Dear Shopify Audit Team,
I’m writing in response to the recent compliance communication regarding my store (modna.sk), specifically the mandatory implementation of a security patch.
While I fully respect Shopify’s efforts to maintain high platform standards, I would like to raise some concerns about how this process has been handled:
-
I was contacted by an assigned “expert” who initially presented the patch as a paid solution ($60) with no mention of an officially supported free alternative. Only after multiple follow-ups did they confirm that I could implement the changes myself, although no clear technical documentation was provided.
-
I was asked to create or provide an alternative Gmail address not linked to my Shopify or Upwork accounts, allegedly for the purpose of receiving a contract. This request came from a freelancer who was not identity-verified on Upwork at the time, and the message raised additional questions about security and transparency.
-
After expressing concern, I was told I could instead proceed using my existing Upwork account — which makes the original Gmail request even more questionable.
I want to comply fully with Shopify’s standards and maintain the integrity of my store. However, I believe these redirections outside verified systems (Shopify Experts, official support, or Upwork-protected workflows) warrant your attention.
I would greatly appreciate clarification on the following:
-
Is the patch indeed mandatory for continued compliance and visibility?
-
Is there an officially documented, secure method for applying it — preferably through a verified Shopify channel?
-
Are these developer interactions formally monitored or sanctioned by Shopify?
Thank you for your time and for helping to ensure a safe and fair process for small businesses like mine.
Best regards,
Inna Pozharska
Owner, modna.sk
