Privacy Policy - Dr. CRO Delivery Partner Picker

Introduction

Dr. CRO Delivery Partner Picker ("we," "our," or "the App") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our Shopify application.

Information We Collect

Store Information

When you install our App, we collect and store the following information from your Shopify store:

Shop Domain: Your Shopify store's domain name
Store Owner Information: Basic store identification details
Access Tokens: Encrypted tokens to authenticate API requests

Delivery Partner Data

The App stores the following data you configure:

Delivery Partner Information: Names, descriptions, and logo URLs of delivery partners you add
Settings: Your app configuration preferences (selection mode, display options, custom text)
Partner Status: Whether delivery partners are enabled or disabled

Order and Customer Preference Data

When customers interact with the App at checkout or on order status pages:

Order ID and Order Number: To associate preferences with specific orders
Delivery Partner Selections: Customer-selected delivery partners and their ranking
Timestamp: When preferences were submitted

Automatically Collected Information

Log Data: Server logs including IP addresses, browser type, and access times for debugging and security purposes

How We Use Your Information

App Functionality

Display delivery partner options to your customers during checkout
Store and retrieve customer delivery preferences
Show delivery partner preferences in your Shopify admin order details
Sync settings and partner data via Shopify metafields

Service Improvement

Monitor app performance and identify technical issues
Analyze usage patterns to improve features
Provide customer support

Legal Compliance

Comply with applicable laws and regulations
Respond to legal requests and prevent fraud

Data Storage and Security

Storage Location

Database: Data is stored in a secure PostgreSQL database hosted on a protected server
Shopify Metafields: Partner and settings data is synced to your Shopify store's metafields

Security Measures

We implement industry-standard security measures including:

Encrypted data transmission (SSL/TLS)
Secure authentication using Shopify OAuth
Regular security updates and patches
Access controls and authentication tokens
Database security and backups

Data Retention

Active Stores: Data is retained while your store has the App installed
Uninstalled Apps: Upon app uninstallation, we retain data for 30 days to allow for reinstallation, after which it is permanently deleted
Order Preferences: Stored indefinitely while the app is installed to maintain historical order information

Data Sharing and Disclosure

Third-Party Services

We do not sell, trade, or rent your personal information to third parties. We may share data with:

Shopify: As required for app functionality through the Shopify API
Hosting Providers: To store data on secure servers
Service Providers: Only when necessary for app operation, under strict confidentiality agreements

Legal Requirements

We may disclose information if required to:

Comply with legal obligations, court orders, or government requests
Enforce our Terms of Service
Protect the rights, property, or safety of our users or the public
Investigate fraud or security issues

Your Rights and Choices

Access and Control

As a merchant, you have the right to:

Access: View all data stored by the App through your admin interface
Modify: Update delivery partners and settings at any time
Delete: Remove delivery partners or order preferences
Export: Request a copy of your data by contacting us

Customer Rights

Your customers have the right to:

Opt-out: Choose not to submit delivery preferences (if not required in settings)
Access: Request their delivery preference data through you, the merchant
Deletion: Request deletion of their preferences through you

Data Portability

You may request a complete export of your data by contacting us at support@crodoctor.com

Cookies and Tracking

The App uses:

Session Tokens: Shopify-provided session tokens for authentication
No Third-Party Tracking: We do not use third-party analytics or advertising cookies
Local Storage: Browser local storage may be used for app state management

Children's Privacy

Our App is not directed to individuals under the age of 13. We do not knowingly collect personal information from children under 13. If you become aware that a child has provided us with personal information, please contact us.

International Data Transfers

Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your information in compliance with applicable data protection laws.

GDPR Compliance (European Users)

If you are located in the European Economic Area (EEA), you have additional rights under GDPR:

Right to Access: Request access to your personal data
Right to Rectification: Request correction of inaccurate data
Right to Erasure: Request deletion of your data ("right to be forgotten")
Right to Restriction: Request restriction of processing
Right to Data Portability: Receive your data in a structured, machine-readable format
Right to Object: Object to processing of your personal data
Right to Withdraw Consent: Withdraw consent at any time

To exercise these rights, contact us at support@crodoctor.com

Legal Basis for Processing

We process your data based on:

Contractual Necessity: To provide the App services you've requested
Legitimate Interests: To improve and secure our services
Legal Obligations: To comply with applicable laws

CCPA Compliance (California Users)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

Right to Know: What personal information we collect and how it's used
Right to Delete: Request deletion of your personal information
Right to Opt-Out: Opt-out of the sale of personal information (Note: We do not sell personal information)
Right to Non-Discrimination: Equal service regardless of privacy rights exercise

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

Posting the new Privacy Policy on this page
Updating the "Last Updated" date
Sending an email notification (for material changes)

Your continued use of the App after changes constitutes acceptance of the updated Privacy Policy.

App Uninstallation

When you uninstall the App:

We receive a webhook notification from Shopify
Your data is marked for deletion
After 30 days, all data is permanently deleted from our database
Metafield data in your Shopify store may persist and should be manually removed if desired

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Dr. CRO

Email: crodoctor@protonmail.com

Website: https://crodoctor.com

For GDPR-related inquiries, please include "GDPR Request" in your email subject line.

For CCPA-related inquiries, please include "CCPA Request" in your email subject line.

Merchant Responsibilities

As a merchant using this App, you are responsible for:

Informing your customers about data collection through your own privacy policy
Obtaining necessary consents from customers where required
Complying with applicable data protection laws in your jurisdiction
Handling customer data requests (access, deletion, etc.) appropriately

Third-Party Links

The App does not contain links to third-party websites. Any external resources (such as partner logos) are provided by you and are your responsibility.

Data Processing Agreement

By installing and using this App, you agree that we may process data on your behalf as described in this Privacy Policy. We act as a data processor, and you (the merchant) remain the data controller for customer information.