Security & data access
When you install Trade Account Checkout, Shopify's screen lists categories like customer name, email, and address. That's standard wording for any app that receives order data. In practice this app requests a single permission — write_orders — reads only three things, and stores no customer data at all. It's a field-capture checkout extension, not a payment method.
Requires Shopify Plus · Free plan available
Quick answer
Trade Account Checkout requests one Shopify permission — write_orders — and stores only your shop domain, the order ID, and the trade-account number your customer typed at checkout. It never reads or stores customer names, emails, phone numbers, addresses, or payment card data, even though Shopify's permission screen lists those categories. It is a field-capture checkout extension, not a payment method or gateway. Uninstall, and every record keyed to your shop is deleted within 48 hours.
The permission screen
Shopify describes what an app could receive in the order payload — not what it actually reads. Trade Account Checkout receives the order webhook, then ignores everything except the three fields it needs.
Because the app receives the orders/create webhook, Shopify's summary lists customer name, email address, shipping address, and order details — the standard categories for any app that touches an order. This is wording about the payload, not a description of what the app stores.
The app extracts only the order ID, the shop domain, and the trade-account note attribute the customer entered. The customer name, email, and address in the same payload are never read, stored, or processed. They pass through Shopify untouched.
Permissions in plain English
write_ordersThat single permission does two things, both about the order — never about your customers.
Read the order to find the trade-account number the customer typed into the checkout field, and write back to that same order: the auto-tag (so you can filter trade orders) and the metafield (so the number is pinned and visible to your team).
What it does not request: no read_customers, no read_products, no analytics scopes, no access to stores that haven't installed it. If a permission isn't needed to capture and pin a field, the app doesn't ask for it.
What's in our database
The app's database holds shop-level configuration only. Nothing that identifies one of your customers ever lands in it.
Your shop domain, your saved checkout-field configuration, your monthly trade-order count (to enforce plan limits), and an OAuth session scoped to write_orders. The trade-account number itself lives on the order inside your Shopify, as a metafield.
Customer names, emails, phone numbers, or addresses. Payment card data. Browsing or behavioural analytics. Tracking pixels. Any data from stores that haven't installed the app. None of it is collected, and none of it is shared.
Where the data lives
The number the app captures is written back to the order as a tag and a pinned metafield — inside your own store, under your control, exportable and deletable like any order data.
Tags — auto-applied at checkout
trade-accountMetafields — pinned, visible to your team
Hosting & sharing
Data is shared with exactly two parties, both required to run the app.
Shopify — to authenticate requests, write the tag and metafield, and process subscription billing. Fly.io — our hosting provider, which stores the app's database encrypted at rest in the United States.
We do not sell or rent any data, and we use no third-party analytics, advertising networks, or tracking pixels. Full detail is in the Privacy Policy.
Uninstall & deletion
Deletion is automatic and complete, and we honour Shopify's mandatory privacy webhooks.
Remove the app from Settings → Apps in your Shopify admin. Access is revoked immediately.
48 hours later, Shopify sends the mandatory shop/redact webhook to the app.
Configuration, all field configurations, order-usage counts, and the OAuth session — all wiped.
The other two mandatory webhooks: customers/data_request is logged and we respond to you directly — in practice never needed, because no customer data is stored. customers/redact is a no-op for the same reason: there is no customer-identified data to erase.
FAQ
What merchants ask before clicking install.
Shopify's install screen lists every category contained in the data an app could technically receive. Trade Account Checkout receives the orders/create webhook, whose payload includes customer name, email, and shipping address. The app only reads the order ID, the shop domain, and the trade-account note attribute the customer typed at checkout — it does not read, store, or process the customer fields, even though they appear in the permission summary.
No. The app does not store customer names, emails, phone numbers, addresses, or payment card data. It stores only your shop domain, your field configuration, your monthly order count, and an OAuth session — none of which identifies a customer.
A single scope: write_orders. That lets the app read an order to find the trade-account number the customer entered, then write the auto-tag and the order metafield back to that order. It does not request read_customers, read_products, or any other scope.
No. Trade Account Checkout is a field-capture checkout UI extension, not a payment method, processor, or gateway. It never touches payment card data. Cards are handled entirely by Shopify's own payment system, exactly as before the app was installed.
The app's database is hosted in the United States on Fly.io and encrypted at rest. Data is shared only with Shopify (to authenticate requests and write metafields) and Fly.io (hosting). There are no third-party analytics, advertising networks, or tracking pixels.
When you uninstall, Shopify fires the shop/redact webhook 48 hours later and every row keyed to your shop domain is deleted — your saved configuration, all checkout-field configurations, your order-usage counts, and the OAuth session. You can also email support@tradeaccount.app for immediate deletion.
One permission, no customer data stored, deleted within 48 hours of uninstall. Add trade-account capture to your Shopify Plus checkout today.
Install on Shopify