Bean Merchant Roaster Data Sharing Agreement
Effective Date: January 2025
This Agreement governs the data sharing relationship between you (“Roaster”, “you”) and Bean Merchant Limited (“Bean Merchant”, “we”, “us”) when connecting your Shopify store to the Bean Merchant marketplace.
1. Grant of Access
By connecting your Shopify store via OAuth, you grant Bean Merchant permission to:
| Permission | Purpose | Scope |
|---|---|---|
read_products |
Import your coffee products to Bean Merchant | Read only |
write_products |
Update product tags/metafields if needed | Limited writes |
read_inventory |
Sync stock levels to prevent overselling | Read only |
read_orders |
Read order status for fulfillment tracking | Read only |
write_orders |
Create draft orders for Bean Merchant purchases | Create drafts only |
read_fulfillments |
Track shipping status | Read only |
write_fulfillments |
Mark orders as fulfilled if needed | Limited writes |
2. What We Will Do
- ✓ Import and display your selected products on Bean Merchant
- ✓ Keep inventory synchronised to prevent overselling
- ✓ Create draft orders in your Shopify when customers purchase
- ✓ Track fulfillment and update customers on shipping
- ✓ Securely store your OAuth credentials using encryption
- ✓ Only access data necessary for marketplace operations
3. What We Will NOT Do
- ✗ Access or modify your customer data beyond order fulfillment
- ✗ Share your data with third parties for marketing
- ✗ Modify your products without your approval
- ✗ Access your payment or financial information
- ✗ Store unencrypted sensitive credentials
- ✗ Continue accessing your store after disconnection
4. Your Responsibilities
As a connected roaster, you agree to:
- Keep your Shopify product data accurate and up-to-date
- Fulfill orders created via Bean Merchant in a timely manner
- Maintain adequate stock levels or enable inventory sync
- Notify us of any issues with the connection
- Comply with Shopify’s Terms of Service
5. Data Security
We implement the following security measures:
- AES-256 Encryption: All OAuth tokens stored encrypted at rest
- TLS/SSL: All data transmitted over HTTPS
- HMAC Verification: OAuth callbacks cryptographically verified
- Access Controls: Role-based access to sensitive data
- Audit Logging: Security events logged for monitoring
- Rate Limiting: Protection against abuse
6. Disconnection
Either party may terminate this connection at any time:
You can disconnect by:
- Using the “Disconnect” button in your Bean Merchant dashboard
- Uninstalling the Bean Merchant Sync app from Shopify
- Contacting us at contact@beanmerchant.co.nz
Upon disconnection:
- OAuth tokens are immediately deleted
- We stop accessing your Shopify store
- Your products are delisted from Bean Merchant
- Pending orders will still be honored
- Order history retained for 7 years (legal requirement)
7. Liability
- Bean Merchant is not liable for data issues caused by Shopify API changes
- You remain responsible for your product data accuracy
- We will promptly notify you of any data breaches affecting your information
8. Governing Law
This Agreement is governed by the laws of New Zealand. Any disputes will be resolved in the courts of New Zealand.
9. Acceptance
By clicking “Connect with Shopify” and completing the OAuth authorization, you acknowledge that you have read, understood, and agree to this Data Sharing Agreement and our Privacy Policy.
Bean Merchant Limited
New Zealand Business Number: 9429048286404
Contact: contact@beanmerchant.co.nz