Privacy Policy for Roxan labs Last Updated: November 17, 2025 This Privacy Policy describes how Roxan labs collects, uses, and shares information in connection with your use of our Shopify application (the "App"). When you, a Shopify merchant ("Merchant"), install our App, you are the Data Controller of your customers' personal information. We act as a Data Processor on your behalf, meaning we only process your customers' data according to your instructions and for the sole purpose of providing the App's services. 1. Information We Collect We collect the following information: Information from You (the Merchant): Your store's domain (e.g., your-store.myshopify.com). Your store's contact information. A Shopify Access Token (shpua_) that allows our App to securely communicate with your store's Admin API. The message templates and settings you configure within the App's dashboard. Information from Your Customers (Protected Customer Data): When an abandoned checkout is detected (via the CHECKOUTS_CREATE webhook), we receive the following information from Shopify: Customer's Name Customer's Phone Number Checkout details, including products in the cart and the checkout recovery URL. 2. How We Use Information We use the collected information for one purpose only: to provide the App's service. Merchant Information is used to connect your store to our service, authenticate API requests, and save your settings. Customer Information is used to automatically send the abandoned checkout reminder message you created to your customer's WhatsApp number. We do not and will not sell, rent, or share this data for our own marketing, advertising, or any other purpose not directly related to the App's function. 3. How We Share Information (Sub-processors) To provide our service, we must share limited information with third-party services (known as "sub-processors"). Automation Server (n8n): The customer's checkout data (name, phone number, message content) is sent to our private, secure automation server. This server processes the data and triggers the WhatsApp message. WhatsApp (Meta, Inc.): The customer's phone number and the message content are transmitted to the WhatsApp Business Platform to deliver the final message. We only share the minimum information necessary to perform the service. 4. Data Retention Merchant Data: We retain your store's domain, access token, and settings (message templates) for as long as you have the App installed. This data is deleted from our database within 30 days of you uninstalling the App. Customer Data: We operate as a "conduit" and do not store your customers' personal information (name, phone number, checkout details) in our database. This information is received, processed immediately by our automation server, and then discarded. We do not retain a log of your customers' personal data. 5. Data Security We take the security of your data seriously. We use industry-standard technical and organizational measures to protect the information we process. This includes using SSL/TLS for all data in transit, firewalls on our servers, and restricting access to data to only the personnel who need it to operate the service. 6. Your Rights and Your Customers' Rights (GDPR & CCPA) As the Merchant, you are the Data Controller and are responsible for handling your customers' data privacy requests. Our App is built to help you comply with these obligations. Access, Correction, Deletion: If one of your customers requests to see, correct, or delete their personal data, they must contact you (the Merchant). Mandatory GDPR Webhooks: Our App is fully compliant with Shopify's mandatory GDPR webhooks: customers/data_request: Upon receiving this webhook, we will provide any relevant data we hold for that customer. Since we do not store customer data, we will report that no data is held. customers/redact: Upon receiving this webhook, we will find and delete any customer data we might hold (which, per our retention policy, should be none). shop/redact: Upon receiving this webhook (or on App uninstall), we will delete all data associated with your store from our systems within the 30-day requirement. 7. Changes to This Policy We may update this Privacy Policy from time to time. If we make significant changes, we will notify you through the App's dashboard or by email. 8. Contact Us If you have any questions about this Privacy Policy or how we handle your data, please contact us at: ayyanniazi82@gmail.com