This Privacy Policy describes how OrderAttach ("we", "our", or "us") collects, uses, and protects information when you use our Shopify application. We are committed to protecting your privacy and complying with applicable data protection laws, including GDPR and CCPA.
2. Information We Collect
2.1 Merchant Information
Shop domain and store name
Email address and contact information
Shopify access tokens (encrypted)
App configuration settings
Subscription and billing information
2.2 Customer Information
Files uploaded by customers (images, PDFs, etc.)
Order IDs associated with uploaded files
Customer email addresses and names (when available from orders)
Service Delivery: To provide file upload functionality and associate files with orders
Storage Management: To store and manage uploaded files securely
Billing: To process subscription payments and manage your account
Support: To respond to your inquiries and provide technical assistance
Improvement: To analyze usage patterns and improve our service
Compliance: To comply with legal obligations and enforce our terms
4. Data Storage and Security
4.1 File Storage
Uploaded files are stored on Cloudflare R2, a secure cloud storage service with enterprise-grade encryption. Files are stored in geographically distributed data centers with redundancy and backup.
4.2 Database
Metadata and application data are stored in a secure database hosted on Railway with encryption at rest and in transit (TLS/SSL).
4.3 Security Measures
All data transmissions use HTTPS/TLS encryption
Access tokens and sensitive credentials are encrypted
Regular security audits and updates
Access controls and authentication mechanisms
5. Data Retention
Free Plan: Files are retained for 30 days from upload date
Pro Plan: Files are retained for 180 days from upload date
After Uninstall: All merchant data is deleted within 48 hours of app uninstallation
Logs: System logs are retained for 90 days for security and debugging purposes
6. Data Sharing and Third Parties
We do not sell, rent, or trade your personal information. We only share data with:
Shopify: As required for app functionality and billing
Cloudflare: For file storage services (R2)
Railway: For application hosting and database services
Legal Authorities: When required by law or to protect our rights
All third-party service providers are contractually obligated to protect your data and use it only for the purposes we specify.
7. Your Rights (GDPR & CCPA)
You have the right to:
Access: Request a copy of your personal data
Rectification: Correct inaccurate or incomplete data
Erasure: Request deletion of your data ("right to be forgotten")
Portability: Receive your data in a structured, machine-readable format
Objection: Object to processing of your data
Restriction: Request restriction of processing
To exercise these rights, please contact us at wswnfw9527@gmail.com. We will respond within 30 days.
8. GDPR Compliance
We comply with GDPR requirements through:
Automated Data Deletion: Webhooks automatically process data deletion requests
Data Minimization: We only collect data necessary for service functionality
Consent: Merchants explicitly consent when installing the app
Transparency: This privacy policy clearly explains our data practices
Security: Industry-standard encryption and security measures
9. Cookies and Tracking
We use essential cookies for authentication and session management. We do not use tracking cookies or third-party analytics that collect personal information.
10. Children's Privacy
Our service is not directed to individuals under 16 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.
11. International Data Transfers
Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place, including:
Standard Contractual Clauses (SCCs) with service providers
Compliance with EU-US Data Privacy Framework principles
Encryption during transit and at rest
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by:
Updating the "Last updated" date at the top of this page
Sending an email notification to registered merchants
Displaying a notice in the app dashboard
Continued use of the app after changes constitutes acceptance of the updated policy.
13. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
This app is built on the Shopify platform. Shopify's own privacy policy also applies to data processed through their platform. You can review Shopify's privacy policy at https://www.shopify.com/legal/privacy.