IF
InvoiceForge
Legal

Privacy Policy

Last updated: May 18, 2026

This Privacy Policy explains how InvoiceForge (“InvoiceForge”, “we”, “us”, or “our”) collects, uses, stores, and protects information when you install and use our Shopify application (the “App”).

We are committed to protecting your privacy and complying with applicable data protection laws, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and Shopify’s data protection requirements.

1. Information We Collect

1.1 Merchant Information

When you install the App, we automatically collect the following information from your Shopify store:

  • Shop domain (e.g., example.myshopify.com)
  • Shop name, email, country, currency, and timezone
  • Shopify session and OAuth access tokens
  • Subscription and billing status

1.2 Order and Customer Data

To generate invoices, packing slips, and other documents, the App processes order data from your Shopify store, which may include:

  • Order details (order number, date, line items, totals, taxes, discounts, fulfillment status)
  • Customer name, billing address, shipping address, and email address
  • Product information (titles, SKUs, prices, variants)

We process customer data solely to provide the App’s functionality. We do not sell customer data, share it with third parties for marketing purposes, or use it for any purpose unrelated to document generation and delivery.

1.3 Application Data

We also store data you create within the App, including:

  • Document templates you build or customize
  • App settings and preferences
  • Generated PDF files (stored temporarily in encrypted cloud storage)
  • Email delivery logs (recipient address, subject, timestamp, status)

1.4 Technical Data

We collect limited technical information automatically, such as IP addresses, browser type, and error logs, to maintain security and improve App performance.

2. How We Use Your Information

We use the information we collect to:

  • Generate invoices, receipts, packing slips, credit notes, quotes, and proforma documents
  • Send generated documents to customers via email on your behalf
  • Provide automation rules (auto-generate on order events such as paid, fulfilled, refunded)
  • Export accounting data to formats like QuickBooks, Xero, or CSV
  • Maintain, troubleshoot, and improve the App
  • Comply with legal obligations

3. How We Store and Protect Your Data

  • Encryption in transit: All data is transmitted over HTTPS/TLS.
  • Encryption at rest: Data stored in our databases and object storage is encrypted at rest.
  • Access controls: Access to merchant data is restricted to authorized personnel and logged.
  • Tenant isolation: Each merchant’s data is logically scoped and isolated from other merchants.
  • Hosting: We host data on reputable cloud providers (Supabase, Hostinger, Resend) with industry-standard security certifications.

4. Data Sharing and Third Parties

We do not sell your data. We share data only with the following service providers, strictly for App functionality:

  • Shopify: The platform we integrate with.
  • Supabase: Database and file storage hosting.
  • Resend / AWS SES: Email delivery infrastructure for sending customer documents.
  • Hosting providers: Application hosting and infrastructure.

Each of these providers is bound by data processing agreements and applicable security and privacy standards.

5. Data Retention

We retain your data only as long as your store has the App installed, plus a short grace period for backups and uninstall recovery.

  • When you uninstall the App, we automatically schedule deletion of your shop data within 48 hours and complete deletion within 30 days, as required by Shopify’s GDPR webhooks.
  • Customer data deletion requests (via Shopify’s customers/redact webhook) are processed within 30 days.
  • Customer data access requests (via the customers/data_request webhook) are responded to within the required timeframe.

6. Your Rights (GDPR / CCPA)

If you or your customers are located in the EU, UK, or California, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Object to or restrict processing
  • Request a copy of your data in a portable format
  • Lodge a complaint with a data protection authority

To exercise any of these rights, contact us at the address below. Merchants can also request data deletion by uninstalling the App.

7. Cookies and Tracking

The App uses session cookies strictly required for authentication with Shopify. We do not use third-party analytics, advertising trackers, or cross-site tracking cookies inside the embedded App.

8. Children’s Privacy

The App is intended for use by Shopify merchants and is not directed to children under 16. We do not knowingly collect data from children.

9. Changes to This Policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top reflects the latest revision. Material changes will be communicated to active merchants via email or in-app notice.

10. Contact Us

For questions about this Privacy Policy or to exercise your data rights, contact:

InvoiceForge Support

Email: invoiceforge@addoneplugins.com

We aim to respond within 5 business days.