Privacy Policy — Flow Fill

Last updated: 28 June 2026

Flow Fill ("the App", "we", "us") is a Shopify application that audits a merchant's

Klaviyo email/SMS lifecycle flows against the standard set of ecommerce flows and,

on paid tiers, generates draft email copy for the flows that are missing. This

policy explains exactly what data the App accesses, why, how long we keep it, and

your rights. It is written to reflect what THIS app actually does — nothing more.

Who we are

Flow Fill is operated by the app developer (contact below). The App runs at

https://flowfill.syncerp.work and is installed from the Shopify App Store into

your Shopify admin.

Protected Customer Data level

Level 0. Flow Fill does not request, read, store, or process any Shopify

Protected Customer Data. It never requests the read_orders, read_customers,

read_all_orders, or any customer/order scope, on Shopify or in Klaviyo.

Shopify data we access (scopes)

Flow Fill requests these minimal Shopify access scopes, and only these:

| Scope | Why we need it |

|---|---|

| read_products | To read your product titles/catalog as brand context so the email copy we generate sounds like your store. |

| read_content | To read your shop's pages/blog/brand content as brand context for the same grounding. |

We do not request orders, customers, checkouts, fulfilments, payments, or any

Protected Customer Data scope. We use the Shopify Admin GraphQL API only; we do not

use the REST API.

Klaviyo data we access

To audit your flows, you provide your own Klaviyo private API key (read access

to Flows). With it, Flow Fill reads flow metadata only — each flow's **name and

status** (live / draft / manual). That is the entirety of what we read from Klaviyo.

We do not read Klaviyo profiles, subscribers, events, campaigns, segments, or

any customer personal data.

Your Klaviyo private key is:

transmitted over TLS and stored encrypted at rest with AES-256-GCM;
never returned to your browser and never written to application logs (the logger

redacts key-shaped strings);

decrypted only server-side, momentarily, to call the Klaviyo Flows API;
deletable by you at any time from Settings → Disconnect, which removes it

immediately.

How we use the data

Flow metadata (from Klaviyo) — to compute which of the 10 standard lifecycle

flows you have live, have only as a draft, or are missing, and a predicted

revenue-opportunity weighting to help you prioritise.

Brand context (from Shopify: products + content) — only as grounding for the

AI that drafts missing-flow email copy, so it matches your voice.

We do not sell your data, do not use it for advertising, and do not share it except

with the sub-processors below strictly to provide the App's function.

Sub-processors

Anthropic, PBC — the LLM that generates the draft email copy (paid tiers only).

We send only your shop name and brand context plus the flow type to be written; we

send no customer or order data. The API is used with zero data-retention /

no-training settings where available.

Hosting / infrastructure — the App is hosted on a dedicated private server;

data is stored in a PostgreSQL database and a Redis instance on that server.

Klaviyo — the App calls Klaviyo's API on your behalf using your own key; your

use of Klaviyo is governed by Klaviyo's own terms and privacy policy.

No customer personal data is ever sent to any of the above.

Data retention

Your Klaviyo connection (encrypted key + status) is retained until you disconnect

or uninstall.

Audit snapshots and generated draft copy are retained so your dashboard and trend

history work, until you uninstall.

On uninstall we mark the shop inactive; on Shopify's shop/redact request

(about 48 hours after uninstall) we cascade-delete all data for your shop,

including the encrypted Klaviyo key, audits and drafts.

The GDPR customers/data_request and customers/redact webhooks are

answered truthfully: we hold no customer data, so there is nothing to return

or redact.

GDPR / your rights

Because Flow Fill processes no customer personal data, the main personal data

involved is the merchant's own account context. You may at any time:

access / export — request a copy of the data we hold for your shop;
rectify — correct inaccurate data;
erase — disconnect Klaviyo and/or uninstall, which triggers deletion as above;
restrict / object — contact us to limit processing.

EU/UK merchants are afforded these rights under the GDPR/UK GDPR. We act as a data

processor for the brand context we handle on your behalf.

Security

All data in transit is TLS-encrypted. Secrets (your Klaviyo key, any Shopify offline

token) are encrypted at rest with AES-256-GCM and are never exposed to the browser

or logs. Access to production infrastructure is restricted and key-based.

Changes to this policy

We may update this policy; material changes will be reflected here with a new "last

updated" date.

Contact

Email: gheorghe.beschea@overheat.agency

In-app data disclosure: https://flowfill.syncerp.work/docs/protected-customer-data