← Back to Home

Privacy Policy

Last Updated: November 2024

At Nomad Flows, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Shopify application for post-purchase shipment tracking and email automation.

By using Nomad Flows, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our service.

Information We Collect

Customer Data (from Shopify Orders)

When merchants use our app, we collect the following customer information from fulfilled orders:

  • Customer Name - To personalize tracking notifications
  • Customer Email - To send shipment status updates via Klaviyo
  • Order ID - To link shipments to orders
  • Tracking Number - To monitor shipment status

Merchant Data

We collect the following information from merchants who install our app:

  • Store Domain - To identify your Shopify store
  • Access Token - For secure API authentication
  • Email Address - For account management and support

Data We Do NOT Collect

  • Credit card or payment information
  • Social security numbers or government IDs
  • Shipping addresses (only tracking numbers)
  • Phone numbers
  • Passwords (managed by Supabase Auth)
  • Browsing behavior or analytics on customers

How We Use Your Information

We use the collected information solely for the following purposes:

  • Shipment Tracking - Monitor package status across 150+ carriers
  • Email Notifications - Send branded tracking updates through Klaviyo
  • Customer Service - Help merchants resolve delivery issues
  • Service Improvement - Analyze delivery patterns to improve our service

We do NOT sell, rent, or trade your data. We do NOT use customer data for advertising or marketing purposes beyond transactional shipment notifications.

Third-Party Services

We work with the following trusted service providers to deliver our service:

Shopify

Order data source and app platform

SOC 2 & GDPR Compliant

TrackingMore

Shipment tracking across 150+ carriers

GDPR Compliant

Klaviyo

Email delivery for tracking notifications

SOC 2 & GDPR Compliant

Supabase

Secure database hosting

SOC 2 & GDPR Compliant

Vercel

Application hosting

SOC 2 & ISO 27001

We have Data Processing Agreements (DPAs) with all service providers that include GDPR compliance clauses, security requirements, and data deletion obligations.

Data Security

We implement industry-standard security measures to protect your data:

🔐

Encryption at Rest

All data encrypted with AES-256

🔒

Encryption in Transit

TLS 1.2+ for all connections

🛡️

Row Level Security

Merchants can only access their own data

HMAC Validation

All webhooks verified for authenticity

Data Retention

We retain data only as long as necessary to provide our services:

Data TypeRetention Period
Shipment Data90 days after delivery
Customer Information90 days after order completion
Webhook Logs90 days
Merchant Account DataAccount lifetime + 30 days after deletion

When a merchant uninstalls the app, we retain their data for a 30-day grace period, after which all data is permanently deleted.

Your Rights (GDPR & CCPA)

You have the following rights regarding your personal data:

Right to Access

Request a copy of your personal data we hold

Right to Rectification

Request correction of inaccurate data

Right to Erasure

Request deletion of your personal data

Right to Portability

Receive your data in a standard format (JSON)

Right to Object

Opt-out of tracking emails via unsubscribe links

Right to Non-Discrimination

Exercise your rights without penalty (CCPA)

To exercise any of these rights, please contact us at contact@shipnomad.com. We will respond within 30 days.

Cookies

We use essential cookies only for authentication and session management. These cookies are necessary for the app to function and cannot be disabled.

  • Authentication Cookies - HTTP-only, secure cookies for login sessions
  • Session Cookies - Temporary cookies that expire when you close your browser

We do NOT use tracking cookies, advertising cookies, or third-party analytics cookies.

Children's Privacy

Our service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal data, please contact us.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify merchants of any material changes by posting the new policy on this page and updating the "Last Updated" date.

Continued use of our service after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Email: contact@shipnomad.com

Company: Nomad Flows (NomadFlows)

Developer: Bekzod Usmanov

Location: United States

Response Time: Within 48 hours

Compliance

GDPR Compliant
CCPA Compliant
Shopify Data Protection