Limited Shopify permissions
Valyn is built around read-focused order access needed for order support automation and does not modify orders.
Token and credential handling
Shopify access tokens are stored server-side. SMTP passwords are encrypted at rest with AES-256-GCM before storage.
Access control
Internal dashboard APIs require Shopify App Bridge session tokens signed for the installed app.
Logging
Valyn logs inbound email processing outcomes, reply status, order matches, and errors so merchants can review automated behavior.
Data retention
Inbound MIME files expire from S3 after 30 days. Shop-level data is deleted through Shopify redaction workflows after uninstall.
Incident contact
Security questions can be sent to support@getvalyn.com.
No unnecessary order modification
The product is designed to read order data for support replies, not modify store orders or fulfillment state.