Your financial data is sensitive. We treat security as a core product requirement, not an afterthought.
Last updated: June 2, 2026
All API tokens (Shopify, Meta, Google Ads) are encrypted at rest using AES-256. Database connections use SSL/TLS. No credentials are stored in plaintext.
All traffic is served over HTTPS with TLS 1.2+. API calls between NetNet and Shopify, Meta, and Google use encrypted connections.
Your revenue, costs, and profit numbers are never exposed in client-side JavaScript. All calculations happen server-side and are rendered securely within the Shopify admin iframe.
NetNet uses Shopify's official OAuth 2.0 flow. We request only the scopes we need (orders, products, billing) and never ask for write access to your store data.
Every incoming webhook payload from Shopify is verified using HMAC-SHA256 before processing. Unverified payloads are rejected immediately.
Sessions use Shopify's App Bridge token exchange. No long-lived tokens are stored in cookies or localStorage.
Our application runs on Railway's managed infrastructure with automatic SSL, private networking between services, and container isolation.
All database connections require SSL. Data is stored in Railway-managed PostgreSQL with automatic backups and point-in-time recovery.
We don't use Google Analytics, Hotjar, or any third-party tracking on our marketing site or within the app. Your usage data stays private.
We process data lawfully under GDPR. You can request data export or deletion at any time. We don't sell merchant data to third parties.
NetNet has passed Shopify's app review process, which includes security, privacy, and performance checks.
All payments are processed through Shopify's Billing API. We never see or store your credit card information.
If you have questions about our security practices or want to report a vulnerability, contact us.
bullethead.apps@gmail.comFree plan. No credit card. Install in 60 seconds.
Install Free on Shopify