Privacy Policy

Company & Contact Information

Entity: 2690292 Ontario Inc. (operating as Dash Checkout, DC Order Limits)

Primary Contact: hello@dashcheckout.io

Data Protection Officer: data@dashcheckout.io

Physical Address: 5345 Bullrush Drive, Mississauga, Ontario L5V1Z2, Canada

1. About Our App

Dash Checkout (also known as DC Order Limits) is a Shopify app that enables merchants to set purchase limits on their products. This privacy policy explains how we handle data in connection with our app.

2. Our Privacy-First Commitment

We believe in radical transparency about data practices. Here is exactly what we do and do not do with customer data:

What We DO NOT Do

• No Personal Data Storage: We do not store customer names, email addresses, physical addresses, phone numbers, or any other personal information in our database.
• No Third-Party Data Sharing: Customer data is never shared with, sold to, or accessed by any third-party services, analytics platforms, or marketing tools.
• No AI/ML Training: Customer data is never used to train artificial intelligence models, machine learning systems, or any automated decision-making systems.
• No Data Monetization: We do not monetize, analyze, or derive insights from customer data beyond enforcing the purchase limits merchants configure.

What We DO

• In-Transit Processing Only: When a customer places an order, we access their Shopify customer ID through Shopify's API solely to check against merchant-configured purchase limits. This data is processed in transit and not retained.
• Minimal Data Storage: We store only the unique Shopify customer ID (a numeric identifier) linked to purchase limit records. This ID alone cannot identify a person without access to the merchant's Shopify store.
• Automatic Deletion: All stored data is automatically deleted when a merchant uninstalls our app.

3. Information We Collect

Merchant Information

When merchants install our app, we collect and store:

• Shop domain
• Locale preferences

This information is used solely to provide app functionality and is not shared with third parties.

Customer Data Access

To enforce purchase limits, our app accesses customer data through Shopify's API. This includes read access to customer information such as customer IDs and purchase history. This access is necessary to track and enforce the purchase limits configured by merchants.

What We Store: We store only Shopify customer IDs to track purchase limits. We do NOT permanently store personal customer information such as names, email addresses, physical addresses, or payment details. The customer IDs are used exclusively to enforce purchase limits as configured by merchants.

Payment Information

All payment processing for app subscriptions is handled by Shopify. We do not store or process payment information directly. Please reference Shopify's privacy policy for payment processing details.

4. How We Use Information

We use collected information solely for:

• Providing and maintaining app functionality
• Enforcing purchase limits as configured by merchants
• Customer support when requested
• Service improvements and bug fixes

5. Information Sharing

We do NOT sell, rent, or share data with third parties for marketing or advertising purposes.

We may disclose information only when:

• Required by law or legal process
• Necessary to protect our rights or safety
• In connection with a business transfer or acquisition (with notice to affected parties)

6. Data Retention & Deletion

We comply fully with Shopify's mandatory GDPR webhooks. When a merchant uninstalls our app:

• All associated data is automatically deleted within 48 hours
• This includes merchant information and all stored customer IDs

Merchants and customers may also request data deletion at any time by contacting us at the email addresses provided above.

7. GDPR Compliance

We comply with the General Data Protection Regulation (GDPR) through:

• Minimal data collection (customer IDs only, no personal data)
• Automatic data deletion via Shopify's GDPR webhooks
• Clear data processing purposes
• No third-party data sharing

Users in the European Economic Area may request access, rectification, or erasure of any data we hold. Contact us at data@dashcheckout.io for any such requests.

8. Security Measures

We implement appropriate technical and organizational security measures to protect the limited data we store. However, no method of electronic transmission or storage is completely secure, and we cannot guarantee absolute security.

9. Minor Protection

Our app is intended for use by merchants and does not knowingly collect information from children under 18 years of age.

10. California Privacy Rights (CCPA)

California residents have the right to:

• Know what personal information we collect
• Request deletion of personal information
• Opt-out of sale of personal information (note: we do not sell personal information)
• Non-discrimination for exercising privacy rights

Data Sales Policy: 2690292 Ontario Inc. has not sold any personal information to third parties and does not intend to do so.

11. Policy Updates

We may update this privacy policy to reflect changes in our practices or legal requirements. Material changes will be communicated through our website or direct notification to merchants. We encourage users to review this policy periodically.

12. Limitation of Liability

To the fullest extent permitted by applicable law:

• 2690292 Ontario Inc., its affiliates, officers, directors, employees, and agents shall not be liable for any indirect, incidental, special, consequential, or punitive damages arising from or related to your use of our app or any data processing activities.
• Our total aggregate liability for any claims arising from or related to this privacy policy or our data processing activities shall not exceed the total amount of fees actually paid by you to us in the three (3) months preceding the claim.
• If you are using the Service on a free plan or have not paid any fees during the relevant period, you acknowledge that our maximum aggregate liability to you shall be zero dollars (CAD $0.00), and you accept the Service strictly "as is" with no remedy for any claims related to data processing.
• We are not responsible for the privacy practices, data security, or content of third-party services, including Shopify and any payment processors.
• We make no warranties, express or implied, regarding the security or confidentiality of any data transmitted through the internet or stored on our systems.

Some jurisdictions do not allow the exclusion or limitation of certain damages. In such jurisdictions, our liability shall be limited to the maximum extent permitted by law.

13. Indemnification

You agree to indemnify, defend, and hold harmless 2690292 Ontario Inc. and its affiliates, officers, directors, employees, and agents from and against any and all claims, damages, losses, liabilities, costs, and expenses (including reasonable attorneys' fees) arising from or related to your violation of this privacy policy, your use of our app, or any breach of your representations and warranties.

14. Contact & Data Requests

For privacy inquiries, data access requests, or deletion requests, please contact us at data@dashcheckout.io. We will respond to all requests within 30 days.