At AddToQuote ("we," "us," or "our"), we are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Shopify application and related services.
1. Information We Collect
1.1 Information You Provide
We collect information you voluntarily provide when you:
- Install and configure our Shopify application
- Create quote requests through our platform
- Contact our customer support team
- Subscribe to our services or newsletters
- Communicate with us via email, phone, or other channels
This information may include: name, email address, company name, phone number, billing information, and any other details you choose to provide.
1.2 Information from Shopify
When you install AddToQuote on your Shopify store, we access and process the following data through the Shopify API:
- Store Information: Store name, domain, email, currency, timezone, and plan details
- Product Data: Product titles, descriptions, prices, images, variants, and inventory
- Collection Data: Collection names, handles, and associated products
- Customer Information: Names, email addresses, and contact details for customers who submit quote requests
- Order Information: Order details when quotes are converted to orders
1.3 Automatically Collected Information
We automatically collect certain information when you use our service:
- Device information (browser type, operating system)
- IP address and approximate location
- Usage data (pages visited, features used, time spent)
- Referral source and navigation patterns
2. How We Use Your Information
We use the collected information for the following purposes:
- Service Delivery: To provide, operate, and maintain our quote management services
- Communication: To send quote notifications, updates, and customer communications
- Improvements: To analyze usage patterns and improve our application
- Support: To respond to inquiries and provide customer assistance
- Billing: To process subscription payments through Shopify
- Compliance: To comply with legal obligations and enforce our terms
3. Data Sharing and Disclosure
We do not sell your personal information. We may share your data with:
3.1 Service Providers
- Supabase: Database hosting and management (PostgreSQL)
- Amazon Web Services (AWS): Email delivery (SES) and file storage (S3)
- Shopify: E-commerce platform integration and billing
3.2 Legal Requirements
We may disclose information when required by law, legal process, or government request, or to protect our rights, privacy, safety, or property.
3.3 Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction.
4. Data Security
We implement robust security measures to protect your data:
- Encryption in Transit: All data transmitted using TLS 1.2+ encryption
- Encryption at Rest: Sensitive data encrypted using AES-256-GCM
- Access Controls: Role-based access with strong authentication
- Secure Infrastructure: Hosted on SOC 2 compliant platforms
- Regular Audits: Periodic security assessments and monitoring
5. Data Retention
We retain your information as follows:
- Active Accounts: Data retained while your account is active
- After Uninstall: Core data deleted within 48 hours of app uninstallation (per Shopify GDPR requirements)
- Backup Data: May persist in backups for up to 30 days
- Legal Requirements: Some data may be retained longer for legal compliance
6. Your Privacy Rights
You have the following rights regarding your personal data:
- Access: Request a copy of your personal data
- Correction: Request correction of inaccurate data
- Deletion: Request deletion of your personal data
- Portability: Request your data in a portable format
- Opt-Out: Unsubscribe from marketing communications
- Restrict Processing: Request limitation of data processing
To exercise these rights, contact us at privacy@addtoquote.com.
7. GDPR Compliance (European Users)
For users in the European Economic Area (EEA), we comply with the General Data Protection Regulation (GDPR):
- Legal Basis: We process data based on contract performance, legitimate interests, and consent
- Data Controller: AddToQuote Inc. is the data controller
- Data Transfers: Data may be transferred to the US under Standard Contractual Clauses
- DPA: We maintain Data Processing Agreements with sub-processors
We respond to GDPR data requests (customers/data_request, customers/redact, shop/redact) within the required timeframes.
8. CCPA Compliance (California Users)
California residents have additional rights under the California Consumer Privacy Act (CCPA):
- Right to know what personal information is collected
- Right to know if personal information is sold or disclosed
- Right to opt-out of the sale of personal information (we do not sell data)
- Right to non-discrimination for exercising privacy rights
9. Cookies and Tracking
Our application uses essential cookies for authentication and functionality. We do not use third-party tracking cookies. Our embedded Shopify app uses session tokens for secure authentication.
10. Children's Privacy
Our services are not directed to children under 16. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately.
11. Third-Party Links
Our service may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.
12. Changes to This Policy
We may update this Privacy Policy periodically. We will notify you of significant changes via email or through the Shopify app. Continued use after changes constitutes acceptance of the updated policy.
13. Contact Us
For questions about this Privacy Policy or our data practices, contact us at:
14. Shopify App Store
AddToQuote is available on the Shopify App Store. Our data practices comply with Shopify's API Terms of Use and Partner Program Agreement. For information about Shopify's privacy practices, please visit Shopify's Privacy Policy.