Privacy

Privacy Policy

Last updated: March 2026

Introduction

IPK Logistics ("we", "our", "the app") is a Shopify embedded application that helps merchants manage warehouse operations including bin locations, picking rounds, and order fulfillment. This Privacy Policy explains what data we collect, how we use it, how long we keep it, and what happens when you uninstall the app.


Data We Collect

Merchant and Staff Data (from Shopify OAuth)

When you install the app, Shopify provides us with session data for authentication purposes:

  • Store domain (e.g. your-store.myshopify.com)
  • Staff user first name, last name, and email
  • Staff user ID
  • OAuth access token and refresh token

This data is managed by the Shopify session storage system and is used solely for authenticating API requests on your behalf.

Operational Data (created by app usage)

As you use the app, we store operational data needed to run the service — including your shop configuration, picking rounds, order references, fulfillment records, and container assignments. This data contains Shopify order IDs and order names but does not include any customer personal information.

Product Data (read-only, not stored)

During picking and fulfillment, the app reads product information (titles, SKUs, barcodes, images) from Shopify in real time. This data is displayed in the app but is never stored in our database.

Tracking Information (not stored)

When you fulfill an order, tracking details are sent directly to Shopify. We do not store tracking numbers or carrier information.


Data We Do NOT Collect

We do not access, collect, or store any personal data belonging to your customers — including names, emails, phone numbers, addresses, or payment information.

Our Shopify API permissions are limited to order processing and product management. We do not request or use any customer data scopes.


How We Use Your Data

We use your data exclusively to provide the app's core functionality — authentication, subscription management, warehouse operations (picking rounds, fulfillments, bin locations), and container tracking.

We do not sell, share, or transfer your data to any third parties. We do not use your data for analytics, marketing, or any purpose beyond delivering the service.


Data Retention

  • Active operational data (picking rounds, fulfillments, containers): retained for 6 months from creation. After 6 months, data is available for download before deletion.
  • Shop configuration: retained as long as the app is installed. After uninstallation and Shopify redaction, the shop record is kept for billing audit purposes with no operational data attached.
  • Session data: deleted immediately upon app uninstallation.

What Happens When You Uninstall

When you uninstall IPK Logistics:

  1. Immediately deleted: All authentication sessions and staff credentials are permanently removed.
  2. Deleted within 48 hours: All operational data is permanently deleted once Shopify sends the mandatory shop redaction request.
  3. Kept for audit: Only subscription and billing records are retained for accounting compliance.
  4. Remains in your Shopify store: Bin location metafields on your products belong to you and are not deleted. They survive app uninstallation.

GDPR Compliance

We implement all mandatory Shopify compliance webhooks:

  • Customer data requests and erasure: Since we do not store any customer personal data, there is nothing to return or delete.
  • Shop data erasure: Upon request, we permanently delete all operational data associated with your store.

Cookie Policy

This website uses cookies only when they are needed to provide the site or to remember your cookie choices. Google tags are initialized with Consent Mode defaults that deny analytics and advertising storage unless you choose to enable them.

Cookies we use

  • ipk_cookie_consent - remembers your cookie preferences, including the consent version and the time you made your choice. Duration: up to 180 days.
  • ipk_platform - remembers the selected commerce platform experience when platform selection is used. Duration: up to 365 days.

Optional categories

  • Necessary - required for consent storage, platform selection, security, and basic site delivery. This category is always enabled.
  • Analytics - helps us understand aggregate website usage. This is denied by default in Google Consent Mode and only becomes granted after you accept analytics cookies.
  • Marketing - allows advertising measurement or retargeting pixels. This is denied by default in Google Consent Mode and only becomes granted after you accept marketing cookies.

Third-party services

We use Google tags with Consent Mode v2. The Google tag is initialized with advertising and analytics storage denied by default, and the state is updated only after you make a choice in the cookie banner. Meta Pixel and other optional marketing pixels only load after you accept the relevant optional category.

Links to websites such as the Shopify App Store or the IPK Logistics hub may take you to other websites with their own cookie and privacy practices.

Managing your choices

The cookie banner lets you Accept all, Reject all, or Manage preferences. Analytics and marketing are never pre-selected. You can reopen Cookie Preferences from the footer at any time.


Data Security

  • All data is encrypted in transit (HTTPS/TLS) and at rest
  • API tokens are stored securely with automatic rotation
  • All webhook requests are verified using cryptographic signatures

Contact

For any privacy-related questions or data requests, contact us at: support@ipk-logistics.com