Security
Your data is safe with Importier
Importier handles sensitive product data, supplier files, and store credentials. We take that responsibility seriously. Here is how we protect your information.
Encryption in transit and at rest
All communication between your browser, the Importier app, and Shopify is encrypted using TLS 1.2+. Uploaded files are processed in memory and are not written to persistent storage beyond what is required to complete your import.
Minimal access permissions
Importier requests only the Shopify API scopes it needs to import products, manage inventory, and read store settings. We do not request access to customer data, order data, or payment information. You can review the exact permissions during installation.
Hosted on Vercel with global edge
Importier runs on Vercel's infrastructure with automatic DDoS protection, edge caching, and global CDN delivery. Application code is deployed immutably with zero-downtime rollbacks available for every release.
No data selling or sharing
Your product data, supplier files, and store information are never sold, rented, or shared with third parties for advertising or profiling. Data is used solely to provide the import service you requested.
AI data handling
Product data sent to AI providers (OpenAI, Anthropic, Google, xAI, Amazon, Meta, Mistral, DeepSeek) is used only to generate the requested output. We do not send personal merchant information (name, email, billing) to AI providers. Each provider's data processing terms apply.
File processing and retention
Uploaded CSV, Excel, and PDF files are processed during your import session. Files are not retained after import completion. Import history records (product titles, SKUs, success/failure status) are kept for your reference and can be deleted on request.
GDPR and privacy compliance
Importier is designed with privacy by default. We comply with the General Data Protection Regulation (GDPR) and the Australian Privacy Act. Merchants can request access to, correction of, or deletion of their personal data at any time.
Authentication and access controls
The Importier admin dashboard is protected by password authentication with two-factor authentication (TOTP). All inbound webhooks from Shopify are verified with HMAC signatures to prevent unauthorised access. Support emails are authenticated with DKIM, SPF, and DMARC.
Embargo and confidential data
We understand that product catalogues often contain confidential or pre-release information. Supplier pricing, unreleased product lines, and internal SKU structures are treated as confidential by default. Importier does not index, cache, or make your uploaded data accessible to other merchants. Each store's data is completely isolated within our infrastructure. AI-generated content is produced per-request and is not shared across accounts.
Responsible disclosure
If you discover a security vulnerability in Importier, we encourage responsible disclosure. Please report it to our support team at privacy@importier.app with the subject line "Security Vulnerability Report". We will not take legal action against researchers who report vulnerabilities responsibly and refrain from disclosing details publicly before a fix is deployed.
For more details, see our Privacy Policy and Terms and Conditions.