What this app does
Editioned is a Shopify app that helps merchants turn products into numbered limited editions with hosted provenance certificates, QR verification, an optional EU Digital Product Passport (DPP) JSON-LD export, and order-metafield integration with the merchant's existing email tool.
Scopes we request
Editioned requests the following Shopify access scopes:
read_productsfor reading product titles, descriptions, images, and metafieldswrite_productsfor writing edition data and certificate URLs to product metafieldsread_ordersfor detecting when an edition has been purchased, registering the buyer as the certificate owner, and assigning the next edition (granted under Shopify's Protected Customer Data approval on 11 May 2026)write_ordersfor writing per-ordereditionedmetafields (edition number + certificate URL) so the merchant's email tool can include the certificate link in its order emails. We write only these metafields, we never alter order line items, totals, fulfillment, or any other order data
What we collect and store
The following data is stored in our database (PostgreSQL hosted on Railway, EU/US region):
Shop-level
- Shop domain (e.g.
your-store.myshopify.com) and access token - App settings (studio name, certificate style preference, custom certificate URL, auto-assign toggle)
- Plan tier (Free / Pro / Studio) for billing-state caching
Product-level
- Shopify product ID and handle
- Edition configuration: total editions, edition mode, series number
- Provenance data the merchant enters (origin, materials, technique, studio attestation, manufacture date, optional EU-DPP fields)
Edition-level (one row per individual numbered piece)
- Edition number and unique cryptographic token (UUID)
- Status:
available/reserved/shipped/delivered - When the edition is purchased, we store from the order webhook: buyer email, buyer name, Shopify order ID, order number, sold-at timestamp
- Ownership record: whether an official owner is registered, the date ownership was claimed, and a chain-of-custody log, a list of ownership events (purchase, claim, transfer, correction, return), each with the owner's name, email, and timestamp
- Transfer: when an owner starts a peer-to-peer transfer, a temporary one-time claim token and its expiry are stored until the new owner claims it
Certificate view tracking (cert-page only)
When someone opens a per-edition certificate page at /apps/provenance/{handle}?edition=N&token=X, we store:
- Edition ID and timestamp
- Whether the request carried a valid token (
isBuyerflag) - A one-way hashed visitor ID:
SHA-256(IP + ":" + UserAgent + ":" + secret), truncated to 32 hex characters
We do not store raw IP addresses, raw user-agent strings, browser fingerprints, geographic data, or cookies. The hashed ID is used only to deduplicate refreshes (one view per visitor per hour) and to display verification counts to the buyer and public scanners. The hash is salted with a per-deployment secret, making it irreversible in practice and uncorrelatable across deployments.
What we write back to Shopify
We write metafields to the merchant's products and orders so themes, email tools, and third-party apps can read edition data natively:
On products (namespaces: provenance and custom)
- Edition total, remaining count, edition mode, series number, certificate URL
- Provenance fields JSON (origin, materials, etc.)
- HTML snippet for the edition tracker theme block
On orders (namespace: editioned)
- Personalized certificate URL (with edition + token), edition number (Arabic + Roman), product handle and title, masked token (last 4 characters), fulfillment timestamp
Order metafields let merchants pipe the certificate link into their existing transactional email tool (Shopify Email, Klaviyo, Omnisend, Mailchimp). Editioned does not send transactional email itself.
What we do NOT collect or store
- Customer payment information, credit card numbers, or banking details
- Customer email addresses for marketing purposes (we don't run any marketing channel)
- Browsing behavior, storefront analytics, or cart contents
- Any data from stores where the app is not installed
- Raw IP addresses, raw user-agent strings, or device fingerprints on the cert page
- Cookies on the merchant's storefront
How we use this data
All data is used solely to provide the app's core functionality:
- Displaying edition information on the merchant's storefront and admin
- Generating hosted certificate pages, printable cert PDFs, and (Pro+) EU-DPP JSON-LD exports
- Auto-assigning the next available edition when a customer purchases (Pro+)
- Syncing edition state and order metafields back to Shopify so the merchant's email tool can include the certificate URL in their normal post-purchase flow
- Showing buyers a verification trail ("You first opened this on …") on the certificate page
Data sharing
We do not sell, rent, or share merchant or customer data with any third parties. Data is only transmitted between your Shopify store and our application server hosted on Railway.
Sub-processors:
- Railway: application hosting and PostgreSQL database (EU/US region). Railway privacy policy
- Shopify: the source of all merchant and order data, per the merchant's Shopify Terms
- Google Fonts: used on our marketing site for Inter typeface; not loaded from the Shopify admin or app proxy
Data retention and deletion
When the merchant uninstalls Editioned
- Immediate. Session data is deleted from our database
shop/redactwebhook (Shopify delivers approximately 48 hours after uninstall). All remaining shop data, including edition configuration, edition rows (with any stored buyer fields), order tracking, and cert-view history, is permanently deleted- Metafield data we wrote to the merchant's Shopify products and orders remains under the merchant's control. Shopify never instructs us to remove that on the merchant's behalf
When a buyer requests deletion
On Shopify's customers/redact webhook (sent by Shopify when a customer requests data deletion from a merchant), we delete the buyer email, buyer name, and order ID from any edition rows that match that customer for that shop. The edition itself remains (it's a physical record), but the buyer-identifying fields are nulled.
Manual purge on request
If you need data deleted sooner than the standard 48-hour window (for example to comply with a regulatory deadline or court order), contact us at hello@editioned.app and we will perform a manual purge.
GDPR compliance
We comply with the General Data Protection Regulation (GDPR) and respond to all mandatory Shopify GDPR webhooks:
customers/data_request. We provide any stored data related to a specific customer (typically: edition rows where the customer's email or order ID appears)customers/redact. We delete or null all stored personal data related to a specific customershop/redact. We delete all stored data related to a shop after uninstallation
EU customers have the right of access, rectification, erasure, restriction of processing, and data portability. To exercise any of these rights, contact hello@editioned.app.
Cookies and trackers
Editioned does not set any cookies on the merchant's storefront. Within the Shopify admin, standard Shopify session cookies are used for authentication. The marketing site at editioned.app does not set any cookies or run third-party analytics, advertising, or fingerprinting scripts. Clicks on the Install button are counted server-side in aggregate, recording the page path and timestamp only: no cookies, no scripts, no identifiers.
EU Digital Product Passport export (Pro+)
Editioned's optional DPP JSON-LD export generates a machine-readable record per edition containing the data the merchant entered (manufacturer, materials, sustainability fields, etc.) plus the certificate URL. No additional data is collected for this feature. It only structures what the merchant has already provided. The export is generated on demand and downloaded by the merchant; we do not transmit it to any third party.
Children's data
Editioned is a B2B tool for merchants. We do not knowingly collect data from anyone under 16. If you believe a minor's data has been provided to us, contact us and we'll delete it.
Changes to this policy
We may update this privacy policy when Editioned's data handling changes (for example, when we add a new scope or feature). Changes will be reflected on this page with an updated date, and material changes will be communicated via the in-app guide.
Contact
If you have questions about this privacy policy or your data, or want to exercise a GDPR right, contact us at:
Editioned is developed by Guild 79.