PRIVACY STATEMENT
SECTION 1: WHAT DO WE DO WITH YOUR INFORMATION?
Invoicing with InvoiceXpress For Shopify collects Personal Data about you when you provide it directly to us, when third parties such as our business partners (e.g. companies with whom we integrate our Service), or when Personal Data about you is automatically collected in connection with your use of our Service. We collect the following Personal Data from you in connection with the Service:
Contact Information: information we collect to identify or contact you, we collect typical “business card information” such as your first and last name, email address from your Shopify Account.
Transaction Information: information related to transactions you conduct on the Service, including when you upgrade your account, and your interactions with the Service (for example the functionality you use and the links clicked on the Service). Note that we do not store payment information - that is handled by Shopify.
Shopify Information: information related to webhooks, orders, products, customers, fullfillments done on your store. We collect the necessary information in order to create documents on InvoiceXpress. Webhook information is deleted from our database after 90 days.
InvoiceXpress Information: information related to invoices created through our app, namely the id, total value, currency, type of document and permalink so that it can be accessed faster by the end user. We do not access information regarding orders, customers or other products in your InvoiceXpress Account.
User Account Information: information that identifies you to the Service, such as your user name, shopify domain, email address, InvoiceXpress API key, and IP address. For example, we use this information to authenticate you when you log in to the Service, and use the IP address to help maintain your web session security while using the Service.
User Content: to the extent that you choose to input Personal Data as part of such content, information, and materials that you post to or through the Service.
Log Data: information automatically recorded by the Service about how a person uses our Service, such as IP addresses, device and browser type, operating system, the pages or features of our Website or Service to which a user browsed, the time spent on those pages or features. These can be turned off in Configuration.
We collect Personal Data when a user (i) creates an account (a “User Account”); (ii) logs into the Service; (iii) interacts with the Service; (iv) uploads or generates User Content; (v) communicates with us; and (vi) responds to a communication or interaction from us. Some of the methods and tools we use to collect Personal Data are:
Unique Identifiers: Through Intercom, we use unique identifiers such as cookies or your pseudonymized customer ID to track individual usage behavior on our Service, such as the length of time spent on a particular page and the pages viewed during a particular log-in period. Unique identifiers collect information about a user’s use of our Service on an individual basis.
Cookies: Like many websites and mobile application operators, we collect certain information through the use of “cookies,” which are small text files that are saved by your browser when you access our Service. Session cookies are temporary cookies that are stored on your device while you are visiting our Website or using our Service.
WHERE IS INFORMATION STORED AND PROCESSED?
Our goal is to provide our customers with secure, fast, and reliable services. Today, InvoiceXpress for Shopify stores data in its AWS data center located in the U.S. In order to bring you world class products, and to provide support and maintenance (e.g. 24x7 support coverage), we may also allow employees located outside the U.S. (e.g. in the EU) to access to certain data for product development, and customer and technical support purposes. We ensure that all such disclosures are compliant with the law and that all use will be for the limited purpose described.
Server Logs are deleted after 7 days. Information in backups are deleted periodicaly after a month.
Use of Personal Data
We use Personal Data to: (i) provide, administer, and improve our Service; (ii) better understand your needs and interests; (iii) fulfill requests you make; (iv) personalize your experience; (v) provide Service announcements; (vi) provide you with information about updates; (vii) protect, investigate, and deter against fraudulent, harmful, unauthorized, or illegal activity and (viii) comply with legal obligations.
For example, we use Personal Data to:
- Operate and improve the Service
- Communicate with users regarding support, security, technical issues, commerce, marketing, and transactions
- Administer the Service, User Accounts, and transactions with respect to User Accounts
- Enforce our contracts, administering and carrying out our obligations under contracts, and complying with the law
We will only use your Personal Data if we have a lawful basis for doing so. Lawful bases for processing include consent, contractual necessity, and our “legitimate interests” or the legitimate interest of others, as further described below.
Contractual Necessity: We process the following categories of Personal Data because we need to process the data to perform under our User Agreement with you, which enables us to provide you with the Service. When we process data due to contractual necessity, failure to provide such Personal Data will result in your inability to use some or all portions of the Service that require such data:
- Business Contact Information
- User Account Information
- Transaction Information
- Shopify Orders Information
- InvoiceXpress Account Information
Legitimate Interest: We process the following categories of Personal Data when we believe doing so furthers the legitimate interest of us or third parties:
- Contact Information
- Shopify and InvoiceXpress Information
- User Account Information
- Transaction Information
- Log Data
Examples of these legitimate interests include:
- Operation and improvement of our business, products, and services
- Marketing of our products and services
- Provision of customer support
- Protection from fraud or security threats
- Compliance with legal obligations
SECTION 2: CONSENT
How do you get my consent?
When you install the app we ask you to accept the terms and conditions and privacy policy.
If we ask for your personal information for a secondary reason, like marketing, we will either ask you directly for your expressed consent, or provide you with an opportunity to say no.
How do I withdraw my consent?
If after you opt-in, you change your mind, you may withdraw your consent for us to contact you, for the continued collection, use or disclosure of your information, at anytime, by contacting us at info@thinkorange.pt.
How do I export my information?
You can download your information in xml format in the Configuration screen. There is a Export button on the main menu.
How do I withdraw my consent to tracking?
If after you opt-in, you change your mind, you may withdraw your consent for us to track your interaction with the app by going to configuration and removing consent for cookies.
How do I close my account?
You can remove this app from your Shopify in the Apps section for your Store. You may request to delete all your information by contacting us at info@thinkorange.pt.
SECTION 3: DISCLOSURE
We may disclose your personal information if we are required by law to do so or if you violate our Terms of Service.
SECTION 4: SHOPIFY
Payment is handled by Shopify:
If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.
PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
For more insight, you may also want to read Shopify’s Terms of Service here or Privacy Statement here.
SECTION 5: THIRD-PARTY SERVICES
We share Personal Data with vendors, third party service providers, and agents who work on our behalf and provide us with services related to the Service. These parties include:
Third parties who act for us or provide services for us, such as billing and credit card payment processing, maintenance, administration, support, data enrichment, hosting, and database management services
Outside professional advisors (such as lawyers and accountants) for purposes related to the operation of our business such as auditing, compliance, and corporate governance
In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.
The following services help us keep Invoicing with InvoiceXpress for Shopify running by storing or processing your data on our behalf:
- Infrastructure: Heroku, AWS
- Analytics: Intercom
- Integrations: (by your request) InvoiceXpress, Shopify
- Comms: Mailchimp
- Payments: Shopify
Links
When you click on links on our store, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.
SECTION 6: SECURITY
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
Website transfers information encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.
Cookies
Here is a list of cookies that we use. We’ve listed them here so you can choose if you want to opt-out of cookies or not.
_session_id, unique token, sessional, Allows Shopify to store information about your session (referrer, landing page, etc).
_shopify_visit, no data held, Persistent for 30 minutes from the last visit, Used by our website provider’s internal stats tracker to record the number of visits
_secure_session_id, unique token, sessional
Analytics
We use Intercom to track analytical data on how our users use our app, you can opt out of this in your account preferences.
SECTION 7: AGE OF CONSENT
By using this site, you represent that you are at least the age of majority in your state or province of residence, or that you are the age of majority in your state or province of residence and you have given us your consent to allow any of your minor dependents to use this site.
SECTION 8: CHANGES TO THIS PRIVACY POLICY
We reserve the right to modify this privacy policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the website. If we make material changes to this policy, we will notify you here that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it.
QUESTIONS AND CONTACT INFORMATION
If you would like to: access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information contact our Privacy Compliance Officer at info@thinkorange.pt