TinyOps

Security

Last updated: June 4, 2026

Security is core to TinyOps. We process store and customer data only to deliver the app’s features, and we apply the safeguards below to protect it. This page also describes how we respond to security incidents.

Data protection

  • Encryption in transit: all traffic uses HTTPS/TLS.
  • Encryption at rest: our PostgreSQL database and object storage encrypt data at rest.
  • Private networking: the database is reachable only over a private network and is not publicly exposed.
  • Secrets management: credentials and API keys are stored as environment secrets, never committed to source code.

Access control

  • Least privilege & minimal scopes: TinyOps requests only the Shopify permissions it needs (orders, products, inventory). Protected customer data (name, email, address) is accessed only to deliver the features you enable.
  • Admin authentication: our internal support panel is protected by Google Sign-In restricted to an explicit allowlist of authorized staff — no shared passwords.
  • Access logging: administrative sign-ins and privileged actions are recorded in an audit log.
  • Scoped tokens: Shopify access tokens are stored securely and used only server-side.

Sub-processors

We use a small set of reputable providers (Shopify, Railway, Resend, Cloudflare, Google) to run the Service. The current list and their purposes are in our Privacy Policy.

Data retention

We retain your data only while TinyOps is installed and delete it shortly after uninstall (typically within 48 hours), and we honor Shopify’s mandatory customer/shop data-deletion webhooks. See the Privacy Policy for details.

Incident response

If we become aware of a security incident affecting personal data, we follow this process:

  • Detect & triage: investigate the report or alert and assess scope and severity.
  • Contain: take immediate steps to stop the incident — e.g. revoking credentials, isolating affected systems.
  • Assess: determine what data and which merchants were affected.
  • Notify: notify Shopify and affected merchants without undue delay and consistent with applicable law; we support merchants in any required notifications to their customers.
  • Remediate & review: fix the root cause and conduct a post-incident review to prevent recurrence.

Responsible disclosure

If you believe you’ve found a security vulnerability in TinyOps, please email tinyops@thewiseroad.com with details. We will acknowledge your report, investigate promptly, and keep you informed. Please give us a reasonable opportunity to address the issue before any public disclosure.

Contact

WiseRoad Solutions, LLC
Email: tinyops@thewiseroad.com