# Shopify data security Littledata takes security for our customer's data seriously, and along with our [data security policy](https://docs.google.com/document/d/1wyyWTVPrXVtG4hjn5-Q_K_UNK5t29sMNtoBnqev4cYg), this guide will help you understand what we do and do not track. ### Data processing overview ![Littledata AWS infrastructure](https://res.cloudinary.com/littledata/w_1024,h_524,c_fit/littledata-blog-images/2021/07/Shopify-data-processing-2021-Full-status-now.png) Littledata's systems, hosted in AWS US-East-1, accept webhooks and API responses from Shopify (all using SSL) and process the data for forwarding to data destinations (Google Analytics or Segment). The data never leaves the USA. All access to Littledata's secure systems is limited to a handful of senior full-time employees, on a least privilege basis, using multi-factor authentication. Our tracking script also tracks some pseudo-anonymous fields from the end user's browser and stores them temporarily in the cloud for use in this event processing. ### Customer data processed Our policy is to store and process as little personally identifiable (PII) data as possible, and the specifics of how we handle PII fields is below. We also store non-PII data in our MongoDB instance, for up to 2 months after the event, to use in refunds and error investigation. All data is encrypted in transit and at rest | Data field | Received by Littledata | Temporary storage \* | Relayed to Google | Relayed to Segment | Relayed to Facebook \*\* | Relayed to Pinterest | Relayed to TikTok | Relayed to Klaviyo | | ----------------------------------------------------------- | ---------------------- | -------------------- | ----------------- | ------------------ | ------------------------ | -------------------- | ----------------- | ------------------ | | Payment information | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | | Physical address | ✔ | ✔ | ❌ | ✔ | ✔ | ✔ | ✔ | ✔ | | Email address | ✔ | ✔ | ❌ | ✔ | ✔ | ✔ | ✔ | ✔ | | Customer name | ✔ | ❌ | ❌ | ✔ | ✔ | ✔ | ✔ | ✔ | | Partial IP address \*\*\* | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | | Platform specific client ID \*\*\*\* | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | | Shopify customer number | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | | Contents of the shopping cart (item name, sku and quantity) | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | | Phone Number | ✔ | ✔ | ❌ | ✔ | ✔ | ✔ | ✔ | ✔ | * We store some fields for up to a month for reuse with other events for the same customer. Any fields not specified here are not stored. These fields are not stored with any other data which could be used to infer the customer. \*\* All data relayed to Facebook is hashed. \*\*\* Last octet is anonymized \*\*\*\* GA client ID / Segment Anonymous ID / fbp / fbc --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://help.littledata.io/advanced/developer/shopify-data-security.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.