We built the protection we wished existed

Over those eight years, the ViralPilot team worked with dozens of Shopify and custom-built stores. The same problem came up over and over: merchants were creating new-customer-only products — trial boxes, intro offers, welcome kits — and the same people kept buying them.

The abuse was obvious once you looked at the data. One customer buying the $5 trial box four times with four Gmail variations. Guest checkouts from the same phone number. Different emails, same shipping address, same device. Every store had it. None of them had a real way to stop it at checkout.

Shopify's built-in “limit one per customer” checks the email on the account. That's it. A different email, a guest checkout, a Gmail dot trick — and the discount works again. We watched this cost our clients thousands every month.

We looked for a solution. What we found were apps that either worked on discount codes only (not the product itself), ran JavaScript in the browser (bypassable with incognito), or acted post-purchase (money and product already gone).

No one was blocking the actual purchase at checkout. No one was normalizing emails, cross-referencing phone numbers, fuzzy-matching addresses, and checking device fingerprints — all before the order is placed — to decide whether a customer should be allowed to buy a specific product.

That gap is why OfferGuard exists.

OfferGuard runs inside Shopify's Checkout Extensions API. When a customer tries to buy a protected product, we check five identity signals in parallel:

• Email normalization — strips Gmail dots, plus aliases, resolves domain aliases
• Phone number matching — ties different emails to the same phone
• Address fuzzy matching — catches variations of the same shipping address
• IP address validation — detects the same network across different identities
• Device fingerprinting — identifies the same browser across sessions

The entire check runs in under 50 milliseconds. The customer never notices. If they're a repeat buyer, the checkout is blocked and they see a clear, non-accusatory message. They can still purchase other products in the store.

This all happens server-side. No cookies to clear. No JavaScript to disable. No incognito workaround.

Before OfferGuard, the ViralPilot team designed, built, and maintained custom ecommerce platforms for established online retailers. We worked on checkout flows, payment integrations, fraud detection, order management, and the infrastructure that keeps high-volume stores running.

That experience shaped how we built OfferGuard. We know what breaks at scale. We know what merchants need from their tools — reliability, speed, and clear reporting without false positives that block real customers.

ViralPilot is based in Germany. We take data privacy seriously — not as a feature, but as a baseline. OfferGuard processes only the data Shopify already collects at checkout, and we comply fully with GDPR. Our Data Processing Agreement is available to every customer.

Shopify has excellent fraud prevention for payment fraud — stolen credit cards, chargebacks, suspicious transactions. But product-level purchase enforcement — ensuring a trial box, intro offer, or welcome product is only bought once per person — was a blind spot.

Riskified estimates that promo abuse costs businesses $89 billion globally per year. Yet when we searched the Shopify App Store, there was nothing that enforced product-level purchase restrictions at checkout with real identity matching. That is the market gap we set out to close.

Today, OfferGuard protects stores from their first discounted order. The free Watchdog plan gives every merchant email normalization at checkout — enough to see how much abuse is actually happening. For stores that need the full picture, the Sentinel and Fortress plans add phone, address, IP, and device detection.