Privacy Policy

Last updated: January 2025

1. Introduction

EcomifyApps ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and safeguard information when you use our Shopify applications, including ShipSafe.

This policy applies to merchants who install our apps, their staff members, and end customers whose data may be processed through our services.

2. Information We Collect

2.1 Data from Shopify API

When you install our apps, we access the following data through Shopify's API:

• Order information: Order ID, order number, shipping address (street, city, postal code, country, phone number)
• Shop information: Store name, domain, and email address
• Customer information: Customer name and email (only for order-related communications)

2.2 Data from Merchants

During installation and use, we may collect:

• Email address for account notifications
• App configuration preferences

2.3 Technical Data

We automatically collect:

• IP address (for security and fraud prevention)
• Browser type and version
• Session timestamps

2.4 What We Don't Collect

• Payment or credit card information
• Customer browsing behavior on your store
• Browser fingerprints or tracking identifiers
• Data beyond what's necessary for our services

3. How We Use Information

We use the collected information for the following purposes:

• Service delivery: Validating shipping addresses, applying risk scores, and tagging orders
• Customer communication: Sending address confirmation emails on your behalf via Shopify Flow
• Analytics: Providing merchants with dashboard statistics and reports
• AI assistance: Generating address analysis suggestions (using third-party AI services)
• Service improvement: Debugging, error tracking, and feature development

We do not use your data for marketing purposes or sell it to third parties.

4. Data Storage and Security

• Location: All data is stored in the European Union (Railway EU infrastructure)
• Encryption: Data is encrypted in transit (TLS 1.3) and at rest (AES-256)
• Access tokens: Shopify access tokens are encrypted and never logged
• Infrastructure: We use secure, professionally managed cloud infrastructure

5. Data Retention

We retain data for the following periods:

• Order evaluation data: 90 days by default (configurable in app settings)
• Address confirmation tokens: 7 days after creation
• Analytics data: 12 months
• Account data: Until you uninstall the app

When you uninstall an app, all your data is permanently deleted within 30 days.

6. Third-Party Services

We use the following third-party services to operate our apps:

• Shopify: Platform integration, billing, and email delivery via Shopify Flow
• Railway: Infrastructure hosting (EU region)
• DeepSeek: AI-powered address analysis (data is processed but not stored)
• AWS SES: Backup transactional email delivery

We have data processing agreements in place with our service providers. We do not share your data with third parties for marketing purposes.

7. International Data Transfers

Your data is primarily stored in the EU. When data is processed by third-party services outside the EU (such as AI analysis), we ensure appropriate safeguards are in place, including Standard Contractual Clauses where applicable.

8. Your Rights

8.1 GDPR Rights (EU/EEA)

If you're in the European Union or European Economic Area, you have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your data ("right to be forgotten")
• Restriction: Limit how we process your data
• Portability: Export your data in a machine-readable format
• Objection: Object to certain types of processing
• Withdraw consent: Where processing is based on consent

8.2 CCPA/CPRA Rights (California)

California residents have additional rights including:

• Right to know what personal information is collected
• Right to delete personal information
• Right to opt-out of the sale of personal information (we do not sell personal data)
• Right to non-discrimination for exercising privacy rights

8.3 Exercising Your Rights

To exercise any of these rights, contact us at privacy@ecomifyapps.com. We will respond within 30 days.

9. Legal Basis for Processing (GDPR)

We process personal data under the following legal bases:

• Contract performance: Processing necessary to provide our services
• Legitimate interests: Analytics, security, and service improvement
• Consent: Where you have given explicit consent
• Legal obligations: Compliance with applicable laws

10. Cookies

Our apps use only essential cookies required for authentication and session management. We do not use tracking cookies, advertising cookies, or third-party analytics on customer-facing pages.

11. Children's Privacy

Our apps are business applications not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

• Posting the new policy on this page
• Updating the "Last updated" date
• Sending an email notification for material changes

13. Contact Us

If you have questions about this Privacy Policy or want to exercise your rights, please contact us:

Email: privacy@ecomifyapps.com

Data Protection Officer: dpo@ecomifyapps.com

Address: EcomifyApps, Sweden