Tacit Agent Guard Privacy Policy
This policy explains how TACIT processes data through Tacit Agent Guard. The app connects approved external agents to Shopify product operations that a merchant can review, approve, audit, and roll back from Shopify Admin.
Data we process
- Shop installation data: shop domain, installed app identity, granted scopes, installation timestamps, and encrypted Shopify Admin access token metadata.
- Product operation data: product IDs, titles, statuses, descriptions, SEO fields, update timestamps, preview diffs, audit records, and rollback metadata for product commands run through the app.
- Agent connection data: merchant-created agent labels, command scopes, token prefixes, token hashes, expiration timestamps, last-used timestamps, and revocation timestamps. We do not store plaintext agent tokens after creation.
- Approval data: one-time approval token prefixes and hashes, command names, exact argument hashes, preview hashes, source product timestamps, expiration, use, and revocation timestamps.
- Operational data: request IDs, redacted logs, webhook delivery metadata, retry state, GraphQL throttle metadata, billing subscription lifecycle snapshots, and safety policy settings.
Data we do not process in v1
The v1 app is limited to product operations and uses the Shopify scopes read_products and write_products. It does not request customer, order, fulfillment, refund, gift card, discount, checkout, web pixel, or theme scopes. The app does not intentionally store protected customer data in v1.
How we use data
- Authenticate the installed Shopify shop and embedded App Home session.
- Let merchants create, scope, revoke, and audit external agent connections.
- Let agents preview supported product commands and apply only merchant-approved write payloads.
- Provide billing, security controls, audit records, rollback records, support, and abuse prevention.
- Receive and process Shopify compliance, uninstall, and subscription webhooks.
Sharing and subprocessors
We use Shopify APIs to provide the app. Hosted production deployments can use infrastructure providers for web hosting, Postgres database storage, logging, monitoring, and email support. We do not sell merchant or buyer personal data. We do not use off-platform billing for App Store charges.
Security
Shopify Admin tokens are encrypted at rest with a dedicated encryption key. Agent and approval tokens are stored as hashes only. Logs are structured and redacted to avoid storing access tokens, bearer tokens, authorization headers, and secret-like values.
Retention and deletion
While the app is installed, operational records are retained to provide audit, rollback, billing, security, and support functions. Routine webhook receipts, stale rate-limit buckets, stale GraphQL throttle snapshots, expired or revoked agent connections, expired or used approval tokens, expired OAuth authorization codes, and stale dynamic OAuth client registrations can be pruned after the configured retention window when they are no longer needed for active processing or security follow-up. Audit records, rollback records, billing state, current policies, and installed-shop tokens are retained while needed for service continuity, merchant-visible accountability, dispute handling, security, or legal compliance. When the app receives Shopify's app/uninstalled webhook, stored token access is disabled. When Shopify sends shop/redact, per-shop tokens, policy, agent connection records, approvals, billing snapshots, webhook records, audit records, and rollback records are purged. Production logging and monitoring must be configured so routine operational logs are retained for no more than 30 days unless a longer period is required for security, abuse prevention, legal compliance, or dispute handling.
Customer data requests
Because v1 does not intentionally store protected customer data, customers/data_request and customers/redact webhooks are acknowledged as no-data actions. If future versions request customer-data scopes, this policy and the app's data export/deletion workflows must be updated before release.
Contact
For privacy questions or deletion requests, contact support@tacitproject.hu.