1. Overview
Smart Que ("the App", "we", "our", or "us") is an order and fulfillment operations application for Shopify merchants. This Privacy Policy explains how we access, process, store, and protect personal data in connection with providing services to merchants.
Smart Que operates exclusively within the Shopify platform and processes data solely to provide operational visibility and order management functionality to merchants.
2. Personal Data We Process
When a merchant installs Smart Que, we may access and process the following Shopify data:
Merchant Data
- Shop name
- Shopify domain
- Store identifiers
Order Data
- Order ID and name
- Order timestamps
- Financial and fulfillment status
- Order totals
Customer Data (Protected Customer Data – Level 2)
- Customer first and last name
- Email address
- Phone number
- Shipping and billing address
Fulfillment & Tracking Data
- Tracking numbers and URLs
- Courier information
- Delivery timestamps
- Return status
We do not access or process payment card data.
3. Purpose of Processing
We process personal data strictly to:
- Sync Shopify orders into our system
- Display operational dashboards and reporting
- Track fulfillment and delivery performance
- Allow merchants to update order tags and shipping details
- Provide customer-level order history and operational insights
We do not use personal data for:
- Advertising
- Profiling
- Marketing
- Resale
- Data brokering
4. Data Minimization
We process only the minimum personal data required to provide Smart Que functionality. No additional customer data is collected outside Shopify APIs.
5. Data Retention
We retain merchant and customer personal data:
- For the duration that the merchant actively uses the App.
- Upon app uninstallation, all associated personal data is deleted within 2 days.
- Backups containing merchant data are retained for a maximum of 2 additional days before automatic deletion.
We do not retain personal data longer than necessary for operational purposes.
6. Data Deletion Upon Uninstall
When a merchant uninstalls Smart Que:
- Shopify access tokens are immediately revoked.
- Merchant data is scheduled for deletion.
- All associated personal data is permanently deleted within 2 days.
Merchants may also request deletion at any time by contacting us.
7. Data Security
We implement industry-standard technical and organizational safeguards including:
- TLS/HTTPS encryption for data in transit
- Encryption at rest using Google Cloud infrastructure
- Encrypted database backups
- Role-based access controls
- Strong authentication for staff accounts
- Separation of test and production environments
- Access logging for sensitive systems
- Security monitoring and incident response procedures
8. Data Loss Prevention & Access Controls
Staff access to production data is strictly limited.
- Access is granted only where necessary for operational support.
- Strong password requirements and multi-factor authentication are enforced.
- All access to protected systems is logged and monitored.
9. Incident Response
We maintain a security incident response policy. In the event of a data security incident, we will:
- Investigate and contain the issue
- Notify affected merchants where required
- Take corrective and preventive measures
10. Consent & Merchant Responsibilities
Smart Que acts as a data processor on behalf of merchants. Merchants are responsible for obtaining any required customer consents under applicable laws.
We respect merchant and customer opt-out decisions where applicable.
11. Data Sharing
We do not sell or rent personal data.
Personal data is processed only:
- On secure Google Cloud infrastructure
- With service providers required to operate the App
- As required by law
All providers are contractually obligated to protect data.