Privacy Practices (May 2018 update)

As a merchant collecting information from your customers, you may be concerned about complying with the European Union's new General Data Protection Regulation or GDPR. Those requirements extend to the outside services you use to process information from your online shop, including Shopify and Boxify.

In the course of providing our service, Shopify automatically sends to us personally identifiable information provided at checkout by your customers, typically including their names, email addresses, street addresses, and phone numbers. This transfer allows Boxify to perform its function of helping you to display accurate shipping rates. That information is retained in our server logs for a brief period, one to two weeks, so that we can monitor the operations of our systems, protect against abuse, and support merchants when they ask about their recent use of Boxify. But the information we are collecting and maintaining over a longer term about the activities we have undertaken for your shop contains no personally identifiable information about your customers. Nor do we ever sell, lease or barter such information with other companies. Our only interest in that information has been and always will be to perform the service that you expect from Boxify: to obtain accurate shipping rates to charge your customers.

When merchants install Boxify, they grant the app permission to read and write data associated with parts of their Shopify shops, permissions needed for Boxify to perform its various functions. When merchants un-install Boxify, we don't automatically remove the information associated with their accounts. As a courtesy, we keep all their information, including information merchants enter directly into Boxify about the sizes of their products and shipping boxes, in our database for a reasonable period, typically a few months. This allows merchants who later decide to re-install our app to pick up where they left off. If you are sure that you have ceased using Boxify for good and would like to have your user records deleted, we would be happy to do that. Just send a message to that effect to, and we will contact you to establish your identity and confirm your wishes in this regard.

The GDPR includes some difficult-to-interpret language that will no doubt take the e-commerce industry time to fully fathom and embrace. But at its heart is the simple desire to curtail the excessive collection and clandestine marketing of data about individuals who are using the Internet to obtain information, shop, meet, or otherwise carry out their daily lives. We applaud that effort and are committed to doing all it can to further that end.