1. Who We Are
DrpShipr ("we", "us", "our") operates the DrpShipr Shopify application. We provide a dropshipping management platform that connects Shopify store owners with suppliers and handles order fulfilment, shipping, and payouts.
Contact: privacy@drpshipr.com
2. Data We Collect
When you install and use DrpShipr we collect:
- Store information — Shopify store domain, store name, currency, and timezone.
- Order data — Order IDs, order numbers, customer name, shipping address, phone number, email, order total, and product line items.
- Product data — Product SKUs, titles, images, and pricing that are needed to match and fulfil orders.
- Account information — Your name and email address when you register on our platform.
- OAuth access token — A Shopify-issued token that allows us to read orders and sync data on your behalf.
3. How We Use Your Data
- To sync and display your Shopify orders in the DrpShipr dashboard.
- To route orders to the appropriate supplier for fulfilment.
- To generate shipping labels and track shipments.
- To calculate and process payouts/remittances to dropshippers.
- To send operational notifications (e.g., order confirmed, shipped, NDR).
- To comply with legal obligations.
We do not sell your data or your customers' data to third parties.
4. Data Sharing
We share data only as necessary:
- Suppliers — Receive the shipping address and product details needed to pack and dispatch the order. Suppliers do not receive payment details.
- Shipping providers — (Shiprocket, FShip) receive name, address, phone, and AWB number to generate shipment labels.
- Payment gateways — (Cashfree) for payout processing; only payee bank details are shared.
- Infrastructure — We use Vercel (hosting), Neon (PostgreSQL database), and Cloudinary (image storage). Data is stored on servers in India/US.
5. Data Retention
- Order data is retained for 3 years for accounting and dispute purposes.
- If you uninstall the app, your store's access token is immediately revoked.
- You may request full data deletion by emailing privacy@drpshipr.com. We will delete all personal data within 30 days.
6. Customer Data (Your Shopify Customers)
We process your customers' personal data (name, address, phone) solely to fulfil their orders. We act as a data processor on your behalf. You remain the data controller responsible for informing your customers how their data is used.
GDPR / Data requests: If one of your customers requests their data or deletion, Shopify will notify us automatically through our mandatory GDPR webhooks. We will anonymise/delete the relevant order data within 30 days.
7. Security
- All data is transmitted over HTTPS/TLS.
- Access tokens are stored encrypted at rest in our database.
- Webhook payloads are verified using HMAC-SHA256 signatures.
- Access to production data is restricted to authorised team members only.
8. Your Rights
You have the right to:
- Access the personal data we hold about you.
- Request correction of inaccurate data.
- Request deletion of your account and associated data.
- Port your data in machine-readable format.
To exercise these rights, email privacy@drpshipr.com.
9. Cookies
We use a single session cookie to keep you logged in. This cookie is HTTP-only, secure, and contains no personally identifiable information beyond your session ID. We do not use tracking or advertising cookies.
10. Changes to This Policy
We may update this policy from time to time. Material changes will be notified via email or an in-app notification at least 7 days before they take effect.