Privacy Policy — FraudBlock

Last updated: May 25, 2026

FraudBlock ("the App"), provided by ModernWeb.tech ("we", "us", "our"), helps Shopify merchants automatically cancel and refund orders flagged as high risk by Shopify's risk engine. This Privacy Policy describes what data the App accesses, how it is used, and merchants' and customers' rights.

1. Data We Collect

When a merchant installs the App, we receive and store:

• Shop identifier — the merchant's *.myshopify.com domain, plan tier, and Shopify-provided access tokens, used to authenticate API requests.
• Order data — for each order evaluated by the App, we read the order ID, order number, total price, currency, and Shopify's risk-assessment result (risk level and reasons).
• Customer name and email — read from the order so the merchant can identify which customer's order was cancelled in the audit log, and so Shopify's standard cancellation email reaches the right address.
• Merchant settings — the risk threshold, restock preference, customer whitelist, and notification toggles configured by the merchant in the App admin.
• Subscription data — plan tier (Free / Starter / Growth / Unlimited), subscription status, and Shopify-issued subscription IDs.

We do not collect customer phone numbers, shipping or billing addresses, payment details, IP addresses, or device fingerprints. The App never sees, stores, or transmits cardholder data.

2. How We Use the Data

• To read Shopify's risk score for new orders and compare against the merchant's configured threshold.
• To automatically cancel and refund orders that meet the merchant's risk criteria, via Shopify's orderCancel mutation.
• To trigger Shopify's standard cancellation notification email (sent by Shopify, not by us) so the customer is informed.
• To display a list of cancelled orders in the App admin so the merchant can audit fraud-prevention activity.
• To honor the merchant-configured customer whitelist, exempting listed customers from fraud checks.
• To enforce plan limits and process subscription payments through Shopify's Billing API.

We do not sell, rent, or share merchant or customer data with third parties for marketing or any other purpose.

3. Third-Party Services

The App uses the following services, each governed by its own privacy policy:

• Shopify — for authentication, app embedding, order data, and billing. See Shopify's Privacy Policy .
• Vercel — for application hosting (serverless functions) in the United States. See Vercel's Privacy Policy .
• Neon — for PostgreSQL database storage, encrypted at rest, in the United States. See Neon's Privacy Policy .

No customer or merchant data is shared with any third party outside of the subprocessors listed above.

4. Data Retention

Order and customer data is retained only as long as the App is installed. When a merchant uninstalls the App, Shopify sends a shop/redact webhook 48 hours later, at which point all stored data for that shop is deleted automatically.

When Shopify forwards a customers/redact request, the App immediately removes the customer's name and email from any related cancellation records.

5. Merchant and Customer Rights

Merchants may at any time:

• View all cancelled orders in the App admin.
• Add or remove customers from the whitelist.
• Uninstall the App to trigger deletion of all associated data.
• Request a copy of any data we hold by emailing info@modernweb.tech.

Shoppers wishing to exercise data rights under GDPR, the UK GDPR, or the CCPA — including access, deletion, restriction, or portability — should contact the merchant they placed an order with. The merchant issues the request through Shopify, which forwards it to FraudBlock via Shopify's compliance webhooks. Shoppers may also contact us directly at info@modernweb.tech.

6. Security

Access tokens, settings, and order data are stored in an encrypted PostgreSQL database. All communication between the App, Shopify, and our infrastructure uses HTTPS / TLS 1.2 or higher. Every incoming Shopify webhook is HMAC-validated against the app secret before it is processed. We follow industry best practices for credential handling, including never logging access tokens.

7. International Transfers

Personal data processed by the App is stored in the United States (Vercel iad1 region, Neon US-East). For merchants in the EU/UK, transfers to the US are governed by Standard Contractual Clauses as included in our subprocessors' Data Processing Agreements.

8. Children's Privacy

The App is intended for use by Shopify merchants and is not directed at children under 13. We do not knowingly collect personal data about children.

9. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated to merchants via the App admin and the email address associated with their Shopify account. Continued use of the App after such notice constitutes acceptance.

10. Contact

For any privacy-related questions or data requests, contact:

ModernWeb.tech
Email: info@modernweb.tech
Website: https://modernweb.tech