Data Loss Prevention
Last updated: July 2026
How Shoptopus Prevents Data Loss
Welcome to Shoptopus. When you sign up for any application built by Shoptopus, or make use of any service that Shoptopus provides, you accept and agree to be bound by the conditions set out below.
Shoptopus offers Shopify merchants practical tools for running their stores more efficiently. Our Invoice Generator app lets merchants produce and tailor documents such as invoices, packing slips, credit notes, return labels, and shipping labels, and includes flexible customization so each document can be shaped to a merchant's needs. Our Bulk Image Upload app helps merchants update large numbers of products quickly and safely across their catalog. Any new capabilities or tools we add to these Services in the future will be covered by this document as well.
From time to time we may revise, amend, or restate this document, along with any other terms, rules, or conditions published on our website or within our applications. We will make reasonable efforts to let you know when such changes occur, but you acknowledge that prior notice is not guaranteed and you waive any right to challenge a term of this Agreement on the basis of an earlier amendment or the absence of adequate notice. If you do not accept the revised terms, or are unable to comply with them, you are not permitted to use our applications. Continuing to use our applications after changes have been posted on the apps or on the company website will be treated as acceptance of the updated terms. We reserve the right to decline to provide products or services to anyone at any time.
This document forms a legally binding agreement between you and Shoptopus (together, "Shoptopus", "Invoice Generator", "Bulk Image Upload", "we," or "us") concerning your use of our applications and services. Please read it carefully and, where possible, keep a copy for your own records. Throughout this Agreement, the words "you," "your", "merchant", "store owner", "Shopify user" and "Customer" refer to you. If you are visiting, using, or registering for any Shoptopus application or service on behalf of a company or other organization, you accept these terms on that organization's behalf and represent to Shoptopus that you are authorized to bind it to these terms (in which case those same words refer to that organization).
Purpose of This Policy
Shoptopus apps are offered on a subscription basis to help you manage tasks such as invoicing and bulk product management. If you hold a Shoptopus subscription, this policy serves both as a guideline and as a general overview of how the Shoptopus applications are managed and safeguarded.
Policy Detail
Shoptopus is dedicated to improving the experience of our users through a wide range of e-commerce tools and services. Our goal is to make day-to-day store operations simpler by putting reliable applications and support within easy reach.
Our e-commerce activities encompass the Shoptopus website, our applications, and the services we deliver through various communication channels.
Shoptopus is committed to protecting the sensitive information of our users. We continually create and update our policies to safeguard every kind of sensitive data that belongs to those who use our apps.
It is Shoptopus's standard practice to protect merchant data at all times. Information is protected both as it is sent and as it is received, for example, when an invoice is generated for a Shopify transaction or when product images are uploaded in bulk across a store's catalog. To achieve this, we apply several layers of protection across our apps and services.
- We use encryption so that no part of a transaction is readable by anyone other than the parties at each end of the exchange. This means data can move securely without the risk that a third party could intercept some or all of it. Encryption also confirms that data is not altered as it travels from point to point, so what is received matches exactly what was sent. Shoptopus uses a minimum of 128-bit encryption, and this requirement extends to the vendors that host Shoptopus member data.
- To keep transactions secure, a protected connection is established between the two parties before any data is exchanged. The party initiating a transaction must verify their identity beforehand, typically through user IDs or account numbers combined with passwords or PINs. Encryption certificates are also used to confirm that both servers and users are genuine. System administrators govern access by granting users different permission levels for applications and data, with those levels set by senior management and tied to each role, so that access to applications and particular transaction types is only provided where a person's job actually requires it.
- Multi-factor authentication (MFA) strengthens security by requiring more than one form of verification before a transaction is allowed. This layered approach makes it considerably harder for an unauthorized person to gain entry, helping to guard against data theft and fraud.
- Firewalls protect our internal systems from threats originating on the Internet, and also shield those systems when they connect to vendor networks. Firewall software and configurations are reviewed on a regular basis to keep protection at its strongest, and an audit log records every attempt to reach blocked services. Firewalls and other access controls are used as needed to restrict connections to sites or services considered inappropriate. Where a solution is hosted by a vendor, its firewall is reviewed before it is put into use.
- As part of our commitment to your privacy and security, we operate a comprehensive network security setup. It includes a firewall that stops outside parties from reaching protected servers without authorization, and it blocks attempted virus attacks using network-level anti-virus software that updates automatically and regularly. Email is scanned before delivery to further reduce the chance of a virus entering through that route. Traffic within the network is governed by its own rules and restrictions, and firewall technology channels outside parties only to approved internal resources, permitting, for instance, ordinary web browsing while blocking administrative traffic. This approach greatly lowers the risk of anyone gaining unauthorized access to a protected server.
- Shoptopus is committed to maintaining strong physical security for all of its data and hardware. Sensitive data, hardware, and software are kept in secured infrastructure with controlled, access-restricted entry that is monitored throughout the day, and only a limited number of authorized personnel can reach these resources. It is our practice to change administrative passwords and immediately revoke access privileges whenever there is a change among technical staff. In addition to primary storage, Shoptopus keeps backups of critical systems data and replicated storage in a separate, secure off-site location, ensuring information remains available in the event of a disaster or other critical situation.
- All technical staff are trained and review every procedure at least once a year.
- Staff passwords on host processing systems expire on a fixed schedule. This control, combined with a strict Shoptopus policy that forbids users from sharing or disclosing their passwords, is designed to prevent unauthorized access to systems and data. When a change in a staff member's status is received from management, access codes are promptly removed from the relevant systems.
- Shoptopus recognizes that e-commerce security risks evolve constantly. New threats to security, safety, and accuracy emerge regularly, and vendors release updates and patches to address them. To support the ongoing maintenance of key security components, Shoptopus engages, at regularly scheduled intervals, in review and oversight with recognized experts in e-commerce security. These specialists may also provide technical guidance as new e-commerce features are introduced, helping ensure existing systems stay safe and secure. Through this work, Shoptopus maintains the high level of security required for continued success in a constantly changing environment.
- Shoptopus relies on a range of secure data communication methods to ensure information is always transferred safely and reliably. Data transmissions are secured, encrypted, and/or password protected as appropriate.
Identifying Sensitive Data
The aim of data loss prevention (DLP) is to detect and stop the unauthorized access, use, or disclosure of sensitive information. DLP enables an organization to control what information leaves it and how that information is handled once it does, and it can work alongside encryption to add further protection. The first step in DLP is to identify all confidential, restricted, and highly restricted data throughout the application and across its three states, data in transit, data at rest, and data in use. Once that information has been mapped, Shoptopus defines the scope within which the DLP solution will operate. For each data set, we assess whether applying a DLP product is an efficient use of resources, whether the data is non-sensitive, or whether DLP would meaningfully strengthen how that data is secured.
Response Program
If Shoptopus suspects or detects that an unauthorized individual has gained access to member information systems, it will report the incident to the appropriate regulatory and law enforcement authorities in line with Shoptopus's information security response procedures.
Compliance
Shoptopus is committed to protecting your privacy and to making sure you have an excellent experience with our products. We take our responsibilities as a data-sensitive organization seriously and are guided by the mandatory compliance standards set by governments and industry regulators.
Contact Us
If you have any questions about this Data Loss Prevention policy or about how Shoptopus safeguards your data, please reach out to us at support@shoptopus.info.