Data Protection Policy

Effective Date: 17 October 2025

Overview

Complect provides secure middleware and integration services designed to relay, transform, and proxy data between systems. We prioritize data minimization, encryption, and tenant isolation to protect customer information.

Data Retention & Processing

Complect does not retain customer data beyond the scope of short-term diagnostic operations.

Message Handling: All message payloads are processed in-memory or via ephemeral queues. No persistent storage of customer data occurs unless explicitly requested by the customer.
Diagnostic Logging: Transient logs and messages may be captured for up to 30 days to support troubleshooting and performance analysis.
Log Purging: Diagnostic logs and message captures are automatically purged after the retention window.

Encryption & Transport Security

All data traffic handled by Complect is encrypted in transit using industry-standard SSL/TLS protocols.

Data Isolation

Complect enforces strict tenant isolation:

Dedicated middleware instances are provisioned for Standard and Enterprise plans. ¹
No cross-tenant data access is permitted.
Filtering and transformation rules are customer-configurable to redact or reshape data before relay.

Policy Updates

We may update this policy from time to time. We will notify you of any changes by updating the date at the top of this policy.

Contact

If you have any questions about this policy, please contact us.

Excluding Shopify apps provided through the Shopify App Store. ↩

Overview​

Data Retention & Processing​

Encryption & Transport Security​

Data Isolation​

Policy Updates​

Contact​

Footnotes​