Privacy Policy — Customer Risk Register

Effective 22 June 2026

Customer Risk Register (“the App”, “we”, “us”) is a Shopify app that helps merchants flag problem customers and alert their staff when a flagged customer places an order. This policy explains what personal data the App processes, why, and how it is protected. For any privacy question, contact us at support@blacklistcustomer.com.

Our role

The App acts as a data processor on behalf of the Shopify merchant who installs it (the data controller). We process personal data only to provide the App’s functionality to that merchant and on their instructions.

What data we process

• Customer fields from orders — when an order is placed, we read the customer’s name, email address, phone number, and billing/shipping address from the Shopify Admin API in order to compare them against the merchant’s risk register.
• Risk register entries — the merchant’s staff manually enter names, emails, phone numbers, addresses, reason notes, severity, and incident history for customers they wish to flag.
• Shop and staff identifiers — the shop domain and the staff email associated with an action, used for audit logging.

Why we process it

The sole purpose is fraud and risk prevention: matching an incoming order against the merchant’s risk register and alerting the merchant’s staff. The App is alert-only. It never blocks, cancels, holds, or modifies an order. All decisions are made by the merchant’s staff — the App performs no automated decision-making with legal or similarly significant effects. We do not use personal data for marketing and we never sell personal data.

Sub-processors

• Railway — application hosting.
• Neon — PostgreSQL database (data stored in AWS, Asia Pacific / Sydney region).
• Resend — transactional email delivery, used only to send alert emails for merchants on plans that include email alerts.

Data retention

Risk register entries are retained only while they are useful to the merchant: until the merchant deletes the entry or uninstalls the App. We do not keep personal data longer than needed for the purpose above. When the App is uninstalled or a shop-redaction request is received, all of that shop’s data is deleted. Customer-redaction requests are honoured by removing the matching customer’s personal data. These deletions are processed via Shopify’s mandatory compliance webhooks (shop/redact, customers/redact, customers/data_request) within 30 days.

Security

• Personal data is encrypted in transit (TLS) and at rest.
• Database backups are encrypted.
• Test and production data are kept separate.
• Staff access to personal data is limited and protected by strong passwords.
• Access to personal data is logged.
• We maintain a security incident response policy.

Data subject rights

Because we act on behalf of the merchant, requests to access, correct, or delete personal data should be directed to the merchant who operates the store. We will assist the merchant in fulfilling such requests, including via Shopify’s data-request and redaction webhooks.

Changes to this policy

We may update this policy from time to time. Material changes will be reflected by updating the effective date above.

Contact

Questions about this policy or our data practices: support@blacklistcustomer.com.