What Shopify scopes will you request?

Only the scopes the agreed workflow requires. If a build needs orders and products, we request read/write for those and nothing else. We do not request blanket scopes ‘to be safe’.

How do you handle our credentials and secrets?

Secrets live in environment variables, never in the codebase or in chat. We follow least-privilege, and where an engagement ends we ask you to rotate or revoke the access that was granted.

Will an AI ever message our customers on its own?

Not by default. AI workflows draft; a human reviews and sends. Auto-send is only ever enabled for narrow, low-risk cases you explicitly approve, with logging and escalation rules in place.

We are an agency — will our clients ever see you?

Only if you want them to. White-label work is NDA-friendly: no fingerprints in the code, no direct client contact, and delivery under your brand unless we agree otherwise.

What do we get at handover?

The repository, documentation, deployment notes and a short runbook for the system — so your team or another engineer can maintain it. Ongoing maintenance is optional, never a lock-in.

Trust & SecurityForgify

Trust, security and maintainable Shopify engineering

Custom apps, integrations, dashboards and AI workflows can touch sensitive business data. Here is exactly how Forgify keeps access narrow, events verified, secrets safe and the system documented and yours.

Get a free Shopify leak scan Talk to us

01 — Why trust matters

Custom systems touch sensitive data.

Access is a deliberate decision, not a default.

Custom apps, ERP integrations, dashboards, tracking and AI workflows can reach orders, customers, pricing and operational data. That is exactly why the boring parts — scopes, secrets, webhooks, logs and handover — are treated as first-class engineering, not an afterthought.

Forgify keeps access narrow, documented and intentional. The goal is leverage with control: you get the system you need without handing over more of your store than the work actually requires.

02 — Access & integrity

Narrow scopes, verified events.

The two things most likely to go wrong in Shopify engineering — over-broad access and unreliable events — handled on purpose.

Minimal Shopify scopes

We request only the access scopes the workflow needs, and document why each one is there. No blanket permissions ‘to be safe’.

Least privilege

Verified webhooks

Webhooks are HMAC-verified, the mandatory GDPR/compliance topics are implemented, and handlers are idempotent where retries are possible.

HMAC · idempotent

No admin access for the first scan

The free scan reviews only the public storefront. Admin access is requested later, scoped to the agreed build, once you decide to proceed.

Public storefront only

Credentials & secrets

Secrets live in environment variables, never hardcoded. Least-privilege keys, and access rotated or revoked at the end of an engagement where possible.

Env vars · rotation

03 — Data & AI

AI assists — it doesn't go rogue.

We only handle the data a project needs, and AI stays human-supervised by default.

HMAC verificationLeast-privilege scopesIdempotent handlersHuman approval

Data handling: We work with only the data the project requires, avoid unnecessary retention, and confirm what is stored and for how long during scope.
Human-in-the-loop AI: AI drafts; a person approves before anything reaches a customer. No autonomous customer messaging unless you explicitly approve it.
Grounded answers: AI responses are built from your data and policies, with low-confidence cases escalated to a human rather than guessed.
Logs & escalation: Context and decisions are logged so you can see what was answered and why, with clear escalation rules for sensitive cases.

04 — Operations & handover

Visible in production, yours to keep.

A system you can see, trust and maintain — not a black box only we understand.

Monitoring & logs

Structured logs, alerts on failures, and dead-letter queues for integrations so a failed sync is visible and recoverable — not silently lost.

Observability

Handover

Repository, documentation, deployment notes and a runbook at the end of every build, with optional maintenance — never a lock-in.

Docs · runbook

Agency white-label privacy

NDA-friendly delivery for agency partners: no fingerprints in the code, no client contact, delivered under your brand unless agreed otherwise.

NDA-friendly

FAQ

Questions about access, data and security.

No. The free leak scan only needs your public store URL. Admin access — at the minimum scope required — is requested later, once a paid engagement is scoped and you have decided to proceed.

Custom Shopify app development in SwitzerlandService Shopify ERP integration for complex storesService AI support workflow demo buildDemo Lab White-label Shopify development for agenciesService About ForgifyCompany Get a free Shopify leak scanFree scan