Privacy Policy
This Privacy Policy describes how Dostavi.bg (“we”, “us”, “our”) collects, uses, stores, and deletes information when merchants install and use our Shopify embedded application (“the App”).
1. Who we are
Dostavi.bg is a Shopify app for delivery configuration, pre-checkout delivery selection, checkout shipping alignment, and carrier label generation.
Questions about this policy: support@adfeedstudio.com
2. Information we collect
When you install or use the App, we may process:
-
Shop and account identifiers — your
*.myshopify.comdomain, Shopify shop ID, and OAuth access tokens required to call the Shopify Admin API on your behalf. - App configuration — carrier connection settings, shipping rate mappings, delivery profiles, billing/plan state, theme and checkout customization settings, and other options you save in the admin.
- Order and fulfillment data — Shopify order IDs, order numbers, line items, weights, shipping lines, fulfillment status, and related fields received via Shopify APIs and webhooks.
- Buyer delivery information — names, phone numbers, email addresses, shipping addresses, selected office or locker points, delivery type, carrier choice, payment method selection (for example card or cash on delivery), and cart/checkout attributes written by the App during the delivery flow. This data is needed to quote shipping, prefill checkout where supported, generate labels, and submit shipments to carriers.
- Carrier integration data — API credentials and shipment/label payloads you authorize us to send to courier partners (such as Econt, Speedy, or BoxNow) when you create or sync labels.
-
Storefront session data (buyer device) — the theme
extension may store non-sensitive preferences (for example last
selected destination country or in-progress address fields) in the
buyer’s browser
sessionStorageuntil the tab session ends. This stays on the buyer’s device and is not sent to us as a separate database record except when included in cart or order data you submit to Shopify. - Operational logs — request, webhook, job, and error logs (shop domain, order IDs, timestamps) for reliability, security, and support. Logs are not used for advertising.
3. Information we do not collect
- Payment card numbers — subscription and checkout payments are handled by Shopify; we do not process card data.
- Buyer passwords or Shopify account credentials for your staff or customers.
4. How we use information
We use the information above solely to:
- Provide, operate, and improve the App’s delivery and label features;
- Quote shipping and align checkout options with the buyer’s selection;
- Create and track carrier labels and fulfillment events you request;
- Enforce plan limits and billing through Shopify;
- Respond to support requests and fix errors;
- Comply with legal obligations and Shopify platform requirements.
We do not sell merchant or buyer personal data for advertising.
5. Legal bases (EEA/UK merchants)
Where applicable, we process data to perform our contract with you (providing the App), based on your instructions as data controller for buyer order and delivery data, and where necessary for legitimate interests in securing and improving the service.
6. Sharing and subprocessors
We may share data only as needed to run the App:
- Shopify — platform APIs, authentication, billing, checkout, and webhooks.
- Courier partners — when you connect a carrier and create or sync shipments/labels (for example Econt, Speedy, BoxNow).
- Infrastructure providers — hosting, database, queue, and backup services that store encrypted data at rest on servers we operate or contract.
We require subprocessors to protect data consistent with this policy and applicable law.
7. Retention and deletion
- Data is retained while the App is installed and as needed to provide the service.
- When you uninstall the App, we mark your shop as uninstalled and stop routine processing.
-
Shopify sends mandatory GDPR webhooks (
customers/data_request,customers/redact,shop/redact). We export or delete buyer personal data on orders we store when required by those webhooks. -
After
shop/redact, we delete remaining shop-level data from our systems, including tenant records, configuration, and associated order copies, within the timeframe required by Shopify’s partner policies. - Backups may persist for a limited period before automatic purge.
8. Security
We use HTTPS/TLS for data in transit, access controls on production systems, and Shopify’s required webhook HMAC verification. Carrier credentials are stored encrypted or otherwise protected at the application layer. No method of transmission or storage is 100% secure; contact us if you suspect unauthorized access.
9. Your rights and Shopify GDPR webhooks
Merchants may request access, correction, or deletion of shop-level data by contacting support@adfeedstudio.com or uninstalling the App (which triggers Shopify’s redaction flow).
Where we store buyer personal data on your orders, we respond to Shopify
customers/data_request and customers/redact
webhooks as required. You remain responsible for your privacy obligations
to your customers under applicable law.
10. International transfers
If you access the App from outside the country where our servers are located, your information may be transferred internationally. We take steps to ensure appropriate safeguards where required by law.
11. Changes to this policy
We may update this page from time to time. The “Effective date” above will change when we do. Continued use of the App after an update means you accept the revised policy.
12. Contact
Email:
support@adfeedstudio.com
Policy:
https://dostavi.bg/privacy-policy
App:
https://delivery-prd.adfeedstudio.com