Safeguards

Security Practices

Perkli's security program is designed around minimum data access, auditable ledger integrity, and Shopify protected customer data readiness.

Last updated: July 15, 2026

Data minimization

Perkli limits protected customer data access to the fields and API resources needed for app functionality, analytics, support, security, and compliance.

Customer wallet balances are ledger-backed so merchants can understand why balances changed without broadening the data footprint.

Encryption

Perkli uses HTTPS/TLS for data in transit and infrastructure-level encryption at rest where supported by hosting, database, backup, and storage providers.

Production secrets must be stored in managed environment-variable systems and must not be committed to source control.

Access controls

Production access is limited to authorized personnel with a business need and should use strong passwords, multi-factor authentication where available, least privilege, and offboarding controls.

Administrative access to systems that process customer personal data should be logged and reviewed for operational and security purposes.

Environment separation

Perkli keeps development, test, and production environments separate and avoids using production customer personal data in test workflows unless strictly necessary and appropriately protected.

Dev-store testing should use test data whenever possible.

Backups and loss prevention

Perkli's production database and infrastructure providers are expected to support encrypted backups, retention windows, restore testing, and access controls.

Operational practices should include data-loss prevention through access limitation, secrets management, code review, dependency updates, monitoring, and incident response.

Incident response

Perkli maintains an incident-response process for identifying, triaging, containing, investigating, remediating, and communicating security incidents.

When a security incident affects personal data, Perkli will notify impacted merchants and other parties as required by applicable law, agreement, and Shopify requirements.

Questions about this page? Contact Perkli privacy support.