Privacy Policy

This Privacy Policy describes how the SmartBill Invoice App ("App") collects, uses, stores, and protects information when you install and use our Shopify application.

We are committed to protecting your privacy and complying with applicable data protection laws, including the General Data Protection Regulation (GDPR) and other relevant privacy legislation.

Via Shopify APIs: order details (products, amounts, shipping, taxes, payment method, addresses) for invoice generation; product data (titles, SKUs, barcodes, inventory levels) for stock synchronization; customer data (names, company names, VAT codes, addresses) accessed on-demand during invoice generation — we do not store customer personal data; shop data (name, domain, currency, tax settings) for configuration.

Directly from you: SmartBill API credentials stored encrypted (AES-256-GCM); app configuration (invoice series, tax rates, warehouse settings); contact information provided voluntarily when requesting support.

We do not directly collect data from your customers. Customer information is accessed through Shopify's APIs at the time of invoice generation and transmitted to SmartBill.

We use collected data to generate invoices in SmartBill, synchronize inventory, configure app behavior, provide chat support, monitor app health, track billing and usage, and improve our services through aggregated, anonymized data.

We do not sell your data to third parties, use your data for advertising, or share customer data with anyone other than SmartBill (as configured by you).

We share data only with: SmartBill (order and customer data for invoice generation, as configured by you), OpenAI (chat messages without customer PII for AI assistant responses), Resend (support email content for escalation), and Shopify (order metafields with invoice references for customer-facing download links).

Data is stored in PostgreSQL hosted on secure infrastructure in Europe. SmartBill API tokens are encrypted at rest using AES-256-GCM. All communications use HTTPS/TLS encryption.

Security measures include HMAC signature verification for all Shopify webhooks, bearer token authentication for SmartBill webhooks, session-based authentication via Shopify's OAuth, and isolated sandboxes for UI extensions.

App settings and credentials are retained until you disconnect or uninstall. Successful invoice records are kept indefinitely (legal requirement). Failed invoice records are kept for 30 days. Audit and stock sync logs are kept from 7 days to 3 years based on your plan. Chat conversations are kept until app uninstall.

When you uninstall the App, all your data is permanently deleted within 48 hours.

Under GDPR and applicable privacy laws, you have the right to access, rectification, erasure (fulfilled automatically on app uninstall), restriction, portability, and objection. To exercise any of these rights, contact us at privacy@weinstall.ro. We will respond within 30 days.

Our App does not use cookies, tracking pixels, or any client-side tracking technologies. The App operates entirely within Shopify's embedded app framework.

If your data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) with sub-processors and OpenAI's Data Processing Addendum.

We may update this Privacy Policy from time to time. We will notify you of material changes through the App or via email. Continued use after changes constitutes acceptance.

For privacy-related questions, data requests, or concerns: CECO DIGITAL SOLUTIONS S.R.L. — Email: privacy@weinstall.ro — Website: https://weinstall.ro