Locksmith only accesses what it needs to, and only stores on its servers what it must. We work hard to make securing your content easy, while keeping our systems safe and efficient in the process.
This document contains a summary of what data Locksmith accesses and why, and concludes with a summary of what data Locksmith does and doesn't keep on its servers.
Accessing your Shopify data
When you install Locksmith for the first time, you'll see a prompt from Shopify that looks like this:
If your shop has been around for a while, you may instead see a screen like this:
Here's what Locksmith does with each of these access items:
See products (and collections)
Locksmith uses this access to scan for collections and products when you create new locks. It also uses this access to construct code for your theme that activates when a customer is viewing a particular collection or product, enabling Locksmith to protect those resources if they're locked.
Older versions of Locksmith (v1 and v2) also request permission to manage products, not just see them. In those versions, this access is used to store information about product and collection locks on the products and collections themselves. Modern versions of Locksmith no longer operate this way, and as such no longer require or request these permissions.
This is used for many things:
- The "Customers" tab, which allows you to create new customers (one at a time or in bulk), search for existing customers, and update customer tags
- Customer auto-tagging (available for some keys)
- Remembering access for returning customers (available for some keys, i.e. remembering when a returning customer has previously entered a passcode correctly)
- Associating subscriptions with a customer
Manage your Online Store (including themes and pages)
Locksmith deeply integrates with your shop's theme to ensure your content is secured across all areas. To do this, it inserts its code into your theme's Liquid files, as necessary.
Access to pages is used in a similar fashion as access to products - see the description of product access above for details.
Storing your Shopify data
What Locksmith stores
- We keep a copy of your shop's basic details (name, domain name, owner name, email address, Shopify account type, etc) for basic bookkeeping and customer support management.
- Lock and key configuration is stored exclusively on Locksmith's servers. This configuration is used to generate code to be inserted into your shop's theme (see "Manage your Online Store", above), but the configuration itself is stored on our end.
- We may store temporary copies of your theme's files, to make any updates to those files as fast as possible.
- For content protected by server keys in version v5 and later, we may store a temporary copy of the content as viewed by the visitor. This content is never transmitted unencrypted. The temporary copy expires automatically, and is used only to speed up the visitor experience.
These are the highlights, but is not a fully exhaustive list. Locksmith is a large application. :) If you have any specific questions, always feel free to get in touch.
What Locksmith doesn't store
- We do not store any of your customer data. While we may access a customer's account for purposes of applying tags or internal flags ("metafields", technically), or for debugging purposes, no customer data is stored on Locksmith's servers.
- We do not store any of your shop's order data. We only access your order data if you've configured customer subscriptions, and even then, only do so to create customer orders to correspond with subscription charges.
As with the previous list, this is not exhaustive. Defining a negative is hard. :D
Broadly, we don't store more than what's reasonable and required. We've earned the trust of thousands of merchants by working hard with you and for you, with strong and always-present ethics. If you've got any questions, please let us know. :)