JsRates Privacy Notice

This Privacy Notice is effective as of December 03, 2023.

JsRates ("the App", "the Application" or "the Service"), a Shopify App created by YOD Solutions (also "we", "us", "our"), is a web application that provides functionality for merchants using the Shopify platform. The Application is owned and operated by YOD Solutions Pty Ltd, registered in Australia.

In this Notice, the term "User", "App User" or "you" refers to a person that uses the Application while it is installed on their Shopify store. As an App User, under the General Data Protection Regulation (GDPR), you are considered the Data Controller with respect to the personal data you provide to JsRates.

Data Controller, Data Processor, Data Subject, Personal Data, Processing, Supervisory Authority and other terms not defined shall have the same meaning as in the GDPR.

We respect your privacy. This Privacy Notice ("the Notice") explains our privacy practices for the Application and describes your rights and options regarding your personal information.

Personal Data Processing and Usage

Contact Information: Upon installing the Application through the Shopify App Store, we collect and store your contact and store information, including your name, e-mail address, Shopify store’s name, and store plan. This information is collected for the legitimate interest of receiving updates on the use of our services, ensuring security, and notifying you about system events, installs, uninstalls, or other significant occurrences for service quality improvement.

Analytics Tracking: We utilize Google Analytics for aggregated and anonymized analysis of the Application’s usage statistics to understand and improve service usage.

Technical Data: Our service provider, Cloudflare, gathers technical data, including IP addresses and details about traffic to and from the Application, as well as information about devices and networks used by App Users. This data collection is crucial for ensuring the security of the Application and for identifying and addressing technical issues. This process is conducted under the legitimate interest of maintaining the integrity and security of the Application.

Application Logs: The Application stores up to 50 most recent logs of shipping rates data from your Shopify checkout, the Application API, or the Application code editor. This log data, including customers' full names, addresses, and cart item details, is stored encrypted and solely for debugging purposes. You have the option to deactivate log storage and permanently delete stored logs from inside the Application "Settings" page.

Application Analytical Data: Analytical data extracted from log data is stored to assist in monitoring the performance of your shipping rules. This includes shipping rate request duration, amount, and status, but excludes customer-specific information.

Application Variables: Sensitive data like passwords or API tokens can be stored as encrypted environment variables, which are decrypted only during runtime. This ensures data security and prevents leaks.

Order History and Customer Details: The Application features the ability to search for your Shopify store’s order history and customers' details to facilitate providing personalized shipping rates. This information is accessed only during runtime via an API connection and is not stored post-runtime, except if you, as the App User, choose to include such data in the debug variables for the logs.

Email Correspondence: We process and use email correspondence to exchange messages with you for business purposes. This includes maintaining open and effective communication regarding the Application's functionality, updates, and support. This processing is grounded in our legitimate interest to ensure seamless and responsive communication with you as an App User.

Fetching Real-Time Shipping Rates: The Application includes a feature to obtain real-time shipping rates from third-party platforms and couriers through API integrations. In these instances, only the product dimensions and weight information are transferred to request rates. This ensures that the necessary data is used for accurate shipping calculations while maintaining data minimization principles.

Use of Artificial Intelligence (AI) for Code Generation and Explanation: The Application employs AI technologies, including those provided by OpenAI, Google, and Cloudflare, for code generation and explanation. The prompts and inputs you provide may be processed by these third-party AI systems. Please be aware that these inputs might be used by these third parties in their AI training processes.

Our employees may access stored log data and code to resolve issues when contacted by you or proactively in response to monitoring alerts.

Disclosure of Personal Data to Third Parties

We may disclose your personal data to authorized individuals and our collaboration partners who assist in delivering our services. This may include IT service providers (like email service providers, website maintenance, AI service providers, server hosting and maintenance), marketing service providers, and payment processors.

Additionally, your personal data may be shared under the following circumstances:

• Legal Requests: Upon receiving a legally substantiated request, we may disclose your personal data to legally authorized entities (such as investigative authorities), in accordance with applicable legal procedures.
• Protection of Legal Interests: To defend our legal rights (for example, in cases of infringement), we may share your personal data with courts, bailiffs, or other pertinent governmental institutions.
• Business Operations: Your personal data may be shared with partners such as auditors, legal advisors, consultants, financial institutions, and insurers. On a necessary basis, this information might also be shared with our shareholders, financiers, and potential buyers of our business or its parts.
• Payment Processing: We may share relevant personal data with payment service providers as needed for processing payments.

