Privacy Policy – NetSuite Integration App for Shopify

2. Information We Collect

2.1 Shopify API Permissions

During installation, the App requests specific Shopify API access scopes to function properly:

• read_products, write_products: To sync product information and items
• read_orders, write_orders: To sync sales orders and update statuses
• read_customers, write_customers: To sync customer profiles
• read_inventory, write_inventory: To synchronize stock levels
• read_fulfillments, write_fulfillments: To manage item fulfillments
• read_locations: To access store and warehouse location information

You explicitly grant these permissions during the OAuth installation process. You can revoke access at any time by uninstalling the App.

2.2 Shopify Store Data

We process data from your Shopify store through the Shopify API, including:

Products:

• Names, SKUs, descriptions, prices, and variants

Orders:

• Order numbers, totals, financial status, and line items

Customers:

• Names, email addresses, phone numbers, and addresses (billing/shipping)

Inventory:

• Stock quantities and location-specific levels

Fulfillments:

• Shipping status and tracking information

2.3 NetSuite Connection Data

To establish a secure integration with your Oracle NetSuite ERP system, we collect:

• NetSuite Account ID (e.g., 1234567 or 1234567_SB1)
• Consumer Key and Consumer Secret
• Token ID and Token Secret (for Token-Based Authentication)
• NetSuite Environment Type (Production, Sandbox, or Release Preview)
• RESTlet/SOAP Web Service Endpoints

2.4 User Account Information

When you install the App, we collect:

• Your Shopify shop domain
• Merchant email address and name
• Shopify access tokens (for API access)
• Session information and authentication data
• Store subscription status and plan details
• Locale, timezone, and currency preferences

2.5 Sync and Mapping Data

We store mapping relationships to ensure data consistency:

• Shopify Product/Variant IDs to NetSuite Internal IDs
• Shopify Customer IDs to NetSuite Entity IDs
• Shopify Order IDs to NetSuite Transaction IDs

2.6 Logs and Activity Data

We maintain logs of:

• Integration activities and synchronization events
• Error messages and troubleshooting information
• API calls and responses
• System performance metrics

3. How We Use Your Information

We use the collected information for the following purposes:

3.1 Core Functionality

• Data Synchronization: To push/pull data between Shopify and NetSuite automatically
• Order Processing: To transform Shopify orders into NetSuite Sales Orders or Cash Sales
• Customer Management: To sync customer information between Shopify and NetSuite
• Inventory Management: To update Shopify stock levels based on NetSuite Inventory Items
• Fulfillment Tracking: To sync fulfillment and shipping status between platforms

3.2 Service Improvement

• Troubleshooting: To maintain activity logs that help resolve sync errors
• Performance Monitoring: Monitor app performance and optimize operations
• Feature Development: Understand usage patterns to improve the App

3.3 Compliance and Legal

• Privacy Requests: Respond to customer data requests and deletion requests as required by law
• Legal Compliance: Comply with applicable privacy laws and regulations

4. Data Storage and Security

4.1 Data Storage

• All data is stored securely on our servers using industry-standard encryption
• NetSuite credentials (Tokens/Secrets) are encrypted at rest using AES-256 encryption
• Database access is restricted and monitored
• Regular backups are performed to ensure data integrity

4.2 Security Measures

• Encryption: All sensitive credentials (NetSuite Tokens/Secrets) are encrypted
• Transmission: Data transmitted between Shopify, our servers, and NetSuite is secured via HTTPS/TLS encryption
• Access Control: Internal access to your configuration is strictly limited to authorized support personnel for troubleshooting purposes only
• Authentication: Shopify access tokens are securely stored and managed
• Monitoring: We monitor our systems for security threats and unauthorized access

4.3 Data Location

Your data is stored on secure servers. The exact location may vary based on our hosting infrastructure, but we ensure compliance with applicable data protection laws.

5. Third-Party Integrations

5.1 Shopify

• The App integrates with Shopify to access your store data
• We only access data that you authorize through the Shopify OAuth process
• Your relationship with Shopify is governed by Shopify's Terms of Service and Privacy Policy

5.2 Oracle NetSuite

• The App connects to your Oracle NetSuite ERP system using credentials you provide
• We transfer data to your NetSuite instance as instructed by you
• We act as a data processor, transferring data from Shopify to your NetSuite system as instructed by you
• Your use of NetSuite is governed by your agreement with Oracle

5.3 No Other Third Parties

We do not sell, rent, or share your data with any third parties except as necessary to provide the App's core functionality (Shopify and your NetSuite instance). We do not share your data with any third-party marketing or analytics firms.

6. Merchant Data vs Customer Data (GDPR/CCPA Compliance)

It is important to understand the distinction between merchant data and customer data:

6.1 Merchant Data

• Definition: Data related to you as the store owner (shop configuration, NetSuite credentials, app settings, sync preferences)
• Control: You (the store owner) are the data owner. We process your configuration settings only to provide the service
• Usage: Used solely to provide the integration service
• Not Sold: We never sell, rent, or monetize merchant data

6.2 Customer Data

• Definition: Data related to your store's customers (names, emails, addresses, order history)
• Control: Under GDPR, You are the Data Controller, and Techmarbles is the Data Processor. We process your customers' PII (Personally Identifiable Information) only to sync it to your NetSuite ERP as per your configuration
• Usage: Processed only to synchronize with your NetSuite system as instructed by you
• Not Sold: We never sell, rent, or monetize customer data
• GDPR Rights: Customer data deletion requests are honored automatically via webhooks

