Privacy Policy - Odoo Integration

2. Information We Collect

2.1 Shopify API Permissions

During installation, the App requests the following Shopify API access scopes to function properly:

• read_products, write_products: To sync product information with Odoo
• read_orders, write_orders: To sync orders and update order statuses
• read_customers, write_customers: To sync customer information
• read_inventory, write_inventory: To synchronize inventory levels
• read_fulfillments, write_fulfillments: To manage order fulfillment
• read_locations: To access store location information
• read_price_rules: To access discount and pricing information

You explicitly grant these permissions during the OAuth installation process. You can revoke access at any time by uninstalling the App.

2.2 Shopify Store Data

Based on the granted permissions, we collect and process the following data from your Shopify store through the Shopify API:

Products:

• Product information (names, descriptions, prices, SKUs, barcodes)
• Product variants and inventory levels
• Product listings and publications

Orders:

• Order details (order numbers, dates, statuses)
• Order items and quantities
• Financial status and payment information
• Fulfillment information and shipping details
• Delivery dates and commitments

Customers:

• Customer names, email addresses, and phone numbers
• Customer addresses (billing and shipping)
• Customer purchase history and order associations

Inventory:

• Inventory levels and stock quantities
• Location information
• Inventory adjustments

Fulfillments:

• Fulfillment orders and status
• Shipping and delivery information

Discounts and Publications:

• Discount codes and rules
• Product publication status

Store Configuration:

• Store location information
• Access tokens and session data
• Store subscription and plan information

2.3 Odoo Connection Data

To establish integration with your Odoo ERP system, we collect:

• Odoo server host address
• Odoo database name
• Odoo username and password (stored in encrypted format)
• Odoo server version information
• Odoo user ID for authentication

2.4 User Account Information

When you install the App, we collect:

• Your Shopify shop domain
• Merchant email address and name
• Shopify access tokens (for API access)
• Session information and authentication data
• Store subscription status and plan details
• Locale, timezone, and currency preferences

2.5 Sync and Mapping Data

We store mapping relationships between:

• Shopify product IDs and Odoo product IDs
• Shopify customer IDs and Odoo customer IDs
• Shopify order IDs and Odoo order IDs
• Inventory and fulfillment synchronization status

2.6 Logs and Activity Data

We maintain logs of:

• Integration activities and synchronization events
• Error messages and troubleshooting information
• API calls and responses
• System performance metrics

3. How We Use Your Information

We use the collected information for the following purposes:

3.1 Core Functionality

• Data Synchronization: Synchronize products, orders, customers, and inventory between your Shopify store and Odoo ERP system
• Order Processing: Automatically create orders in Odoo when orders are placed in Shopify
• Customer Management: Sync customer information between Shopify and Odoo
• Inventory Management: Keep inventory levels synchronized between both systems
• Fulfillment Tracking: Sync fulfillment and shipping status between platforms

3.2 Service Improvement

• Troubleshooting: Diagnose and resolve integration issues
• Performance Monitoring: Monitor app performance and optimize operations
• Feature Development: Understand usage patterns to improve the App

3.3 Compliance and Legal

• Privacy Requests: Respond to customer data requests and deletion requests as required by law
• Legal Compliance: Comply with applicable privacy laws and regulations

4. Data Storage and Security

4.1 Data Storage

• All data is stored securely on our servers using industry-standard encryption
• Odoo credentials are encrypted at rest using secure encryption methods
• Database access is restricted and monitored
• Regular backups are performed to ensure data integrity

4.2 Security Measures

• Encryption: Sensitive data, including Odoo credentials, is encrypted using secure encryption algorithms
• Access Controls: Access to your data is restricted to authorized personnel only
• Secure Transmission: All data transmitted between our servers and Shopify/Odoo uses HTTPS/TLS encryption
• Authentication: Shopify access tokens are securely stored and managed
• Monitoring: We monitor our systems for security threats and unauthorized access

4.3 Data Location

Your data is stored on secure servers. The exact location may vary based on our hosting infrastructure, but we ensure compliance with applicable data protection laws.

