Privacy Policy

1. Data we collect

When you connect your store or social accounts to MyEcomERP, we access and store the following data:

From Shopify:

• Store information (store name, domain, email, currency, timezone)
• Order data (order details, line items, amounts, shipping addresses, customer names, emails, and phone numbers)
• Product data (titles, descriptions, prices, inventory levels, images, SKUs)
• Fulfillment data (tracking numbers, fulfillment status, courier information)
• Customer data (names, email addresses, phone numbers, shipping addresses)

From Facebook and Instagram:

• Page and account information (page name, page ID, profile picture)
• Messenger conversations and direct messages sent to your connected pages
• Comments on your posts and your replies
• No content is posted or published on your behalf — we provide read and reply access only

From you directly:

• Account registration details (name, email, password)
• Business information (business name, address, phone number)
• Courier account configurations and credentials

2. How we use your data

We use the collected data solely to provide the MyEcomERP platform functionality:

• Syncing and managing orders between your e-commerce store and our dashboard
• Booking shipments with courier partners and tracking delivery status
• Reconciling cash-on-delivery (COD) payments from courier partners
• Displaying and replying to customer messages and comments from your social accounts
• Generating financial reports, analytics, and profit/loss statements
• Managing product inventory across your store and our platform

We do not sell, rent, or share your data with third parties for marketing purposes. We do not use your data for advertising. We do not use your customers' data for any purpose other than providing our services to you.

3. Data storage and security

• All data is stored in encrypted databases hosted on Amazon Web Services (AWS) infrastructure
• Shopify access tokens and social media access tokens are encrypted at rest using AES-256-GCM encryption
• Tokens and credentials are stored server-side only and are never exposed to browser clients
• All API communications use HTTPS/TLS encryption in transit
• Webhook payloads are verified using HMAC signature validation before processing
• Access to merchant data is scoped per tenant — each merchant can only access their own data

4. Data retention

• We retain your data for as long as your account is active and you are using our services
• If you disconnect your Shopify store (or uninstall our app), we retain order and financial data for your records but remove stored access tokens
• 48 hours after app uninstallation, Shopify may request deletion of all shop data via a compliance webhook, at which point we anonymize all customer personal information associated with that store
• If you disconnect your social accounts, we remove stored access tokens immediately. Message history is retained for your records unless you request deletion

5. Data subject rights (GDPR compliance)

If you or your customers wish to exercise data protection rights, we support the following:

• Right to access: You can request a copy of the personal data we hold. Contact us and we will provide it within 30 days
• Right to deletion: You can request deletion of personal data. We will anonymize customer-identifying information while retaining non-personal financial records (order totals, courier charges) needed for accounting
• Right to rectification: You can update your account information at any time through our platform
• Right to data portability: You can export your data through our platform's reporting features

We comply with Shopify's mandatory compliance webhooks:

• Customer data request (customers/data_request) — we log and fulfill data access requests within 30 days
• Customer data erasure (customers/redact) — we anonymize the specified customer's personal information across all records for that store
• Shop data erasure (shop/redact) — we anonymize all customer data and remove store credentials upon merchant uninstallation

6. Third-party services

We integrate with the following third-party services to provide our functionality:

• Shopify — for e-commerce store data synchronization (governed by Shopify's API Terms of Service)
• Meta (Facebook/Instagram) — for social messaging and engagement (governed by Meta's Platform Terms)
• Courier partners (PostEx, Fly Courier, Leopards, TCS, Pakistan Post) — for shipment booking and tracking
• Amazon Web Services — for infrastructure and data hosting

Each third-party service has its own privacy policy. We only share the minimum data necessary for each integration to function.

7. Cookies

MyEcomERP uses essential cookies for authentication and session management. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

8. Children's privacy

MyEcomERP is a business-to-business platform. We do not knowingly collect data from children under 18. If you believe a child has provided us with personal data, please contact us and we will delete it.

9. Changes to this policy

We may update this privacy policy from time to time. We will notify registered users of significant changes via email or through our platform. The "last updated" date at the top of this page indicates when the policy was last revised.

10. Contact us

If you have questions about this privacy policy, wish to exercise your data rights, or have concerns about how we handle your data:

Email: support@myecomerp.com

Website: https://myecomerp.com