1. Introduction
Quick B2B ("we," "our," or "us") operates the Quick Order application ("the App") available on the SHOPLINE App Store. We are committed to protecting the privacy and security of our merchants and their customers.
This Privacy Policy describes how we collect, use, store, share, and protect your information when you install and use the Quick B2B — Quick Order App on your SHOPLINE store. By using the App, you agree to the collection and use of information in accordance with this policy.
2. Information We Collect
2.1 Information Received from SHOPLINE via OAuth
When you install the App, SHOPLINE's OAuth 2.0 flow provides us access to:
- Store Identity: Store handle/domain, store name, store owner email address, and preferred language.
- Access Tokens: Encrypted OAuth access tokens used to authenticate API requests to SHOPLINE on your behalf.
- Authorization Scopes: The specific API permissions you grant during installation (read_products, write_products, read_orders, write_orders).
2.2 Information Accessed via SHOPLINE APIs
To provide the bulk ordering functionality, we access the following data from your store through SHOPLINE's Admin REST API:
- Product Catalog: Product titles, descriptions, SKUs, barcodes, variants, pricing, inventory quantities, product images, tags, product types, vendor information, and publication status.
- Draft Orders: When a B2B customer submits a bulk order, we create draft orders on your behalf containing line items with product/variant IDs, quantities, and optional customer email.
- Online Store Pages: We check for and manage the dedicated Quick Order page on your storefront.
2.3 Information Stored on Our Servers
| Data Type | Purpose | Storage Duration |
|---|---|---|
| Store handle & name | Identify your store for API calls | Until uninstall |
| Encrypted access tokens | Authenticate API requests | Until uninstall or expiry |
| Cached product data (JSON) | Fast product search on Quick Order page | Refreshed periodically; deleted on uninstall |
| App configuration settings | Your Quick Order page preferences (min/max qty, filters, etc.) | Until uninstall |
| Quick Order page ID | Reference to your storefront page | Until uninstall |
2.4 Information We Do NOT Collect
- We do not store your customers' personal data (names, emails, phone numbers) beyond what is passed to SHOPLINE in draft order creation.
- We do not store or process payment information of any kind.
- We do not track your store visitors or customers across websites.
- We do not access orders, customers, or analytics beyond what is necessary for draft order creation.
3. How We Use Your Information
All information collected is used solely for operating and improving the Quick Order service:
- App Functionality: Display your product catalog on the Quick Order page, enable product search by name/SKU/barcode, allow bulk quantity entry and CSV upload, and create draft orders in your SHOPLINE admin.
- Authentication: OAuth tokens are used exclusively to make authorized API calls to your SHOPLINE store.
- Product Sync: Product data is cached to ensure fast, responsive search on the storefront. Cache is refreshed via background jobs.
- Support: We may use your store handle and owner email to communicate about service issues, updates, or support requests.
4. Data Storage & Security
- Encryption: All SHOPLINE access tokens and storefront tokens are stored encrypted. Data transmission between our servers and SHOPLINE occurs exclusively over HTTPS/TLS.
- Server Security: Our application is hosted on secure cloud infrastructure with firewall protection, regular security patches, and access controls.
- Database: Store data is isolated in a MySQL database with access restricted to authorized application processes only.
- Logging: Server logs may contain store handles and API request metadata for debugging. Logs are rotated and do not contain access tokens or customer personal data.
5. Data Sharing & Disclosure
We do not sell, trade, rent, or otherwise share your store data with third parties for marketing or advertising purposes.
Limited data sharing occurs only in these circumstances:
- With SHOPLINE: Data flows back to SHOPLINE as part of normal API operations (e.g., creating draft orders, fetching products). This is inherent to the App's functionality.
- Service Providers: Our hosting provider and infrastructure services process data on our behalf under strict confidentiality terms.
- Legal Compliance: We may disclose data if required by applicable law, court order, or governmental regulation.
6. Data Retention & Deletion
We retain your store data only while the App remains installed on your SHOPLINE store.
- On Uninstall: When you uninstall the App, SHOPLINE sends an uninstall webhook. Our automated cleanup job (
CleanupUninstalledStoreJob) permanently deletes all store-specific data — including tokens, cached products, settings, and page references — within 48 hours. - GDPR Compliance: We implement GDPR-mandated webhooks. Upon receiving a customer data redact request via SHOPLINE's GDPR webhook, we process the redaction as required. Upon receiving a shop data redact request, all store data is permanently deleted.
- Manual Request: You may request immediate data deletion at any time by contacting us at the email below.
7. Your Rights & Choices
As a merchant using our App, you have the right to:
- Access: Request details of the data we hold about your store.
- Rectification: Request correction of any inaccurate or incomplete data.
- Erasure: Uninstall the App to trigger automatic data deletion, or contact us for manual deletion.
- Restrict Processing: You may revoke API access scopes from your SHOPLINE admin at any time, though this may limit App functionality.
- Data Portability: Your product data and orders remain in your SHOPLINE admin. We do not hold any data that cannot be re-exported from SHOPLINE directly.
8. Cookies & Tracking
- Admin Interface: Our embedded admin app uses session cookies essential for maintaining your authenticated session within the SHOPLINE iframe. No third-party tracking cookies are used.
- Storefront (Quick Order Page): The public Quick Order page does not set any cookies. It operates as a stateless iframe embedded on your store.
- SHOPLINE Platform: SHOPLINE itself may use cookies. Please refer to SHOPLINE's Privacy Policy for details.
9. Third-Party Services
The App integrates exclusively with the SHOPLINE platform. We do not integrate with any third-party analytics, advertising, or tracking services. The App's UI uses Bootstrap and Bootstrap Icons loaded from CDN (jsDelivr), which may log standard HTTP access information.
10. Children's Privacy
Our App is designed for B2B/wholesale merchants and is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. Changes will be posted on this page with an updated "Last updated" date. Continued use of the App after changes constitutes acceptance of the updated policy.
12. Contact Information
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
- Email: pixiestoresupport@gmail.com
- App URL: https://spquickorderpage.pixiestore.in