Privacy Policy

UPN QR – Last updated: 2025-12-19

Data minimization Merchant-controlled Shopify App

1. Who we are

This Privacy Policy explains how the UPN QR Shopify app (“App”, “we”, “us”) processes information when installed and used by merchants on Shopify.

2. What the App does

The App generates UPN payment QR codes for eligible orders (for example, bank transfer orders) and can provide a QR image URL to be used in merchant workflows (such as emails).

3. Information we collect and process

We process the minimum information necessary to provide the App:

• Shop information: shop domain (e.g. example.myshopify.com) and app installation/session identifiers.
• App settings: payment parameters configured by the merchant (e.g. IBAN, recipient/company name, SWIFT/BIC, reference/purpose prefixes, QR generation mode).
• Order information (limited): order number and relevant details needed to generate the QR code. We do not need or store any payment details.
• Logs/diagnostics: technical logs (timestamps, errors) for debugging and reliability.

4. Files and generated QR images

The App generates QR images and stores them in the App’s storage so that they can be served by URL. QR images are associated with the merchant’s shop and order number.

5. How we use information

• To generate and serve UPN payment QR codes for orders.
• To store merchant-configured settings for consistent QR generation.
• To operate, maintain, and secure the App (monitoring, abuse prevention).

6. Sharing of information

We do not sell merchant or customer data. We share information only when required to operate the App, such as:

• Hosting/storage providers used to store and deliver QR images (e.g. object storage).
• Shopify as part of standard Shopify app operation (webhooks, authentication).
• Legal requirements if we must comply with applicable laws.

7. Data retention

• Shop settings are retained while the App is installed, unless deleted by the merchant or removed by us for compliance reasons.
• Generated QR images may be retained for a limited period to ensure links keep working (your app may remove them automatically after a defined retention window). QR codes are deleted automatically after 30 days.
• Uninstall: when the App is uninstalled, we delete shop-related settings and data where technically feasible and required.

8. Security

We implement reasonable administrative and technical safeguards to protect data, including access controls and encrypted transport (HTTPS).

9. Merchant responsibilities

Merchants are responsible for ensuring they have appropriate legal basis to process customer data and for configuring the App’s settings correctly.

10. Your choices

• Merchants can update or remove App settings at any time.
• Merchants can uninstall the App to stop further processing.

11. Contact

For privacy questions or requests, contact us at:
Email: [email protected]

This policy is provided for general informational purposes for the App. If you need strict compliance language for your jurisdiction (e.g., GDPR), you may want to have it reviewed by legal counsel.