SmartImportBack to Home

Privacy Policy

Last updated: April 7, 2026

This Privacy Policy describes how SmartImport ("we," "us," or "our") collects, uses, discloses, and protects the personal information of merchants ("you" or "your") and their customers when you install and use the SmartImport application (the "App") available through the Shopify App Store.

By installing or using the App, you agree to the collection and use of information in accordance with this policy. If you do not agree with this policy, please do not install or use the App.

1. Information We Collect

1.1 Information Collected From Merchants

When you install and use SmartImport, we collect the following information directly from you and your Shopify store:

  • Account Information: Your Shopify store name, store URL, store owner name, email address, and preferred language.
  • Store Configuration: Your Shopify plan type, currency settings, and product field configurations relevant to the import process.
  • Billing Information: Payment and subscription status as processed through the Shopify Billing API. We do not store credit card numbers or banking details directly.
  • Communication Data: Any information you provide when contacting our support team, including email correspondence, support tickets, and feedback submissions.

1.2 Information Collected Through Shopify APIs

To provide the core functionality of the App, we access certain data from your Shopify store through Shopify's authenticated APIs:

  • Product Data: Product titles, descriptions, prices, SKUs, inventory quantities, images, variants, metafields, tags, and other product-related fields necessary for import and export operations.
  • Collection Data: Collection titles and product associations, when relevant to your import operations.
  • Shop Data: Basic shop configuration data required to validate and format import data correctly for your store.

1.3 Information Collected From Your Customers

SmartImport does not directly collect personal information from your store's customers. However, if your uploaded CSV or Excel files contain customer-related data (such as customer names, email addresses, shipping addresses, or order information), that data will be temporarily processed as part of the import operation.

1.4 Automatically Collected Information

When you interact with the App, we automatically collect:

  • Usage Data: Features used, import frequency, file sizes, error rates, and general usage patterns to improve the App.
  • Log Data: IP address, browser type, operating system, referring URLs, access times, and pages viewed within the App interface.
  • Device Information: Device type, screen resolution, and browser version for compatibility and troubleshooting purposes.
  • Cookies and Similar Technologies: We use essential cookies to maintain your session state and preferences within the App. We do not use third-party advertising or tracking cookies.

2. How We Use Your Information

We use the information we collect for the following purposes:

2.1 Providing and Maintaining the App

  • Parsing, validating, and transforming your uploaded CSV and Excel files.
  • Auto-mapping column headers to the correct Shopify product fields.
  • Detecting and reporting data errors in your import files.
  • Executing product imports, updates, and synchronization with your Shopify store.
  • Generating import history reports and rollback snapshots.

2.2 Improving the App

  • Analyzing usage patterns to identify areas for improvement and new features.
  • Diagnosing technical issues, bugs, and performance bottlenecks.
  • Conducting aggregated, anonymized analytics to understand general usage trends.

2.3 Communication

  • Sending transactional emails related to your account, import status, or subscription.
  • Responding to your support inquiries and providing technical assistance.
  • Notifying you of material changes to the App, this Privacy Policy, or our Terms of Service.

2.4 Legal and Compliance

  • Complying with applicable laws, regulations, and legal processes.
  • Enforcing our Terms of Service and protecting our rights and property.
  • Detecting, preventing, and addressing fraud, security issues, or technical problems.

3. How We Share Your Information

We do not sell, rent, or trade your personal information to third parties. We may share your information only in the following circumstances:

3.1 Service Providers

We may share information with trusted third-party service providers who assist us in operating the App, including:

  • Cloud Infrastructure Providers: For hosting, data storage, and computing services.
  • Analytics Providers: For aggregated, anonymized usage analytics.
  • Customer Support Tools: For managing support tickets and communication.

All service providers are contractually bound to protect your data at a level at least as protective as this Privacy Policy and Shopify's API Terms of Use. They may only use your data to provide services to us and for no other purpose.

3.2 Legal Requirements

We may disclose your information if required to do so by law or in response to valid legal processes, such as a court order, subpoena, or government investigation.

3.3 Business Transfers

In the event of a merger, acquisition, bankruptcy, or sale of all or a portion of our assets, your personal information may be transferred as part of that transaction. We will notify you via email or a prominent notice within the App before your information is transferred and becomes subject to a different privacy policy.

3.4 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so.

4. Data Retention

4.1 Uploaded Files

CSV and Excel files you upload to SmartImport are processed in-memory and are not stored permanently on our servers. Uploaded file data is automatically deleted after your import session ends or within 24 hours of upload, whichever comes first.

4.2 Import History and Snapshots

Import history records and rollback snapshots are retained for 90 days from the date of the import. After this period, they are automatically and permanently deleted.

4.3 Account Information

We retain your account information for as long as the App is installed on your Shopify store. When you uninstall the App, we will delete all of your store data within 48 hours in compliance with Shopify's shop/redact webhook requirements.

4.4 Usage Logs

Aggregated and anonymized usage logs may be retained for up to 12 months for analytical purposes. These logs do not contain personally identifiable information.

4.5 Support Communications

Support ticket records and email correspondence are retained for 24 months after the last interaction, after which they are permanently deleted.

5. Data Security

We implement industry-standard security measures to protect your information:

  • Encryption in Transit: All data transmitted between your browser, our servers, and the Shopify API is encrypted using TLS 1.2 or higher.
  • Encryption at Rest: Stored data, including import snapshots and account information, is encrypted using AES-256 encryption.
  • Access Controls: Access to personal data is restricted to authorized personnel who require it to perform their job functions. All access is logged and audited.
  • Infrastructure Security: Our infrastructure is hosted on SOC 2 Type II certified cloud providers with regular security assessments and penetration testing.
  • Incident Response: We maintain a documented incident response plan. In the event of a data breach, we will notify affected merchants and Shopify promptly and take all reasonable steps to mitigate harm.

