FairGate ← Back to home

Privacy Policy

Last updated: June 24, 2026

FairGate (“FairGate”, “the app”, “we”, “us”) is a Shopify app that helps merchants block unwanted, fake, or abusive checkout attempts using a merchant-defined blocklist. This policy explains what data the app handles, how it is used, and the choices available to merchants and their customers.

1. Who this policy is for

This policy applies to merchants who install FairGate on their Shopify store and to the buyers who interact with those stores at checkout. FairGate is installed by the merchant, and the merchant is the controller of any personal data they choose to add to their blocklist.

2. Information we collect

We keep data collection to the minimum needed to run the blocklist. Specifically:

3. Buyer data at checkout

FairGate enforces the blocklist through a native Shopify Cart and Checkout Validation Function that runs inside Shopify’s sandboxed environment. During a checkout, the function reads only the minimal fields needed to evaluate the blocklist (such as the buyer’s email, phone, and shipping/billing address) and compares them against the published blocklist.

This evaluation happens entirely within Shopify. The function does not send buyer data to FairGate servers, does not call any external service, and does not store buyer checkout information in our database. If a match is found, the buyer sees a single generic message and the specific reason is never revealed to them. If the configuration is missing, disabled, or malformed, the function fails open and allows the checkout to proceed.

4. How we use information

We do not sell personal data, and we do not use buyer or blocklist data for advertising or profiling.

5. Sharing and sub-processors

We use a small number of service providers to run the app, and we share data with them only as needed to provide the service:

We may also disclose information if required by law or to protect the rights, safety, and security of our users and the service.

6. Data retention and deletion

Your blocklist, settings, and audit history are retained while the app is installed. You can edit or delete blocklist entries at any time from the app. We honor Shopify’s mandatory data-protection (GDPR) webhooks, with verified authenticity (HMAC), as follows:

None of these handlers log buyer personal data — only the store domain, the webhook topic and id, and counts.

7. Merchant responsibilities

As the merchant, you decide which values to add to your blocklist. You are responsible for ensuring you have a lawful basis to store and process any personal data you enter, and for honoring your own customers’ privacy rights under applicable laws such as the GDPR and CCPA. Keyword-based address matching can produce false positives, so review your entries carefully.

8. Security

Data is transmitted over encrypted connections (HTTPS) and stored with our hosting and database providers under their security controls. No method of transmission or storage is completely secure, but we work to protect your information using reasonable safeguards.

9. Changes to this policy

We may update this policy from time to time. When we do, we will revise the “Last updated” date above. Material changes will be reflected here, and your continued use of the app after an update constitutes acceptance of the revised policy.

10. Contact us

If you have questions about this policy or how your data is handled, contact us at info@fairgate.app.