SmartParcel BD Privacy Policy

 # Privacy Policy


**Last Updated:** January 2025


## Introduction


SmartParcel BD ("we," "our," or "us") respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, store, and protect your information when you use our Shopify app ("Service"). By installing and using SmartParcel BD, you agree to the collection and use of information in accordance with this policy.


## Information We Collect


To provide our courier management services, we collect and process the following types of data:


### 1. Order Data

- Shopify order IDs and order numbers

- Customer names and contact information (email, phone)

- Shipping addresses (city, area/zone, full address)

- Order totals, payment status, and fulfillment status

- Product information and order line items

- Payment method information (including COD amounts)


### 2. Shipment Data

- Tracking numbers and consignment IDs

- Courier service information (Steadfast, Pathao, RedX)

- Shipment status and delivery updates

- City and area/zone selections for delivery

- Delivery charge calculations

- Package weight and dimensions (if provided)


### 3. Fraud Check Data

- Customer phone numbers (normalized to 11 digits for Bangladesh)

- Delivery history and success rates

- Order cancellation statistics

- Courier-wise delivery breakdown

- Risk assessment scores


### 4. Merchant Data

- Shop domain and merchant account information

- Courier API credentials (encrypted before storage)

- Merchant preferences and settings

- Usage statistics (bookings, label downloads)

- Subscription plan information and billing data

- Brand information for shipping labels (name, phone, address, logo)


### 5. Session Data

- Shop domain

- Access tokens for Shopify API (managed securely through Shopify's session storage)

- User authentication information

- Application state and preferences


### 6. COD Reconciliation Data

- Expected COD amounts

- Actual collected amounts

- Collection and remittance dates

- Reconciliation status and discrepancies

- Courier remittance references


## How We Use Your Information


We use the collected information for the following purposes:


1. **Service Delivery**: To provide courier management services, including booking shipments, generating labels, and tracking deliveries

2. **Fraud Prevention**: To assess risk for COD orders and help protect merchants from fraudulent transactions

3. **Service Improvement**: To analyze usage patterns and improve our service functionality

4. **Communication**: To send important service updates and respond to support requests

5. **Billing**: To process subscription payments and manage plan upgrades/downgrades

6. **Compliance**: To comply with legal obligations and Shopify's requirements


## Data Storage and Security


Your data is stored securely using industry-standard security measures:


- **Database**: All data is stored in a secure PostgreSQL database hosted on Railway

- **Encryption**: API credentials and sensitive merchant information are encrypted before storage

- **Access Tokens**: Shopify access tokens are securely managed through Shopify's official session storage mechanisms

- **HTTPS**: All data transmission uses secure HTTPS encryption

- **Access Controls**: We implement strict access controls and authentication to protect your data

- **Regular Backups**: Data is backed up regularly to prevent loss

- **Security Monitoring**: We regularly monitor our systems for security vulnerabilities and apply updates promptly


## Third-Party Services


We integrate with the following third-party services to provide courier management functionality:


### Pathao

We share order and shipping information with Pathao to create shipments and track deliveries. This includes customer names, addresses, phone numbers, and order details. Pathao's privacy policy applies to their handling of this data.


### RedX

We share order and shipping information with RedX to create shipments and track deliveries. This includes customer names, addresses, phone numbers, and order details. RedX's privacy policy applies to their handling of this data.


### Steadfast

We share order and shipping information with Steadfast to create shipments and track deliveries. This includes customer names, addresses, phone numbers, and order details. Steadfast's privacy policy applies to their handling of this data.


### FraudChecker Service (Optional)

If you configure the FraudChecker service in your settings, we may share customer phone numbers with the FraudChecker service to perform fraud checks on high-value COD orders. This service is optional and only used when enabled by the merchant.


### Shopify

We receive order and customer data from Shopify through their API. Our use of this data is governed by Shopify's Partner Program Agreement and this privacy policy.


### Railway (Hosting Provider)

Our application and database are hosted on Railway. Railway's infrastructure security and privacy practices apply to the hosting environment.


## Data Retention


We retain your data for as long as necessary to provide our services:


- **Active Merchant Data**: Retained while your app is installed and your subscription is active

- **Session Data**: Deleted immediately upon app uninstallation

- **Merchant Data**: Deleted within 48 hours after app uninstallation (processed via Shopify's shop/redact webhook)

- **Customer Data**: Can be deleted upon request (processed via Shopify's customers/redact webhook)

- **Order and Shipment Data**: Retained for operational and historical purposes. Can be deleted upon request or automatically deleted after a reasonable retention period following app uninstallation

- **Usage Statistics**: Retained for billing and service improvement purposes while your account is active


## Your Data Rights


You have the following rights regarding your personal data:


1. **Right to Access**: Request a copy of your data. You can do this through Shopify's customer data request feature, which triggers our `customers/data_request` webhook handler.

