Privacy Policy

SmartShip ZA ("the App") is a Shopify carrier service application developed by Buntu Tomson ("I", "me", "my"). This Privacy Policy explains what information I collect, how I use it, and your rights regarding that information.

By installing and using SmartShip ZA, you ("the Merchant") agree to the practices described in this policy.

From Shopify merchants (store owners):

• Store domain - e.g. your-store.myshopify.com is used to identify your installation
• Access token - the OAuth token Shopify provides, used to call the Shopify Admin API on your behalf
• Store details - email address, currency, timezone, and Shopify plan name, fetched from the Shopify Admin API on install
• Subscription data - billing plan, subscription status, trial period details

From carrier rate requests (when customers check out):

• Destination postal code - the only field used to calculate the shipping rate
• Destination city - logged alongside the postal code for debugging purposes

I do not collect customer names, email addresses, phone numbers, physical addresses, payment information, IP addresses, or any other personally identifiable information about your customers.

• To provide the carrier rate calculation service to your Shopify checkout
• To register and maintain the carrier service on your store
• To manage your subscription and billing via the Shopify Billing API
• To identify unrecognised postal codes and improve our coverage
• To respond to support requests
• To comply with legal obligations including GDPR and POPIA

I do not sell, rent, or trade your data to third parties.

Data may only be shared with:

• Shopify Inc. - as required by the Shopify App Store terms. Shopify processes your store data to facilitate the OAuth authentication and billing flows.
• My hosting provider - infrastructure only, they have no access to application data.

• Session and store data - retained while the app is installed. Deleted within 48 hours of uninstall upon receipt of the shop/redact GDPR webhook from Shopify.
• Rate request logs - retained for up to 90 days for debugging, then automatically deleted.
• Subscription records - retained for 12 months after cancellation for financial record keeping, then deleted.

I process personal data under the following legal bases:

• Contract - processing your store domain and access token is necessary to provide the service you have contracted
• Legitimate interest - logging rate requests to improve the app and debug delivery issues

You have the right to:

• Request a copy of data I hold about your store
• Request deletion of your data (uninstalling the app triggers automatic deletion)
• Object to processing for legitimate interest purposes

To exercise these rights, contact me at support@smartshipza.co.za.

I use industry standard security measures including encrypted connections (HTTPS/TLS), encrypted database storage, and restricted access controls. Access tokens are stored encrypted and never logged in plain text.

I may update this Privacy Policy from time to time. I will notify merchants of material changes via the app dashboard. Continued use of the app after changes are posted constitutes acceptance of the updated policy.

For privacy questions or data requests, contact me at:

support@smartshipza.co.za