5. Third-Party Integrations

5.1 Shopify

• The App integrates with Shopify to access your store data
• We only access data that you authorize through the Shopify OAuth process
• Your relationship with Shopify is governed by Shopify's Terms of Service and Privacy Policy

5.2 Odoo

• The App connects to your Odoo ERP system using credentials you provide
• All data transmitted to Odoo is sent directly from our servers to your Odoo instance
• We act as a data processor, transferring data from Shopify to your Odoo system as instructed by you
• Your use of Odoo is governed by Odoo's terms and privacy policies

5.3 No Other Third Parties

We do not sell, rent, or share your data with any third parties except as necessary to provide the App's core functionality (Shopify and your Odoo instance).

6. Merchant Data vs Customer Data

It is important to understand the distinction between merchant data and customer data:

6.1 Merchant Data

• Definition: Data related to you as the store owner (shop configuration, Odoo credentials, app settings, sync preferences)
• Control: You are the data owner and we are the data processor
• Usage: Used solely to provide the integration service
• Not Sold: We never sell, rent, or monetize merchant data

6.2 Customer Data

• Definition: Data related to your store's customers (names, emails, addresses, order history)
• Control: You are the data controller, we are the data processor acting on your behalf
• Usage: Processed only to synchronize with your Odoo system as instructed by you
• Not Sold: We never sell, rent, or monetize customer data
• GDPR Rights: Customer data deletion requests are honored automatically via webhooks

6.3 Data Controller and Processor Relationship

Under GDPR and similar privacy laws:

• You (the Merchant) are the Data Controller for your customer data
• We (Techmarbles) are the Data Processor acting on your instructions
• We process data only as necessary to provide the integration service
• We do not use customer data for any purpose other than facilitating the Shopify-Odoo synchronization

7. Data Sharing and Disclosure

We do not sell, trade, or otherwise transfer your personal data to third parties, except:

1. To Your Odoo System: Data is transferred to your Odoo ERP system as part of the integration functionality
2. To Shopify: Data access is through Shopify's API as authorized by you
3. Legal Requirements: We may disclose data if required by law or in response to valid legal requests
4. Service Providers: We may use trusted service providers to help operate our services (e.g., cloud hosting), but they are contractually bound to protect your data

8. Your Rights and Choices

8.1 Access to Your Data

• You can access your store's data through the App's interface
• You can view synchronization logs and activity history
• You can export your mapping data and sync status

8.2 Data Deletion

• Uninstall the App: When you uninstall the App from your Shopify store, we will delete your data as required by Shopify's policies
• Shop Redaction: After app uninstallation, Shopify will send a shop redaction request, and we will permanently delete your data within the required timeframe
• Customer Redaction: We honor customer data deletion requests received through Shopify's privacy webhooks
• Manual Deletion: You can contact us to request deletion of your data

8.3 Data Correction

• You can update your Odoo connection credentials at any time through the App settings
• Sync errors and issues can be resolved through the App's interface

8.4 Revoke Access

• You can revoke App access at any time by uninstalling the App from your Shopify admin
• Uninstalling will stop all data synchronization and initiate data deletion procedures

9. Data Retention

• Active Accounts: We retain your data for as long as the App is installed and active on your Shopify store
• After Uninstallation: After you uninstall the App, we retain data only as necessary to:
  • Complete pending synchronization operations
  • Comply with legal obligations
  • Resolve disputes and enforce agreements
  • Data is then permanently deleted within 48-72 hours of uninstallation (as per Shopify's shop redaction webhook)
• Logs: Error logs and activity logs may be retained for a limited period for troubleshooting and service improvement purposes

10. Privacy Requests (GDPR/CCPA Compliance)

We comply with data protection regulations including GDPR, CCPA, and other applicable privacy laws. Our App implements Shopify's mandatory GDPR webhooks to handle privacy requests automatically:

