Privacy Policy

1. Overview

Shiplox (“we”, “us”) operates the sourcing and fulfillment platform at https://app.shiplox.net. This policy explains what data we collect, how we use it, and your rights.

2. Data We Collect

• Account data: email address, name, business name, role (buyer / supplier / warehouse).
• Order data: product names, quantities, shipping addresses, tracking numbers imported from connected stores.
• Connected platform data: store or marketplace domain, OAuth tokens, product references, order data, and webhooks where a live integration is enabled.
• Shopify fulfillment data: order identifiers, line items, customer email, recipient name, shipping address, destination country, and fulfillment status when a merchant connects Shopify for order import.
• Payment data: invoices and Stripe checkout sessions. Card details are processed by Stripe. We never see raw card numbers.
• Usage data: page views and server logs retained for up to 30 days.

3. How We Use Your Data

• To provide sourcing quotes, order management, and fulfillment services.
• To sync orders from your connected store or marketplace where a live integration is enabled.
• To send transactional emails (quote notifications, shipment updates, invoices).
• To process payments via Stripe.
• To improve platform reliability and debug errors.

4. Connected Platform Data

When you connect Shopify, we request only the access needed for the enabled workflow, such as reading orders and product references.

Shopify order contact and shipping fields are used only to prepare fulfillment, packing, shipping, returns, reships, customer support, and shipment notifications. Shiplox does not use connected store customer data for advertising or resale.

We comply with Shopify’s GDPR requirements. Upon receiving acustomers/redact or shop/redact webhook, we anonymize or delete the relevant records from our database within 30 days.

5. Data Sharing

We do not sell your data. We share data only with:

• Managed infrastructure providers for secure database and authentication hosting.
• Stripe for payment processing.
• Resend for transactional email delivery.
• Vercel for application hosting and serverless functions.

6. Data Retention

We retain your account and order data for as long as your account is active. If you close your account, we delete your personal data within 30 days, except where retention is required by law (e.g. financial records).

7. Your Rights

You have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion of your data (right to erasure).
• Export your data in a portable format.
• Withdraw consent at any time by disconnecting your connected platform or closing your account.

To exercise these rights, email us at support@shiplox.net.

8. Cookies

We use only essential session cookies required for authentication and security (OAuth state tokens and secure login sessions). We do not use tracking or advertising cookies.

9. Security

All data is transmitted over HTTPS. Shopify access tokens are stored in restricted server-side records and are not exposed in the browser. Passwords are hashed by our authentication provider. We conduct regular security reviews of our infrastructure.

10. Changes to This Policy

We may update this policy periodically. We’ll notify you by email or an in-app notice for material changes. Continued use of Shiplox after changes constitutes acceptance.