Privacy Policy

Introduction

IPK Logistics ("we", "our", "the app") is a Shopify embedded application that helps merchants manage warehouse operations including bin locations, picking rounds, and order fulfillment. This Privacy Policy explains what data we collect, how we use it, how long we keep it, and what happens when you uninstall the app.

Data We Collect

Merchant and Staff Data (from Shopify OAuth)

When you install the app, Shopify provides us with session data for authentication purposes:

• Store domain (e.g. your-store.myshopify.com)
• Staff user first name, last name, and email
• Staff user ID
• OAuth access token and refresh token

This data is managed by the Shopify session storage system and is used solely for authenticating API requests on your behalf.

Operational Data (created by app usage)

As you use the app, we store operational data needed to run the service — including your shop configuration, picking rounds, order references, fulfillment records, and container assignments. This data contains Shopify order IDs and order names but does not include any customer personal information.

Product Data (read-only, not stored)

During picking and fulfillment, the app reads product information (titles, SKUs, barcodes, images) from Shopify in real time. This data is displayed in the app but is never stored in our database.

Tracking Information (not stored)

When you fulfill an order, tracking details are sent directly to Shopify. We do not store tracking numbers or carrier information.

Data We Do NOT Collect

We do not access, collect, or store any personal data belonging to your customers — including names, emails, phone numbers, addresses, or payment information.

Our Shopify API permissions are limited to order processing and product management. We do not request or use any customer data scopes.

How We Use Your Data

We use your data exclusively to provide the app's core functionality — authentication, subscription management, warehouse operations (picking rounds, fulfillments, bin locations), and container tracking.

We do not sell, share, or transfer your data to any third parties. We do not use your data for analytics, marketing, or any purpose beyond delivering the service.

Data Retention

• Active operational data (picking rounds, fulfillments, containers): retained for 6 months from creation. After 6 months, data is available for download before deletion.
• Shop configuration: retained as long as the app is installed. After uninstallation and Shopify redaction, the shop record is kept for billing audit purposes with no operational data attached.
• Session data: deleted immediately upon app uninstallation.

What Happens When You Uninstall

When you uninstall IPK Logistics:

1. Immediately deleted: All authentication sessions and staff credentials are permanently removed.
2. Deleted within 48 hours: All operational data is permanently deleted once Shopify sends the mandatory shop redaction request.
3. Kept for audit: Only subscription and billing records are retained for accounting compliance.
4. Remains in your Shopify store: Bin location metafields on your products belong to you and are not deleted. They survive app uninstallation.

GDPR Compliance

We implement all mandatory Shopify compliance webhooks:

• Customer data requests and erasure: Since we do not store any customer personal data, there is nothing to return or delete.
• Shop data erasure: Upon request, we permanently delete all operational data associated with your store.

Data Security

• All data is encrypted in transit (HTTPS/TLS) and at rest
• API tokens are stored securely with automatic rotation
• All webhook requests are verified using cryptographic signatures