While we strive to use commercially acceptable means to protect your personal information, no method of transmission over the Internet or method of electronic storage is 100% secure.

6. Shopify-Specific Data Handling

6.1 Shopify API Compliance

SmartImport accesses your store data exclusively through Shopify's authenticated APIs. We comply fully with Shopify's API License and Terms of Use, including:

  • Data Minimization: We only request access to the minimum data necessary to provide the App's functionality (product data and basic shop information).
  • Purpose Limitation: Data accessed through Shopify APIs is used solely for the purpose of providing the import and data management features described in this policy.
  • No AI/ML Training: We do not use merchant data, customer data, or any data derived from it to train artificial intelligence or machine learning models unless you provide explicit written consent.

6.2 Mandatory Privacy Compliance Webhooks

In compliance with Shopify's requirements and applicable privacy laws (including GDPR and CCPA), SmartImport implements the following mandatory webhooks:

  • customers/data_request: When a customer requests access to their stored data, we process the request and provide all relevant data we hold within 30 days.
  • customers/redact: When a customer requests deletion of their data, we permanently erase all associated data from our systems within 30 days.
  • shop/redact: When you uninstall the App, we delete all data associated with your shop from our systems within 48 hours.

6.3 Protected Customer Data

If your import files contain protected customer data (such as names, email addresses, or physical addresses), this data is:

  • Processed only in-memory during the active import session.
  • Never stored on our servers beyond the active session.
  • Never shared with any third party.
  • Encrypted during transit and processing.

7. Your Rights and Choices

Regardless of your location, we extend the following rights to all merchants and their customers:

7.1 Right of Access

You have the right to request a copy of the personal information we hold about you. To submit a data access request, contact us at the email address listed below.

7.2 Right to Rectification

You have the right to request that we correct any inaccurate or incomplete personal information we hold about you.

7.3 Right to Erasure (Right to Be Forgotten)

You have the right to request that we delete your personal information. Upon receiving a valid deletion request, we will erase the requested data within 30 days, except where retention is required by law.

7.4 Right to Restrict Processing

You have the right to request that we limit or stop processing your personal information under certain circumstances.

7.5 Right to Data Portability

You have the right to request that we provide your personal data in a structured, commonly used, and machine-readable format.

7.6 Right to Object

You have the right to object to the processing of your personal information for direct marketing or other legitimate interest purposes.

7.7 Right to Withdraw Consent

Where we process data based on your consent, you may withdraw that consent at any time without affecting the lawfulness of processing carried out before withdrawal.

7.8 Right to Opt-Out of Sale/Sharing

We do not sell or share your personal information for cross-context behavioral advertising. If this changes, we will provide a clear opt-out mechanism.

To exercise any of these rights, please contact us using the information provided in Section 12.

8. International Data Transfers

SmartImport processes data in the United States. If you are located outside the United States, your data will be transferred to and processed in the United States. We ensure that appropriate safeguards are in place for such transfers, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission.
  • Data Processing Agreements with all sub-processors that include adequate protections for cross-border transfers.
  • Compliance with any additional requirements under Shopify's Data Processing Addendum.

9. GDPR Compliance (European Economic Area)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, the following additional provisions apply:

9.1 Legal Basis for Processing

We process your personal data under the following legal bases:

  • Contract Performance: Processing necessary to provide the App's services as described in our Terms of Service.
  • Legitimate Interests: Processing necessary for our legitimate business interests, such as improving the App and preventing fraud, where these interests are not overridden by your rights.
  • Legal Obligation: Processing necessary to comply with applicable laws and regulations.
  • Consent: Where required, we will obtain your explicit consent before processing.

9.2 Data Protection Officer

For questions about our data protection practices or to exercise your rights under the GDPR, you may contact us using the information in Section 12.

9.3 Supervisory Authority

You have the right to lodge a complaint with your local data protection supervisory authority if you believe your data is being processed unlawfully.

10. CCPA/CPRA Compliance (California Residents)

If you are a California resident, the following additional provisions apply under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

10.1 Categories of Personal Information Collected

| Category | Examples | Collected | |----------|----------|-----------| | Identifiers | Name, email, store URL | Yes | | Commercial Information | Import history, subscription status | Yes | | Internet Activity | Usage data, log data | Yes | | Professional Information | Store name, business type | Yes | | Sensitive Personal Information | N/A | No |

10.2 Your California Privacy Rights

  • Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you.
  • Right to Delete: You may request deletion of your personal information.
  • Right to Correct: You may request correction of inaccurate personal information.
  • Right to Opt-Out: We do not sell personal information. We do not share personal information for cross-context behavioral advertising.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

10.3 Other US State Privacy Laws

We also comply with privacy laws in other US states, including Colorado (CPA), Virginia (VCDPA), Connecticut (CTDPA), and other applicable state privacy legislation. Residents of these states may exercise similar rights as described above.

11. Children's Privacy

SmartImport is a business-to-business application designed for Shopify merchants. We do not knowingly collect personal information from children under the age of 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete that information promptly.

12. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your data rights, or need to report a data concern, please contact us:

  • Email: smartimport@baruzotech.com
  • Support: smartimport@baruzotech.com
  • Response Time: We aim to respond to all privacy-related inquiries within 5 business days and fulfill data rights requests within 30 days.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

  • Update the "Last updated" date at the top of this page.
  • Notify you via email or through a notice within the App at least 30 days before the changes take effect.
  • Provide you with the opportunity to review the updated policy before it becomes effective.

Your continued use of the App after the effective date of any changes constitutes your acceptance of the updated Privacy Policy. If you do not agree with the changes, you should uninstall the App.