Dunly Labs (“Dunly”, “we”, “us”) provides an accounts-receivable application for Shopify. This Privacy Policy explains what data we process when you install and use Dunly, and your rights.
1. Information we process
When you install Dunly on your Shopify store, we access and store — through Shopify’s APIs and webhooks — only the data needed to provide accounts-receivable functionality:
- Order and draft-order data: order numbers, amounts, currencies, financial status, payment terms, due dates and outstanding balances.
- Customer data: customer name and email address, used to identify who owes a balance and to send statements and payment reminders, plus any credit limit you choose to set for a customer.
- Shop data: your store domain and business name.
We do not collect or store payment card numbers, bank credentials, or end-customer passwords.
2. How we use the data
We use this data solely to build your receivables ledger; calculate balances and aging; generate account statements; send payment-reminder emails on your behalf; record payments; and keep your data in sync with Shopify. We do not sell your data or your customers’ data, and we do not use it for advertising.
3. Where data is stored / subprocessors
Data is stored in a managed PostgreSQL database and processed by the following subprocessors:
- Shopify — platform and data source
- Railway — application hosting and managed PostgreSQL database
- Resend — sending reminder emails
All data is encrypted in transit (TLS) and at rest.
4. Data retention & deletion
We retain your data only while Dunly is installed. When you uninstall the app, we delete your store’s data in line with Shopify’s mandatory compliance webhooks (typically within 48 hours of the shop/redact request). We also honor customers/redact requests by erasing the relevant customer data, and customers/data_request requests by making the requested data available to the merchant through our support contact.
5. Your rights (GDPR / CCPA)
You and your customers may request access to, correction of, or deletion of personal data we process. Contact us at firsatkara@gmail.com and we will respond within the time required by applicable law.
6. Security
We follow industry-standard practices: encrypted connections, encrypted storage, least-privilege access, and access limited to authorized personnel.
7. Changes
We may update this policy; material changes will be posted here with a new “Last updated” date.
8. Contact
Dunly Labs — firsatkara@gmail.com