6.3 Data Controller and Processor Relationship

Under GDPR and similar privacy laws:

• You (the Merchant) are the Data Controller for your customer data
• We (Techmarbles) are the Data Processor acting on your instructions
• We process data only as necessary to provide the integration service
• We do not use customer data for any purpose other than facilitating the Shopify-NetSuite synchronization

7. Mandatory Shopify Privacy Webhooks

We fully comply with Shopify's mandatory privacy requirements:

7.1 Customer Data Request (customers/data_request webhook)

• If a customer requests their data through your store, we will provide all related data stored in our app within 30 days
• Data provided includes: customer profile information, associated orders, and synchronization history
• The data is compiled and made available in a machine-readable format (JSON)

7.2 Customer Data Deletion (customers/redact webhook)

• If a customer requests deletion, we will purge their PII from our sync logs and databases within 30 days
• Deleted data includes: customer profiles, contact information, order associations, and any personally identifiable information (PII)
• Once deleted, the data cannot be recovered

7.3 Shop Data Deletion (shop/redact webhook)

• Within 48 hours of you uninstalling the app, we initiate a process to permanently delete all store data, including NetSuite credentials and mapping tables
• Deleted data includes: all store data, products, orders, customers, inventory mappings, NetSuite credentials, access tokens, and configuration settings
• This deletion is automatic and permanent
• We may retain minimal data (shop domain, uninstall date) for up to 6 months for legal compliance and fraud prevention only

8. Your Rights and Choices

8.1 Access to Your Data

• You can access your store's data through the App's interface
• You can view synchronization logs and activity history
• You can export your mapping data and sync status

8.2 Data Deletion

• Uninstall the App: When you uninstall the App from your Shopify store, we will delete your data as required by Shopify's policies
• Shop Redaction: After app uninstallation, Shopify will send a shop redaction request, and we will permanently delete your data within 48-72 hours
• Customer Redaction: We honor customer data deletion requests received through Shopify's privacy webhooks
• Manual Deletion: You can contact us to request deletion of your data

8.3 Data Correction

• You can update your NetSuite connection credentials at any time through the App settings
• Sync errors and issues can be resolved through the App's interface

8.4 Revoke Access

• You can revoke App access at any time by uninstalling the App from your Shopify admin
• Uninstalling will stop all data synchronization and initiate data deletion procedures

9. Data Retention

• Active Accounts: Data is retained while the app is installed
• After Uninstallation: All sensitive store data is permanently deleted within 48–72 hours of uninstallation, except for minimal logs required for legal compliance or fraud prevention
• Logs: Error logs and activity logs may be retained for a limited period for troubleshooting and service improvement purposes

10. Cookies and Tracking Technologies

The App uses minimal cookies and tracking technologies solely for authentication and session management:

10.1 Session Cookies

• We use session cookies to maintain your login state and authenticate requests to Shopify
• These cookies are essential for the App to function properly
• Session cookies are automatically deleted when you close your browser or log out

10.2 Authentication Tokens

• We store Shopify OAuth access tokens securely to communicate with your store
• These tokens are encrypted and stored server-side only

10.3 No Third-Party Tracking

• We do not use analytics cookies, advertising cookies, or third-party tracking pixels
• We do not track customer behavior on your storefront
• We do not share tracking data with advertisers or marketing platforms

11. Children's Privacy

Our App is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

12. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country. By using the App, you consent to the transfer of your data to these countries. We take appropriate safeguards to ensure your data is protected in accordance with this Privacy Policy.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the new Privacy Policy in the App
• Updating the "Last Updated" date
• Notifying you through the App interface or via email if significant changes are made

Your continued use of the App after changes are made constitutes acceptance of the updated Privacy Policy.

14. Contact Us

For any privacy-related inquiries, data access requests, or deletion requests, please contact us:

Techmarbles Web Solutions Pvt. Ltd.

• Email: [email protected]
• Website: https://techmarbles.com

For privacy-related requests, please include:

• Your Shopify store domain
• The nature of your request
• Any relevant order or customer information (for customer-specific requests)

We will respond to your inquiry within 30 days.

15. Your Consent

By installing and using the NetSuite Integration App, you consent to:

• The collection and use of information as described in this Privacy Policy
• The transfer of data between Shopify and your Oracle NetSuite ERP system
• The processing and storage of data as necessary to provide the App's functionality

If you do not agree with this Privacy Policy, please do not install or use the App.

16. Additional Information

16.1 Shopify Partner Requirements

This App is developed as a Shopify Partner application and complies with:

• Shopify's App Store requirements
• Shopify's Privacy Policy requirements
• Shopify's mandatory webhook requirements for data requests and redaction
• Shopify API Terms of Service
• All applicable data protection and privacy regulations

16.2 NetSuite Integration

• This App facilitates data transfer between Shopify and your NetSuite instance
• We are not responsible for how NetSuite handles or stores your data once it is transferred
• Please review Oracle NetSuite's privacy policy and terms of service for information about NetSuite's data practices

16.3 No Warranty

While we implement security measures to protect your data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to protecting your data using industry-standard practices.

16.4 Privacy Policy Accessibility

This Privacy Policy is publicly accessible at:

• URL: https://techmarbles.com/netsuite-shopify-app-privacy-policy/
• This policy is also linked within the App interface
• The policy is accessible without requiring login or authentication
• Updated versions will always be available at this URL