Security | By the Numbers

You're trusting us with the data that runs your Shopify store. Here's exactly how we protect it.

Encryption

All data in transit is encrypted with TLS 1.2 or higher. All data at rest is encrypted using AES-256. Database backups are encrypted with separate keys held in a managed key vault.

Authentication

App access is brokered by Shopify OAuth. We never see, store, or have the ability to recover your Shopify password. Internal engineering access requires single sign-on plus hardware-token MFA.

Infrastructure

We run on managed cloud infrastructure in the European Union. Production environments are isolated from development environments and from the data of other tenants. Production access is limited to a short list of engineers, logged, and reviewed monthly.

Sub-processors

We share data with the minimum number of third parties required to run the product. The current list — Shopify, your authorized destination platforms (Klaviyo, Meta, Google, TikTok), our cloud provider, our transactional email provider — is published in our privacy policy. We notify customers in advance of any addition.

Data residency

Customer data is processed and stored in the European Union. If you have a regulatory requirement for a different region, contact us and we'll work through it.

Vulnerability disclosure

If you believe you've found a security vulnerability in our service, email security@bythenumbersapp.com. We acknowledge reports within 1 business day and aim to triage and patch within 7 days for serious issues. We do not pursue legal action against good-faith researchers.

Incident response

If a security incident affects your data, we will notify you within 72 hours of confirming the impact, in line with GDPR requirements. The notification includes what happened, what data was affected, the remediation already taken, and what we're doing to prevent recurrence.

Compliance

We are a Shopify-listed partner and comply with the Shopify App Store privacy requirements. We process customer data as a data processor under GDPR — our Data Processing Addendum is available on request from support@bythenumbersapp.com.

Reporting a concern

For privacy questions, contact support@bythenumbersapp.com or use our contact form. For security disclosures, use security@bythenumbersapp.com.