Privacy Policy — InsureParcel Shipping Protection

Privacy Policy — InsureParcel Shipping Protection (Shopify App)

Effective date: October 16, 2025
Company: Flocode Solutions (“we”, “our”, “us”)
Contact: flocodesolutions@gmail.com

1) Who we are

InsureParcel Shipping Protection (the “App”) lets Shopify merchants add a shipping-protection fee to orders and manage loss/damage claims in their dashboard. We are not an insurance company and do not underwrite coverage. The App enables merchants to run their own claim workflow and fee collection.

2) Roles under data protection laws

  • Merchants are the Data Controllers of their store’s customer information (“Customer Data”).
  • We act as a Data Processor/Service Provider for Customer Data, processing it on the merchant’s instructions to run the App.
  • For our own business data (e.g., billing, support), we are a Data Controller.

This policy covers both Merchant Data and Customer Data.

3) Information we collect

A) From merchants (“Merchant Data”)

  • Shop & owner info: shop domain, store name, owner name, email, country, plan, billing status.
  • App configuration: fee rules (fixed/percent), widget settings, claim policy text, branding assets.
  • Operational & usage: logs of App actions, feature usage, timestamps, device/browser metadata, IP (security/abuse prevention).
  • Support content: messages, attachments, and related metadata.

B) From merchant customers (“Customer Data”, processed on merchant’s behalf)

  • Order context: order ID, line items, quantities, prices, shipping method, currency, discounts, shipping country/region (we avoid full addresses unless needed for claims).
  • Contact details: name and email (for claim updates, if enabled).
  • Protection selection: whether fee was added/waived, fee amount.
  • Claims materials: form fields (incident description, dates), uploaded proof (photos/PDFs), claim status/history.
  • Technical signals: IP and basic device/browser metadata strictly for security, fraud checks, reliability.

We do not collect or store payment card numbers. Shopify/the payment gateway processes payments.

4) Sources

  • Shopify APIs & webhooks (install/uninstall, orders, checkouts, embeds).
  • Merchant content (claim policies, settings).
  • Customer submissions (claim forms, evidence).
  • Automatic collection via App scripts (limited technical data).

5) Purposes & legal bases

  1. Provide the App (configure fee logic, render widgets, record selections, manage claims). (Contract/Legitimate interests)
  2. Operate claims (intake, review, status updates, audit trails). (Contract/Legitimate interests)
  3. Support & communications (answer questions, service notices). (Contract/Legitimate interests)
  4. Security & fraud prevention (access controls, anomaly detection). (Legitimate interests)
  5. Compliance (tax, accounting, legal requests). (Legal obligation)
  6. Product improvement & analytics (aggregate/anonymous metrics; no use of identifiable Customer Data for marketing). (Legitimate interests/Consent where required)

6) Shopify permissions (scopes)

Depending on your setup, we may request minimal necessary scopes such as:
Orders/Checkouts (read), Script tags/App embeds, Theme/Online Store UI extensions (read), Customers (read, optional), and Webhooks. Exact scopes are shown during install and in Shopify admin.

7) Cookies & similar tech

We may use strictly necessary cookies/local storage to remember fee selections, prevent duplicates, and keep claim-portal sessions. Merchant-facing pages may use performance/analytics cookies; where required by law, consent is requested.

8) Data sharing & subprocessors

We do not sell personal data. We share data only with:

  • Cloud hosting & infrastructure (hosting, DB, CDN),
  • Email/notification services (claim updates, system emails),
  • Error monitoring & logging, and
  • Merchant-side analytics (feature usage).

All providers are bound by data-processing agreements. A current list is available on request at flocodesolutions@gmail.com. We may disclose data if required by law, to protect rights/safety, or during a business transfer (with notice where feasible).

9) International transfers

Data may be processed outside your country. Where required, we use safeguards (e.g., EU Standard Contractual Clauses, UK Addendum). Details available on request.

10) Security

We use administrative, technical, and physical safeguards, including TLS in transit, encryption at rest where supported, least-privilege access, audit logging, backups, and vulnerability management. No method is 100% secure; we continually improve our posture.

11) Retention & deletion

  • Customer Data: kept only as needed to run the App and manage claims, then deleted or irreversibly anonymized. By default we begin deletion within 45 days after uninstall or a merchant’s written request, subject to lawful retention needs.
  • Merchant Data: retained while the App is active and for necessary business/legal recordkeeping thereafter.

On uninstall, Shopify’s app/uninstalled webhook triggers our cleanup process. Merchants can also email flocodesolutions@gmail.com for deletion requests.

12) Privacy rights

Merchants: Access, correct, export, or delete Merchant Data by emailing flocodesolutions@gmail.com (note: deleting essential data may disable the App).

Merchant customers: Please contact the merchant (store owner) to exercise rights (access, correction, deletion, portability, objection). We assist merchants with requests they forward to us.

Where applicable (EEA/UK/Switzerland), GDPR rights apply; in California, CCPA/CPRA rights apply (including know, delete, correct, opt-out of sale/share — we do not sell personal information). You may lodge a complaint with your local authority.

13) Children

The App is not intended for children under 16. If you believe a child provided data, contact us to delete it.

14) Merchant responsibilities

  • Disclose the shipping-protection fee and your claim terms to customers.
  • Obtain any required consents and respond to customer privacy requests.
  • Configure and use the App in compliance with applicable laws.
  • Insurance disclaimer: InsureParcel Shipping Protection is not an insurer and does not adjudicate, guarantee, or pay claims. Shipping-protection fees and any claim payouts belong to and are the responsibility of the merchant.

15) Third-party services

Your store may use third parties (carriers, email providers, payment gateways). Their practices are governed by their own privacy policies.

16) Changes

We may update this policy from time to time. We’ll post the revised version with a new “Effective date” and, where material, provide additional notice (e.g., email to the shop owner or in-app banner).

17) Contact

Email: flocodesolutions@gmail.com

Flocode Solutions