Payout Close Merchant Data Handling Notice

Effective date: March 28, 2026

This Merchant Data Handling Notice describes how Erythreia processes merchant data and protected customer data in connection with the Payout Close Shopify app.

1. Purpose

Payout Close processes limited Shopify data strictly to provide payout reconciliation and merchant-downloadable payout close outputs.

2. Data categories

Payout Close may process the following categories of data made available through Shopify:

• shop identifiers and shop domain
• order identifiers, order references, order timestamps, and order-linked financial values
• refund identifiers, refund timestamps, refund transaction values, and refund-related transaction metadata
• Shopify Payments payout identifiers, payout statuses, payout issue dates, payout summaries, and payout financial values
• balance transaction data, including amounts, fees, net values, transaction types, and payout associations
• app session data required for authentication and operation
• mandatory compliance webhook events and app lifecycle webhook events

Payout Close is designed not to request or depend on the following protected customer fields:

• name
• email
• phone
• shipping address
• billing address

3. Permitted use

Erythreia processes the above data solely to:

• authenticate the merchant and operate the app
• reconcile payouts against charges, refunds, transfers, and related order-linked transactions
• generate merchant-downloadable outputs such as summary.json, payout-rollup.csv, and pending-transactions.csv
• provide merchant-requested troubleshooting or operational support
• maintain service integrity, logging, and security
• comply with applicable law, Shopify platform requirements, and mandatory compliance webhook obligations

Erythreia does not use this data for unrelated advertising, resale, or cross-merchant profiling.

4. Disclosure

Erythreia may disclose data only to service providers that are reasonably necessary to operate Payout Close, including hosting, database, logging, monitoring, and support providers, and only subject to confidentiality and data protection obligations.

5. Retention

Erythreia applies retention periods so personal data is not kept longer than needed for the above purposes.

The operating standard is:

• app session records are retained only as long as required for app operation and a limited post-uninstall or inactivity period
• generated outputs are generated on demand and are not persistently stored by default after delivery
• temporary diagnostic captures are retained only for the period reasonably necessary to investigate or validate a merchant-authorized issue, and are then deleted or sanitized
• support records are retained only for a limited support/compliance period
• legal or compliance records are retained only as long as reasonably necessary for those obligations

6. Security

Erythreia uses encryption in transit, encryption at rest for production systems used to store personal data, least-privilege access controls, and role-limited access to reduce unauthorized access risks.

7. Merchant responsibility

The merchant remains responsible for determining whether the app is suitable for the merchant’s business and legal obligations. By installing and using Payout Close, the merchant authorizes Erythreia to process the limited categories of data described in this notice for the stated purposes.

8. Contact

For questions about this notice or Payout Close data handling, contact:

Erythreia
erythreia@proton.me
mailto:erythreia@proton.me