Privacy Policy

1. Introduction

Welcome to DHL RateFlow ("we," "our," or "us"). We are committed to protecting your privacy and handling your data in an open and transparent manner. This Privacy Policy explains how we collect, use, store, and protect your information when you use our Shopify app.

DHL RateFlow is a third-party Shopify app that provides real-time DHL Express shipping rate calculations. We are not affiliated with, endorsed by, or connected to DHL International GmbH or Shopify Inc.

2. Information We Collect

2.1 Information You Provide

• Shop Information: Your Shopify store domain and basic store details
• DHL Account Details: Your DHL account number and API credentials
• Origin Location: Country code, city, and postal code for shipment origin
• Package Settings: Default package dimensions and unit of measurement preferences
• Contact Information: Email address associated with your Shopify account

2.2 Automatically Collected Information

• API Usage Data: Number of rate calculation requests, timestamps, and request parameters
• Subscription Information: Your current plan, billing status, and usage limits
• Technical Data: Browser type, device information, IP address (for security purposes)
• Rate Calculation Data: Shipment weights, dimensions, destinations (temporarily for calculation purposes only)

3. How We Use Your Information

We use the collected information for the following purposes:

3.1 Service Delivery

• Calculate real-time DHL shipping rates for your customers
• Display accurate shipping options at checkout
• Process API requests to DHL on your behalf

3.2 Account Management

• Manage your subscription and billing
• Track API usage and enforce rate limits
• Provide access to premium features based on your plan

3.3 Service Improvement

• Analyze usage patterns to improve app performance
• Provide analytics and insights (for Pro+ subscribers)
• Monitor and ensure service availability

3.4 Communication

• Send important service updates and notifications
• Respond to support requests
• Notify you of changes to our terms or policies

4. Data Storage and Security

4.1 Where We Store Your Data

Your data is stored securely on servers located in [Your Region/Cloud Provider]. We use industry-standard cloud infrastructure with robust security measures.

4.2 Security Measures

• Encryption: All data is encrypted in transit (TLS/SSL) and at rest
• Access Controls: Strict access controls limit who can view your data
• API Credentials: DHL API credentials are encrypted using industry-standard encryption
• Regular Audits: We regularly review and update our security practices

4.3 Data Retention

• Active Accounts: Data is retained while your subscription is active
• After Cancellation: Configuration data is retained for 30 days to allow reactivation
• Usage Logs: API usage logs are retained for 90 days for analytics and support
• Upon Request: You can request immediate deletion of your data at any time

5. Third-Party Services

We integrate with the following third-party services:

5.1 DHL API

We send shipment parameters (weight, dimensions, origin, destination) to DHL's API to calculate shipping rates. This data is transmitted securely and is not stored by DHL beyond what's necessary for rate calculation. DHL's privacy practices are governed by their own privacy policy.

5.2 Shopify

We access your Shopify store data through Shopify's API using OAuth 2.0. We only request the minimum permissions necessary to provide our service. Shopify's privacy practices are governed by their privacy policy.

5.3 Payment Processing

All subscription payments are processed through Shopify's billing system. We do not handle or store your payment information.

6. Your Rights (GDPR & Privacy Laws)

You have the following rights regarding your personal data:

• Right to Access: Request a copy of all data we hold about you
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your data ("right to be forgotten")
• Right to Export: Receive your data in a portable format
• Right to Restrict Processing: Limit how we use your data
• Right to Object: Object to certain types of data processing
• Right to Withdraw Consent: Withdraw consent for data processing at any time

7. GDPR Compliance

7.1 Lawful Basis for Processing

We process your data under the following lawful bases:

• Contractual Necessity: To provide the shipping rate calculation service you've subscribed to
• Legitimate Interest: To improve our service and prevent fraud
• Legal Obligation: To comply with tax and legal requirements
• Consent: For optional features like analytics (Pro+ plans)

7.2 Data Subject Rights

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under GDPR, as outlined in Section 6 above.

7.3 Data Protection Officer

For GDPR-related inquiries, you can contact our Data Protection Officer at: support@dhlrateflow.com

8. Cookies and Tracking

DHL RateFlow uses minimal cookies and tracking technologies:

• Essential Cookies: Required for authentication and session management
• Preference Cookies: Remember your settings (e.g., dark mode preference)
• No Advertising Cookies: We do not use cookies for advertising purposes

You can control cookies through your browser settings. Note that disabling essential cookies may affect app functionality.

9. Children's Privacy

DHL RateFlow is not intended for use by individuals under the age of 18. We do not knowingly collect data from children. If you believe we have inadvertently collected data from a child, please contact us immediately.

10. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence. When we transfer data internationally, we ensure appropriate safeguards are in place, such as:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions confirming equivalent data protection standards
• Other legally recognized transfer mechanisms

11. Data Breach Notification

In the unlikely event of a data breach that affects your personal information, we will:

• Notify you within 72 hours of discovering the breach
• Inform relevant supervisory authorities as required by law
• Provide details about the breach and steps we're taking to address it
• Offer guidance on steps you can take to protect yourself

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make changes:

• We will update the "Last Updated" date at the top of this policy
• For material changes, we will notify you via email or in-app notification
• Your continued use of the app after changes constitutes acceptance of the updated policy

We encourage you to review this policy periodically.

13. Your California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know: What personal information we collect and how we use it
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: Opt-out of the "sale" of personal information (we do not sell your data)
• Right to Non-Discrimination: You will not be discriminated against for exercising your rights

To exercise these rights, contact us at support@dhlrateflow.com with "CCPA Request" in the subject line.

15. Acknowledgment

By using DHL RateFlow, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.

Important Notice: DHL RateFlow is a third-party application. We are not affiliated with, endorsed by, or connected to DHL International GmbH. DHL® and DHL Express® are registered trademarks of DHL International GmbH.