How can I protect a flow from changes, misuse, or copying?

Shopify Plus

Topic summary

Protecting Shopify Flow workflows from changes, misuse, or copying.

  • Current status: No built-in way to lock or hide individual workflows beyond restricting who can access the Flow app. No plans or timeline were shared.

  • Suggested controls: Per-workflow visibility settings—private (only creator can see/edit), shared (choose users), and public (default). Admins could disable/delete but not see/edit. A simple password option was also proposed. Goal: let partners protect their IP and avoid duplication by other collaborators.

  • Shopify’s concerns: Partner–merchant control is complex; partners currently cannot create workflows they fully control within a merchant’s store, reducing the value of strict visibility controls. Fully hiding workflows is risky for merchants because it complicates troubleshooting and can interfere with other builds.

  • Merchant/partner impact: Agencies hesitate to build advanced flows due to copying risk, opting to create unlisted apps instead—effective but more costly for merchants.

  • Status: No solution adopted. Shopify requested context (agency vs. app). The conversation remains open with unresolved questions about feasible privacy/security options for Flow.

Summarized with AI on January 3. AI used: gpt-5.
1

Hi,

I would like to protect a flow from changes / misuse / copy. Is there any way to do this?
Any plans for this in the future?

/Kim

2

Not currently, other than limiting which users can access the Flow app. How would you want to do that ideally?

3

Hi Paul, thanks for the quick reply!

Ideally the option to make a setting on any flow:

-private (only creator can see and edit)

-shared (select users that can see/edit)

-public (default, everybody with access to flow can see/edit)

Admin can always disable or delete (but not see/edit)

The above would also make it more interesting for partners to create more advanced flows for clients (avoiding duplication by other collaborators).

…but I would also be happy with a simple password protection :blush:

/Kim

1 Like
4

The merchant-partner angle is more complicated. Are you an agency partner or an app?

A couple of quick reactions:

Currently partners cannot build workflows for merchants that the partner fully controls. So there isn’t much use in worrying about visibility.

For merchants, it’s dangerous to fully hide workflows because they can impact what other people build and cause issues troubleshooting.

5

I’m asking for a friend :upside_down_face:

Flow is so powerful - but not many merchants can use flow.

An agency partner could solve a lot of things creating personalised flows for merchants… but they hold back because they see the work being copied by other collaborators. They end up building unlisted apps instead - which works perfectly, but is more expensive for the merchants.

I totally see the issue with private flows. Bad creators would be able to do bad stuff… but don’t let the bad people win (it is only 4%).

I don’t have a perfect solution, but I think flow could be even bigger with some sort of privacy/security option.