Safeguards
Security Practices
Perkli's security program is designed around minimum data access, auditable ledger integrity, and Shopify protected customer data readiness.
Last updated: July 15, 2026
Data minimization
Perkli limits protected customer data access to the fields and API resources needed for app functionality, analytics, support, security, and compliance.
Customer wallet balances are ledger-backed so merchants can understand why balances changed without broadening the data footprint.
Encryption
Perkli uses HTTPS/TLS for data in transit and infrastructure-level encryption at rest where supported by hosting, database, backup, and storage providers.
Production secrets must be stored in managed environment-variable systems and must not be committed to source control.
Access controls
Production access is limited to authorized personnel with a business need and should use strong passwords, multi-factor authentication where available, least privilege, and offboarding controls.
Administrative access to systems that process customer personal data should be logged and reviewed for operational and security purposes.
Environment separation
Perkli keeps development, test, and production environments separate and avoids using production customer personal data in test workflows unless strictly necessary and appropriately protected.
Dev-store testing should use test data whenever possible.
Backups and loss prevention
Perkli's production database and infrastructure providers are expected to support encrypted backups, retention windows, restore testing, and access controls.
Operational practices should include data-loss prevention through access limitation, secrets management, code review, dependency updates, monitoring, and incident response.
Incident response
Perkli maintains an incident-response process for identifying, triaging, containing, investigating, remediating, and communicating security incidents.
When a security incident affects personal data, Perkli will notify impacted merchants and other parties as required by applicable law, agreement, and Shopify requirements.