Shopify Permissions & Scopes

Primary Permission: Order Data (Read-Only)

VersanaCX™ requests read access to order data in order to retrieve structured information such as order number, fulfillment status, timestamps, and line items.

This enables agents and AI-assisted workflows to reference accurate order context during customer support interactions.

Customer Association

Access to customer identifiers associated with orders is required to match incoming conversations with the correct Shopify records.

VersanaCX™ does not access or store payment credentials or full financial details.

No Write Access to Orders

VersanaCX™ does not modify orders, fulfillment records, or financial transactions.

The integration is designed for contextual retrieval only.

Any changes to order data must be performed directly within Shopify.

Why These Permissions Are Necessary

Without order access, agents must manually search Shopify during support conversations.

By retrieving structured order context securely, VersanaCX™ reduces handling time and improves response accuracy while maintaining strict governance controls.

Token Security & Storage

Shopify access tokens are encrypted at rest using AES-256-GCM.

Tokens are never logged and are stored per-tenant.

Access tokens are used only to retrieve relevant order context for active conversations.

Tenant Isolation

All Shopify data retrieval is executed within the tenant boundary and protected by row-level security (RLS).

No Shopify data can be accessed across tenants.

Revoking Permissions

Merchants may revoke permissions at any time by disconnecting the integration from the VersanaCX dashboard or removing the app within Shopify.

Once revoked, order data retrieval immediately stops.

Automation Governance

Shopify permissions do not automatically enable automation.

Automation remains subject to Shadow Mode validation, readiness thresholds, and lifecycle revalidation controls.