Privacy Policy

Last updated: 2026-04-21

English

This policy describes how ShipGrid (operated by Heimegut AS, Norway) collects, uses, and stores data when you install and use the ShipGrid app on Shopify.

Data we collect

• Shop identifiers: your shop domain (e.g. example.myshopify.com) and the OAuth access token provided by Shopify when you install the app.
• Shipping configuration: carrier names, rate tables, zone definitions, surcharges, and other shipping-related settings you configure in the app.
• Shopify location metadata: location names and addresses, used to match carriers to warehouses.
• Product and collection references: product IDs, tags, and collection IDs used for tag-based and collection-based rate rules. We do not store product content (titles, images, descriptions).
• Rate request logs: when a customer reaches checkout, Shopify sends us the shipping destination postal code, item weights, and quantities. We store this request and the rates we returned, for troubleshooting. No customer name, email, or full address is collected.
• Uploaded files: Excel or CSV files you upload for carrier setup. These are parsed in memory and the structured result is stored. Raw files are not retained.

How we use data

• Calculate shipping rates at checkout based on your carrier tables.
• Provide the admin interface where you manage carriers and rates.
• Send Excel sheet content to Anthropic (Claude API) for AI-assisted parsing when you choose to use the AI upload feature. Anthropic processes the file but does not retain or train on your data under the Anthropic API terms.
• Maintain rate request logs for 90 days to help you and us diagnose checkout issues.

Data we do NOT collect

• Customer names, emails, phone numbers, or full shipping addresses.
• Payment or credit card information.
• Order contents or fulfillment data.
• Any personally identifiable information about end buyers.

Data sharing

We do not sell or rent data. We share data only with service providers required to operate the app:

• Google Cloud (Firestore, Cloud Run): hosting and storage, located in europe-west1.
• Anthropic (Claude API): only when you use the AI upload feature, and only the Excel file content.
• Shopify: we receive data from Shopify and return calculated rates. No data is sent to Shopify beyond what the Shopify APIs require.

Data retention

• Configuration data: retained as long as you have the app installed.
• Rate request logs: automatically deleted after 90 days via Firestore TTL.
• On uninstall: when you uninstall ShipGrid, we delete all your configuration, sessions, and logs within 48 hours via the app/uninstalled webhook.
• On GDPR request: Shopify forwards shop/redact requests to us 48 hours after uninstall. Upon receiving this, we immediately delete all remaining data.

Your rights (GDPR)

As a shop owner, you have the right to:

• Access the data we hold about your shop.
• Request correction or deletion.
• Withdraw consent by uninstalling the app.
• Lodge a complaint with Datatilsynet (the Norwegian Data Protection Authority).

To exercise these rights, contact us at support@heimegut.no.

Security

Data is transmitted over TLS. Access tokens are stored in Firestore with restricted service-account access. We do not log access tokens in application logs.

Contact

Heimegut AS
Organisasjonsnummer: 929 466 551
Norway
support@heimegut.no

Norsk

Denne erklæringen beskriver hvordan ShipGrid (drevet av Heimegut AS) samler inn, bruker og lagrer data når du installerer og bruker ShipGrid-appen på Shopify.

Data vi samler inn

• Butikk-identifikatorer: butikkdomenet ditt og OAuth access token fra Shopify.
• Fraktkonfigurasjon: transportører, priser, soner og innstillinger du selv konfigurerer.
• Shopify-lokasjoner: lokasjonsnavn og adresser, brukt til å matche transportører mot lager.
• Produkt- og kolleksjonsreferanser: produkt-IDer, tags og kolleksjons-IDer for frakteregler.
• Rate-request-logg: postnummer, vekt og antall varer per fraktforespørsel fra checkout. Ingen kundenavn, e-post eller full adresse.

Vi samler IKKE

• Kundenavn, e-post, telefon eller full leveringsadresse.
• Betalings- eller kortinformasjon.
• Ordre eller produktdetaljer.

Oppbevaring

• Konfigurasjonsdata: så lenge appen er installert.
• Rate-logger: slettes automatisk etter 90 dager.
• Ved avinstallering: all data slettes innen 48 timer via app/uninstalled-webhook.

Rettigheter (GDPR)

Du kan be om innsyn, korrigering eller sletting av data ved å kontakte support@heimegut.no. Du kan også klage til Datatilsynet.

Kontakt

Heimegut AS, Norge. Organisasjonsnummer: 929 466 551. support@heimegut.no