Last updated: February 4, 2026
Axyom Risk Scanner collects only the data necessary to perform security scans:
We do not access customers, orders, products, pricing, or any personally identifiable information (PII) belonging to your customers.
We use your store domain to perform a lightweight, server-to-server security scan of publicly visible endpoints. The resulting risk score and scan timestamp are stored as metafields on your Shopify shop resource.
Scan results (risk score and last scan date) are stored in your Shopify shop metafields under the axyom.risk namespace. You retain full ownership of this data. We also maintain a session record required for Shopify OAuth authentication.
We do not sell, rent, or share your data with third parties. Scan requests are processed by Axyom Cyber Partners S.L. infrastructure and are not forwarded to any external service.
When you uninstall the app, all session data is deleted automatically. Metafields stored on your shop resource are owned by Shopify and removed when the app is uninstalled. You can also request data deletion at any time by contacting us.
Axyom Risk Scanner does not use cookies or tracking scripts on your storefront. The app operates entirely within the Shopify Admin embedded experience and makes server-to-server API calls only.
For privacy-related questions or data deletion requests, contact us at info@axyom.es.
Axyom Cyber Partners S.L.