use the information above to:

• Connect your Shopify store to your Discord server and keep the integration running
• Display your product catalog, inventory, and pricing to Discord members
• Allow members to browse products and proceed to checkout on your Shopify storefront
• Send Discord notifications for new product drops, price changes, and order fulfillment updates
• Issue role-based discount codes to eligible members
• Grant Discord roles based on order milestones (spend thresholds, order counts)
• Respond to data requests and deletion requests as required under GDPR

We do not use your data for advertising or profiling, and we do not sell it to any third party.

4. Data Storage and Security

• All Shopify API tokens and Customer Account API credentials are encrypted at rest using AES-256-GCM
• Our service is hosted on Railway and served exclusively over HTTPS
• OAuth state tokens are short-lived (10 to 60 minutes) and deleted immediately after use
• All incoming Shopify webhooks are verified using HMAC-SHA256 signatures before processing

5. Data Sharing

We share data only as necessary to operate the service:

• Shopify: we call the Shopify Admin API, Storefront API, and Customer Account API on the merchant's behalf to read store and order data
• Discord: we use the Discord API to send messages, post notifications, and manage roles in connected servers
• Railway: our infrastructure provider; data is stored on their platform

We do not sell, rent, or share personal data with any other third parties.

6. Data Retention

• Merchant data is kept while the app is installed. When you uninstall FanDX Shop, all store configuration and associated Discord member data are deleted. Shopify's shop/redact webhook, sent 48 hours after uninstall, triggers a final deletion sweep.
• Discord member data is retained while the app is active on the associated server. If a customer submits a deletion request, all records linked to that customer (linked account, wishlist, cart, order events, discount codes, milestone roles) are deleted in response to Shopify's customers/redact webhook.
• OAuth tokens are refreshed automatically while active and deleted when a member unlinks their account or their data is redacted.

7. Your Rights

Discord members

• You may unlink your Shopify account at any time using the Account button in the bot hub
• You may request deletion of your data by contacting us directly or submitting a request through the merchant's Shopify store

Merchants

• You may uninstall the app at any time from your Shopify admin, which triggers deletion of all associated data
• You may contact us with questions about data we hold

European Economic Area

If you are in the European Economic Area, you have the right to access, correct, and erase personal data we hold, and to restrict or object to its processing. Contact us at the address below to exercise these rights.

8. Children's Privacy

FanDX Shop is not directed at children under 13 and we do not knowingly collect personal information from children.

9. Changes to This Policy

We may update this policy occasionally. When we do, we will revise the "Last updated" date above. Continued use of FanDX Shop after changes take effect constitutes acceptance of the updated policy.

10. Contact

For privacy questions, data access requests, or deletion requests:

FanDX
accounts@fandx.io