We commit to not sharing your personal data with third parties unless there is a legitimate purpose and legal basis for such disclosure. We assure you that your personal information is not sold.

Security and Data Retention

Data Retention Period: We retain your personal data only as long as necessary for the objectives outlined in this Privacy Notice. Retention may extend beyond this period as required by applicable laws, such as for accounting purposes or to comply with the statute of limitations for legal claims protection.

Service-Related Data: Data pertaining to services provided or received is retained for up to 10 years from the end of the year in which the service was completed, primarily for accounting purposes. This period may be extended if necessary for legal claim protection.

Customer Support Data: Information related to customer support may be kept for up to 5 years or as long as needed to safeguard against potential legal claims.

Application Data: Logs, analytics data, code files, and stored environment variables are automatically deleted within 48 hours after the Application is uninstalled or upon your request for data deletion.

Security Measures: We consistently enhance measures to protect the data we process or store. This includes SSL encrypted communication with the Shopify API, robust password protection for our infrastructure and employee workstations, and Public Key Infrastructure solutions where feasible. Once destroyed, data cannot be recovered.

Data Breach Protocol: In the unlikely event of a data breach, we will promptly inform affected users about the incident and the specific data compromised, if it poses a high risk to your rights and freedoms. Notifications will be sent within 72 hours of detecting the breach.

International Data Transfer

Global Data Processing: The Application utilizes globally distributed data centers, which means that your data can be processed or accessed in various regions around the world. We adhere to applicable data protection laws for international data transfer, ensuring that your information is handled securely.

Safeguards for Data Transfer: The transfer of personal data to countries outside your jurisdiction is safeguarded through measures such as standard data protection clauses adopted by the European Commission, Business Corporate Rules, or adequacy decisions. These safeguards are in place to maintain the security and integrity of your data.

Third-Party Service Providers: Our service providers, including Cloudflare, Google Analytics, Google Cloud, OpenAI, and Shopify, also follow stringent data protection practices. For more detailed information about their specific safeguards, data processing terms, and privacy policies, please refer to the following links:

• Cloudflare: Privacy Policy
• Google Analytics: Processor Terms and SCCs
• Google Cloud: Data Processing Addendum and SCCs
• OpenAI: Data Processing Addendum and Supplier DPA
• Shopify: Privacy Policy

EU Data Subject Rights Under GDPR

As stipulated by the General Data Protection Regulation (GDPR), you have certain rights regarding the processing of your personal data:

• Right to Access: Our Application promotes self-service access to your data. Most of your information can be accessed directly by you. If you require access to any part of your data not available through self-service, you may request it from our Support.
• Right to Erasure: You can request the removal of your data from our controlled resources, subject to legal, accounting, and security limitations. Requests for data deletion can be made by email to [email protected], and the data will be removed in compliance with legal and regulatory requirements.
• Right to Rectification: You have the right to correct any inaccuracies in your personal data. Corrections can be made directly in the Application or by contacting us on [email protected].
• Right to Restriction of Processing: You can request us to cease processing your personal data, except for storage purposes. We may continue processing if there is a legitimate basis for doing so.
• Right to Data Portability: When applicable, you can request your personal data in a structured, commonly used, and machine-readable format, or request its transfer to another entity, where feasible.
• Right to Object: You may object to the processing of your personal data based on our legitimate interests. You can also object to processing for direct marketing purposes at any time.
• Right to Withdraw Consent: If processing is based on your consent, you may withdraw it at any time, without affecting the lawfulness of processing based on consent prior to its withdrawal.

For requests regarding these rights, please contact us on [email protected]. Note that fulfilling your requests may require additional personal data processing for identification purposes.

Use by Minors

Our Application is not designed for individuals under the age of 18. We do not intentionally collect or solicit personal information from minors. If we become aware that we have collected personal data from a minor, we take steps to remove that information.

Updates to Privacy Notice

We reserve the right to occasionally update and revise this Privacy Notice. Your continued use of the Application constitutes your agreement to comply with and be bound by these updates and revisions. We encourage you to review this Notice periodically to stay informed of any changes.

Contact Information

JsRates is a product of YOD Solutions Pty Ltd, a limited liability company registered in Australia. Our Australian Business Number (ABN) is 672 231 515. Address: 4 Eventide Avenue, Tarneit, VIC 3029, Australia

For any inquiries or support requests, please reach out to us via email at [email protected].