10.1 Customer Data Requests (customers/data_request webhook)

• When a customer requests their data from your store through Shopify, we receive an automated webhook notification
• We will provide all customer data stored by the App within 30 days of the request
• Data provided includes: customer profile information, associated orders, and synchronization history
• The data is compiled and made available in a machine-readable format (JSON)

10.2 Customer Data Deletion (customers/redact webhook)

• When a customer requests deletion of their data through Shopify, we receive an automated webhook notification
• We will permanently delete all customer information from our systems within 30 days
• Deleted data includes: customer profiles, contact information, order associations, and any personally identifiable information (PII)
• Once deleted, the data cannot be recovered
• We may retain anonymized data for compliance and analytics purposes only

10.3 Shop Data Deletion (shop/redact webhook)

• When you uninstall the App, Shopify sends us a shop redaction webhook request
• We will permanently delete all associated shop data within 48 hours of receiving the request
• Deleted data includes: all store data, products, orders, customers, inventory mappings, Odoo credentials, access tokens, and configuration settings
• This deletion is automatic and permanent
• We may retain minimal data (shop domain, uninstall date) for up to 6 months for legal compliance and fraud prevention only

10.4 Manual Privacy Requests

You can also submit privacy requests directly to us via email at [email protected]. We will process manual requests within the same timeframes as webhook-based requests.

11. Cookies and Tracking Technologies

The App uses minimal cookies and tracking technologies solely for authentication and session management:

11.1 Session Cookies

• We use session cookies to maintain your login state and authenticate requests to Shopify
• These cookies are essential for the App to function properly
• Session cookies are automatically deleted when you close your browser or log out

11.2 Authentication Tokens

• We store Shopify OAuth access tokens securely to communicate with your store
• These tokens are encrypted and stored server-side only

11.3 No Third-Party Tracking

• We do not use analytics cookies, advertising cookies, or third-party tracking pixels
• We do not track customer behavior on your storefront
• We do not share tracking data with advertisers or marketing platforms

12. Children's Privacy

Our App is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

13. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country. By using the App, you consent to the transfer of your data to these countries. We take appropriate safeguards to ensure your data is protected in accordance with this Privacy Policy.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the new Privacy Policy in the App
• Updating the "Last Updated" date
• Notifying you through the App interface or via email if significant changes are made

Your continued use of the App after changes are made constitutes acceptance of the updated Privacy Policy.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Techmarbles Web Solutions Pvt. Ltd.

• Email: [email protected]
• Website: https://techmarbles.com/products/odoo-shopify-integration/

For privacy-related requests, please include:

• Your Shopify store domain
• The nature of your request
• Any relevant order or customer information (for customer-specific requests)

We will respond to your inquiry within 30 days.

16. Your Consent

By installing and using the Odoo Integration App, you consent to:

• The collection and use of information as described in this Privacy Policy
• The transfer of data between Shopify and your Odoo ERP system
• The processing and storage of data as necessary to provide the App's functionality

If you do not agree with this Privacy Policy, please do not install or use the App.

17. Additional Information

17.1 Shopify Partner Requirements

This App is developed as a Shopify Partner application and complies with:

• Shopify's App Store requirements
• Shopify's Privacy Policy requirements
• Shopify's mandatory webhook requirements for data requests and redaction
• Shopify API Terms of Service
• All applicable data protection and privacy regulations

17.2 Odoo Integration

• This App facilitates data transfer between Shopify and your Odoo instance
• We are not responsible for how Odoo handles or stores your data once it is transferred
• Please review Odoo's privacy policy and terms of service for information about Odoo's data practices

17.3 No Warranty

While we implement security measures to protect your data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to protecting your data using industry-standard practices.

17.4 Privacy Policy Accessibility

This Privacy Policy is publicly accessible at:

• URL: https://techmarbles.com/odoo-app-privacy-policy/
• This policy is also linked within the App interface
• The policy is accessible without requiring login or authentication
• Updated versions will always be available at this URL