Last updated: May 10, 2026

Security

Security practices behind Valyn's focused Shopify order support automation.

Limited Shopify permissions

Valyn is built around read-focused order access needed for order support automation and does not modify orders.

Token and credential handling

Shopify access tokens are stored server-side. SMTP passwords are encrypted at rest with AES-256-GCM before storage.

Access control

Internal dashboard APIs require Shopify App Bridge session tokens signed for the installed app.

Logging

Valyn logs inbound email processing outcomes, reply status, order matches, and errors so merchants can review automated behavior.

Data retention

Inbound MIME files expire from S3 after 30 days. Order and reply logs auto-expire at the end of the plan's retention window (7 days on Starter, 90 days on Pro). Shop-level data is deleted through Shopify redaction workflows after uninstall.

Incident contact

Security questions can be sent to support@getvalyn.com.

No unnecessary order modification

The product is designed to read order data for support replies, not modify store orders or fulfillment state.

Get your support time back.

Install on Shopify in under two minutes. 7-day free trial, no card required.

Install on ShopifyView live demo