Privacy Policy

1. Introduction

DHL RateFlow ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Shopify application.

Important: DHL RateFlow is a third-party application. We are not affiliated with, endorsed by, or connected to DHL International GmbH or Shopify Inc.

2. Information We Collect

2.1 Information Provided by You

• Shop Information: Shop domain, store name
• DHL Account Details: DHL account number, DHL API username and password
• Shipping Origin: Country code, city name, postal code
• Package Settings: Default dimensions (length, width, height), unit of measurement
• Feature Preferences: Premium feature selections

2.2 Information Collected Automatically

• Authentication Tokens: Shopify access tokens (encrypted)
• Usage Data: Number of rate requests, subscription status, API call counts
• Technical Data: IP addresses (for security), request timestamps, error logs

2.3 Information We Do NOT Collect

• Customer personal information (names, addresses, emails)
• Payment card information (handled by Shopify)
• Order details or product information
• Customer shipping addresses (except as needed for rate calculation, then immediately discarded)

3. How We Use Your Information

We use your information for the following purposes:

• Provide Services: Calculate DHL shipping rates in real-time
• Authentication: Verify your identity and maintain secure access
• Billing: Process subscription payments through Shopify
• Customer Support: Respond to inquiries and troubleshoot issues
• Service Improvement: Analyze usage patterns to improve functionality
• Compliance: Meet legal and regulatory obligations
• Security: Detect and prevent fraud, abuse, or security issues

4. How We Share Your Information

4.1 Third-Party Services

We share your information with the following third parties:

• DHL Express API: Your DHL credentials and shipping details are sent to DHL's API to calculate rates. DHL's privacy policy applies to their handling of this data.
• Shopify: Authentication tokens and billing information are shared with Shopify to enable app functionality and process payments.
• Hosting Provider: Our hosting provider (SmarterASP.NET) stores your data on secure servers.

4.2 We Do NOT Sell Your Data

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

4.3 Legal Requirements

We may disclose your information if required by law, court order, or to:

• Comply with legal processes
• Protect our rights, property, or safety
• Prevent fraud or abuse
• Respond to government requests

5. Data Storage and Security

5.1 Storage Location

Your data is stored on secure servers located in the United States. We use industry-standard security measures including:

• Encrypted database connections (SSL/TLS)
• Secure password hashing
• Access controls and authentication
• Regular security audits

5.2 Data Retention

• Active Shops: Data is retained while you actively use the app
• After Uninstall: Data is retained for 30 days for support purposes
• Permanent Deletion: After 30 days, all data is permanently deleted
• Billing Records: Retained for 7 years for tax and accounting purposes (as required by law)

5.3 Security Measures

While we implement robust security measures, no system is 100% secure. We cannot guarantee absolute security but commit to:

• Regular security updates
• Monitoring for suspicious activity
• Incident response procedures
• Prompt notification of any data breaches

6. Your Rights (GDPR & Privacy Laws)

Depending on your location, you may have the following rights:

6.1 Access

You have the right to request a copy of the personal data we hold about you.

6.2 Correction

You can update your information directly in the app settings or request corrections by contacting us.

6.3 Deletion

You can request deletion of your data by:

• Uninstalling the app (automatic deletion after 30 days)
• Contacting us directly for immediate deletion

6.4 Data Portability

You can request an export of your data in machine-readable format by contacting support@dhlrateflow.com

6.5 Objection

You can object to processing of your data for certain purposes (e.g., marketing, which we don't currently do).

6.6 Restriction

You can request restriction of processing in certain circumstances.

6.7 Complaint

You have the right to lodge a complaint with your local data protection authority.

7. GDPR Compliance (European Users)

If you are located in the European Economic Area (EEA), we comply with GDPR requirements:

7.1 Legal Basis for Processing

• Contract Performance: Processing necessary to provide our services
• Legitimate Interest: Improving our services and security
• Legal Obligation: Compliance with tax and accounting laws
• Consent: Where explicitly provided (e.g., marketing communications, if any)

7.2 International Data Transfers

Data may be transferred to and processed in countries outside the EEA. We ensure adequate protection through:

• Standard Contractual Clauses approved by the European Commission
• Compliance with Privacy Shield principles (where applicable)

7.3 Data Protection Officer

For GDPR inquiries, contact: support@dhlrateflow.com

8. Children's Privacy

Our service is intended for businesses and is not directed at children under 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If we learn we have collected such information, we will promptly delete it.

9. Cookies and Tracking

9.1 Cookies We Use

• Essential Cookies: Required for authentication and app functionality
• Preference Cookies: Store your theme preferences (light/dark mode)

9.2 We Do NOT Use

• Advertising cookies
• Third-party tracking cookies
• Analytics cookies (beyond basic usage statistics)

10. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be effective when:

• Posted to this page with a new "Last Updated" date
• Notified via email for material changes (if we have your email)

Your continued use of the app after changes constitutes acceptance of the updated policy.

11. Third-Party Links

Our app may contain links to third-party websites (e.g., DHL, Shopify). We are not responsible for the privacy practices of these websites. Please review their privacy policies separately.

12. Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your data is transferred and becomes subject to a different privacy policy.

13. Contact Us

For privacy-related questions, concerns, or requests:

• Email: support@dhlrateflow.com
• Subject Line: "Privacy Request" or "GDPR Request"

We will respond to all requests within 30 days (or as required by applicable law).

14. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights:

• Right to know what personal information is collected
• Right to know whether personal information is sold or disclosed
• Right to say no to the sale of personal information (we don't sell data)
• Right to access your personal information
• Right to equal service and price (no discrimination for exercising privacy rights)

15. Legal Disclaimer

Important Notice: DHL RateFlow is a third-party application for calculating DHL Express shipping rates. We are not affiliated with, endorsed by, or connected to DHL International GmbH. DHL® and DHL Express® are registered trademarks of DHL International GmbH.

16. Consent

By installing and using DHL RateFlow, you consent to:

• Collection and use of your information as described in this Privacy Policy
• Processing of your data for the purposes outlined above
• Transfer of your data to third-party services (DHL API, Shopify)