Cloudshelf only accesses the product information that is already publicly available on your website, and it does so in read-only mode, so there is no risk to your data, your customers or your payments.
No customer data, so no GDPR issues
Cloudshelf data depends on where the screen is located, not who is using it. So Cloudshelf has no need to access your customer data, and therefore there is no risk of leaking it.
When a customer wants to buy a product, we instruct Shopify to create a basket using your existing Shopify customer and payment infrastructure. The customer enters their details via a page on your website, storing their details in your existing data infrastructure. Cloudshelf has no visibility on this data, and only knows that a transaction was offered.
No write-access, so no risk to your website
Cloudshelf needs to present the data you have already entered in your website. All customisations of this data for presentation on Cloudshelves is done on our own infrastructure, and therefore we do not need any write access to your existing Shopify website, so with no write access, there is no way for us to damage your website or data.
No payment, so no additional risk of fraud
Shoppers using Cloudshelf carry out the payment via your existing payment gateway, and with your existing payment providers, in exactly the same way as a customer would if they were buying something on your website. Therefore there is no additional risk on payments.
Note - in due course, we may introduce features that require some customer data or write access. We will discuss this with you before doing so.