Privacy Policy

Last updated: 2026-07-16

B2B Triage is a Shopify app that lets a merchant publish a wholesale registration form, review the applications it receives, and — on approval — create the corresponding native Shopify B2B records. This page describes exactly what data the app handles, where it is stored, who else touches it, and how it is deleted.

The app is operated by Human After All. For anything on this page, contact us.

Our role

The merchant who installs B2B Triage decides what their registration form asks for and what happens to the applications. In data-protection terms the merchant is the controller and we are a processor acting on their instructions. If you applied for a wholesale account with a store, that store is the party that holds your relationship — and the first place to send a request about your data. We will act on any request they pass to us, and you can also contact us directly using the form above.

What the app stores

Applicant data (from the registration form)

When someone submits a wholesale registration form, we store the submission. The merchant builds the form, so the merchant decides the fields, and the app supports fields that commonly carry personal and business data:

Some of this belongs to people who are not Shopify customers and may never become one — an application that is still pending, or that was declined, is data we hold and the merchant’s Shopify store does not. That is why the app answers data requests and deletion requests itself rather than deferring to Shopify, and it is described under Your rights below.

Merchant and store data

What the app does not store

IP addresses and bot protection

To stop a single script from flooding a merchant’s form, the app rate-limits submissions. It does this without storing the IP address: the address is hashed (SHA-256, with a salt unique to each store) the moment the request arrives, and only that hash is used as a counter key. The hash expires within about a minute. The IP itself is never written to a database and never written to a log.

The applicant’s browser loads nothing from any third party when it renders the form. There is no CAPTCHA widget, no analytics, no tracker, no font, and no script from any other company. Spam is handled by a hidden field that real applicants never see and by the rate limit described above — both run on our own server, and neither profiles anybody.

Where data is stored, and who processes it

ProcessorWhat it handles
Cloudflare (Workers, D1, KV)Runs the app and stores every record described above. Form submissions and audit records live in Cloudflare D1; rate-limit counters live in Cloudflare KV.
ShopifyThe merchant’s store. On approval, the app writes customer and company records into it (see below).
Cloudflare Email SendingDelivers the app’s emails. It receives the recipient’s email address and the content of the message — nothing else from the application. It is listed separately from the row above because it is a different service doing a different thing: sending a message out to an inbox, rather than storing a record. It is operated by the same company, so no additional company receives your data. See Emails the app sends below.

There are no other sub-processors. The app uses no analytics provider and no advertising network. No company other than Cloudflare and Shopify handles this data. Until July 2026 the app was built to send its email through Postmark, a separate provider; that was changed before the app was released and no application data was ever sent to them.

Emails the app sends

The app can send up to three emails, and a merchant chooses which ones their form sends. All of them are off unless the merchant turns them on.

The app never sends email as the merchant’s own domain. Messages come from an address belonging to B2B Triage and are labelled as sent on the store’s behalf; replies go to the store’s contact address. We do this so that no merchant has to hand us control of their domain’s email, and so that nobody receiving one of these messages is misled about who sent it.

A fourth email — the account invitation sent when an application is approved — is sent by Shopify, from the merchant’s own store, and does not pass through the app or through Cloudflare Email Sending.

These messages carry no tracking. There is no open-tracking pixel and no click-tracking redirect, so the app does not learn whether a message was opened or a link was followed.

🔴 An email, once sent, is outside our reach. Deleting an application from the app removes it from our systems; it cannot remove a message already delivered to someone’s inbox, and it cannot remove the delivery record the email service keeps. This is stated plainly rather than left for you to infer from the table above: it is a real limit on the deletion promise made under Your rights.

Encryption — stated precisely

What happens when an application is approved

Approval writes native Shopify records into the merchant’s own store: a customer, a company, a company location, and the contact link between them, along with tags, payment terms, tax exemptions, and metafields derived from the application.

Those records belong to the merchant and are governed by the merchant’s privacy policy and Shopify’s, not this one. They are deliberately not tied to our app: if the merchant uninstalls B2B Triage, their companies and customers remain, because they were always theirs. The corollary is that removing our data does not remove those Shopify records — a deletion request that must also reach them has to be actioned in Shopify, by the merchant.

Tax and VAT identifiers written to metafields are configured so they are not exposed to the storefront and are visible only inside the merchant’s admin.

Retention and deletion

Your rights, and how the app answers them

Shopify sends every app three mandatory privacy requests. This is exactly what B2B Triage does with each one.

Request to see your data (customers/data_request)

The app finds every application matching your email address — including pending and declined ones, which exist only in our records — and records that the request arrived, together with the identifiers of the applications that answer it. The merchant can then read the full application in the app and provide it to you. Requests are actioned within 30 days.

Request to delete your data (customers/redact)

The app erases the personal data from every application matching your email address: your email, every answer you gave (including name, address, and any tax identifier), and the internal processing detail that could quote them.

What deliberately remains is an anonymous skeleton: that an application was received on a date, what was decided, by which staff member, and which company record it produced. It names no one. The merchant needs it because approval created a real business relationship — a company with pricing and payment terms — that continues to exist and that they must be able to account for. There is nothing in that skeleton that identifies you.

Store deletion (shop/redact)

Everything the app holds for that store is deleted, as described above.

Contacting us directly

Contact us through our form and we will action any access or deletion request, or pass you to the merchant where the data is theirs to release. If you are the merchant, you can also remove any application from the app at any time.

Data transfers

Cloudflare runs the app across its global network, and data may be processed outside your country. Cloudflare and Shopify each publish their own data protection terms and transfer safeguards, which govern the parts of the service they operate.

Changes

If what the app does with data changes, this page changes with it, and the date at the top moves. Material changes will be described here rather than quietly folded in.