Privacy Policy

**Introduction**
This Privacy Policy explains how our SMS Platform collects, uses, and protects personal data from merchants and their customers.

**Data We Collect**

**From Merchants:**
– Store information (name, URL, contact details)
– App settings and preferences
– Webhook configuration data

**From Merchant’s Customers:**
– Customer names and phone numbers (for SMS delivery)
– Order details (order ID, status, total amount)
– Shipping addresses (for order context only)
– Order timestamps and status updates

**Purpose of Data Processing**
We use collected data exclusively for:
– Sending order status notifications via SMS
– Providing order confirmation services
– Service operation and improvement
– Legal compliance obligations

**Specific Information for Shopify Merchants**

**Compliance Webhooks & Data Rights:**
Our app implements mandatory Shopify compliance webhooks to protect your data rights:
– **App Uninstalled**: Automatically deletes your store connection data when you uninstall
– **Shop Update**: Updates your store information when changes occur
– **Customer Data Requests**: Provides customer data reports upon request (GDPR)
– **Customer Data Redaction**: Permanently deletes customer data upon request (GDPR)

**Data Access from Your Shopify Store:**
– Order Data: Order details, customer information, shipping addresses
– Customer Data: Names, phone numbers, email addresses
– Store Information: Store name, domain, basic settings

**Our Commitment to Platforms Merchants:**
– We DO NOT sell your customer data
– We DO NOT use data for marketing beyond your store notifications
– We DO NOT share data with third parties except essential service providers
– We DO protect your data with industry-standard security measures

**Data Protection & Security**

**Enhanced Security Measures:**
– HTTPS encryption for all data in transit
– HMAC signature verification for all webhooks
– Secure webhook payload validation
– Regular security audits and monitoring
– Compliance with Shopify’s security standards

**Data Retention:**
– SMS message logs: 90 days maximum
– Webhook processing records: 24 hours only
– Customer data: Processed upon request, not stored long-term
– Store connection data: Immediately deleted upon app uninstallation
– Order data: Processed in real-time with minimal storage

**Data Processing Procedures:**
– **Real-time Processing**: Order data is processed immediately and not stored
– **Minimal Storage**: We store only essential data required for SMS delivery
– **Automatic Cleanup**: Regular automated deletion of temporary data
– **GDPR Compliance**: Full support for data access and deletion requests

**Data Sharing & Third Parties**
We do not sell or rent personal data to third parties. We may share data with:
– SMS Service Providers: Only phone numbers and message content for delivery
– Payment Processors: For subscription billing (Stripe)
– Legal Authorities: When required by law

**Your Rights**
You have the right to:
– Access your personal data
– Correct inaccurate data
– Request data deletion
– Object to data processing
– Data portability
– Withdraw consent

**Contact Information**
For privacy-related questions, data requests, or concerns:
Email: info@smart2group.net

**Policy Updates**
We may update this policy to reflect changes in our practices. Continued use of our App after changes constitutes acceptance of the updated policy.