Protected Customer Data — Flow Fill

Level 0. Flow Fill does not request, read, store, or process any Shopify protected customer data.

What we access

• Your Klaviyo flow metadata (flow names and status) via a private API key you provide, used to detect which lifecycle flows you have vs. which are missing.
• Your store's brand context (shop name, product titles, content) via the minimal Shopify scopes read_products and read_content, used only to ground generated email copy in your brand voice.

What we never access

• Orders, customers, or any customer personal data — on Shopify or in Klaviyo. We never request read_orders or read_customers.

Security

• Your Klaviyo key and any Shopify access token are encrypted at rest (AES-256-GCM) and never returned to the browser or written to logs.
• On uninstall and on a Shopify shop/redact request, all of your stored data is deleted.
• The GDPR customers/data_request and customers/redact webhooks are answered truthfully: we hold no customer data.