2. **Right to Deletion**: Request deletion of your data. This can be done by:

   - Uninstalling the app (triggers automatic deletion via `shop/redact` webhook)

   - Requesting customer data deletion through Shopify (triggers `customers/redact` webhook)

   - Contacting us directly at support@havely.store

3. **Right to Rectification**: Update your merchant settings and preferences at any time through the app's Settings page

4. **Right to Data Portability**: Export your shipment and order data through the app interface or by contacting us

5. **Right to Object**: Object to certain processing of your data by adjusting app settings or contacting us


## Data Deletion Requests


### Customer Data Deletion

Customer data deletion requests can be made through Shopify's customer data deletion feature. We automatically process these requests via the `customers/redact` webhook, which deletes all customer-related data including:

- Customer phone numbers from fraud checks

- Order associations

- Shipment associations


### Shop Data Deletion

When you uninstall the app, all shop-related data will be automatically deleted within 48 hours via the `shop/redact` webhook, including:

- Merchant account information

- Courier account credentials

- Merchant settings

- All shipments and order actions

- COD reconciliation data


### Manual Deletion Requests

You can also request data deletion directly by contacting us at support@havely.store. We will process your request within 30 days.


## Data Sharing and Disclosure


We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:


1. **With Courier Services**: As necessary to fulfill shipment bookings and track deliveries (Pathao, RedX, Steadfast)

2. **With Fraud Prevention Services**: If you enable fraud checking, phone numbers may be shared with FraudChecker service

3. **Legal Requirements**: When required by law, court order, or government regulation

4. **Business Transfers**: In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity

5. **With Your Consent**: When you explicitly authorize us to share your information


## International Data Transfers


Your data is processed and stored on servers located in secure data centers. Some of our service providers may be located outside of Bangladesh. We ensure that appropriate safeguards are in place to protect your data in accordance with this privacy policy and applicable data protection laws.


## Children's Privacy


Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately.


## Changes to This Privacy Policy


We may update this privacy policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. We will notify you of any material changes by:

- Posting the updated policy on this page

- Updating the "Last Updated" date at the top of this policy

- Notifying you through the app or via email if changes are significant


Your continued use of the Service after any changes constitutes acceptance of the updated policy.


## Compliance


We are committed to complying with:

- Shopify's App Store Requirements

- General Data Protection Regulation (GDPR) where applicable

- Bangladesh data protection laws

- Shopify's Partner Program Agreement


## Cookies and Tracking


Our app uses Shopify's session management system and does not use cookies or tracking technologies beyond what is necessary for the app's functionality. We do not use third-party analytics or advertising cookies.


## Contact Us


If you have any questions, concerns, or requests regarding this privacy policy or our data practices, please contact us:


**Email**: support@havely.store


**Support Portal**: Available through the SmartParcel BD app or at https://smart-parcel-bd-production.up.railway.app/app/support


We aim to respond to all privacy inquiries within 30 days.


## Additional Information


### Data Controller

The data controller for your personal information is the operator of SmartParcel BD. For questions about data processing, contact support@havely.store.


### Supervisory Authority

If you are located in a jurisdiction with data protection authorities, you have the right to lodge a complaint with your local supervisory authority if you believe your data rights have been violated.


---


**SmartParcel BD**  

Last Updated: January 2025



Comments

Post a Comment

Popular posts from this blog

Privacy Policy

# Privacy Policy **Last Updated: December 2025** ## Introduction This Privacy Policy describes how BarBoost ("we", "our", or "the App") collects, uses, and protects information when you use our Shopify application. We are committed to protecting your privacy and handling your data responsibly. ## Information We Collect ### Information Provided by You - **Shop Information** : When you install the app, we collect your shop domain and access token to provide app functionality - **Bar Data** : Any content, settings, and configurations you create for your announcement bars - **Account Information** : Basic account information provided through Shopify authentication ### Information Collected Automatically - **Analytics Data** : We collect anonymous usage statistics including:   - Bar impressions (views)   - Bar clicks   - A/B test performance metrics - **Technical Data** : App usage patterns and performance metrics ### Information from Shopify The app receives i...
Read more