Privacy Policy

The Gist

Below is our privacy policy for Noteable ("The App"). If you have an issue, always feel free to email us at support@getnoteable.com and we'll do our best to resolve it in a fair and timely fashion.

The App provides personalized note templates and PDF generation for orders (“the Service”) to merchants who use Shopify to power their stores. This Privacy Policy describes how personal information is collected, used, and shared when you install or use the App in connection with your Shopify-supported store.

Personal Information the App Collects

When you install the App, we are automatically able to access certain types of information from your Shopify account:

• Using the Order API to obtain orders
• Using the Customer API to obtain customers
• Using webhooks to receive changes to order states

Data Protection and Security

We are committed to protecting the privacy and security of the personal information we collect. We employ the following data protection mechanisms to safeguard sensitive data:

1. Encryption: All data is encrypted both in transit and at rest using industry-standard encryption protocols (e.g., TLS/SSL and AES-256 encryption). This ensures that unauthorized parties cannot access the data while it is being transmitted or stored.
2. Access Control: We implement strict access control mechanisms to ensure that only authorized personnel have access to sensitive data. This includes role-based access controls (RBAC), requiring authentication and secure login credentials.
3. Data Minimization: We limit the collection of personal information to the data that is necessary to provide our services. Sensitive information is only collected and processed to the extent required for operational and legal purposes.
4. Data Anonymization and Masking: Where possible, we anonymize or mask sensitive data (e.g., customer order details, IP addresses) to reduce the risk of misuse or accidental exposure.
5. Audit Logging: All access to sensitive data is logged and monitored to detect any unauthorized access or suspicious activity. Regular audits are conducted to ensure compliance with data protection regulations.
6. Compliance with GDPR and CCPA: We comply with all applicable data protection regulations, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). Our data processing practices include ensuring that customers have access to their rights to view, correct, delete, or limit the processing of their personal information.

Sensitive Data Handling

Noteable does not collect or process sensitive personal data (such as health, financial, or government-issued identification numbers) unless required by law. If such data is collected, it is subject to enhanced security measures as outlined above.

Cookies

For more information about cookies, and how to disable cookies, visit http://www.allaboutcookies.org. "Log files" track actions occurring on the Site, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps. "Web beacons," "tags," and "pixels" are electronic files used to record information about how you browse the Site.

How Do We Use Your Personal Information?

We use the personal information we collect from you and your customers in order to provide the Service and to operate the App. Additionally, we use this personal information to: Communicate with you; Optimize or improve the App; and Provide you with information or advertising relating to our products or services.

Sharing Your Personal Information

We do not share data with third parties. We may share your Personal Information to comply with applicable laws and regulations, to respond to a subpoena, search warrant, or other lawful request for information we receive, or to otherwise protect our rights.

Your Rights

If you are a European resident, you have the right to access personal information we hold about you and to ask that your personal information be corrected, updated, or deleted. If you would like to exercise this right, please contact us.

Additionally, if you are a European resident we note that we are processing your information in order to fulfill contracts we might have with you (for example if you make an order through the merchant’s Site), or otherwise to pursue our legitimate business interests listed above. Additionally, please note that your information will be transferred outside of Europe, including to Canada and the United States.

Data Retention

We do not retain any data longer than necessary for the purposes outlined in this privacy policy.

Changes

We may update this privacy policy from time to time in order to reflect, for example, changes to our practices or for other operational, legal or regulatory reasons.

Contact Us

For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by e-mail at support@getnoteable.com.