Last updated: March 25, 2026
Smarkit Company Limited ("AB2C", "we", "us", or "our") operates the AB2C application (the "App"). This Privacy Policy explains how we collect, use, store, and protect information when you use our App, including through integrations with third-party platforms such as Shopify. We process only the minimum personal data required to provide the App's functionality.
Via Shopify APIs: When you install the App, we access the following through Shopify's APIs:
Store information: Shop name, domain, email address, timezone, country, and primary location.
Product and inventory data: Product listings, variants, stock levels, and pricing.
Order data: Order details, fulfillment status, customer shipping addresses, and transaction information.
Account credentials: OAuth access tokens issued by Shopify.
Directly from you: When you register or use the App, we may collect your name, email address, company name, and other account details you provide.
We do not collect personal information from your customers beyond what is necessary to fulfill orders on your behalf.
We use the collected information solely to:
Provide and maintain the App's core functionality (catalog sync, order management, inventory tracking, fulfillment).
Communicate with you regarding your account or service-related matters.
Improve the App's performance and reliability.
We do not use your data for advertising, profiling, automated decision-making, or any purpose unrelated to the App's functionality. The App is not directed at children under 16.
We process your data under the following legal bases (GDPR Article 6):
Contractual necessity: Processing required to provide the App's services to you (catalog sync, order management, fulfillment).
Legitimate interest: Improving the App's performance, reliability, and security.
Legal obligation: Complying with applicable laws, regulations, or legal processes.
We do not sell, rent, or share your data with third parties except:
Cloud hosting: Google Cloud Platform (GCP) — hosts and operates the App infrastructure.
Database services: PostgreSQL database hosted on GCP — stores application data.
Legal requirements: We may disclose information if required by law or in response to valid legal process.
All sub-processors process data on our behalf under data processing agreements with strict confidentiality obligations.
For customer personal data accessed through your store, you (the merchant) are the data controller and we act as a data processor on your behalf. For your own merchant account data, we are the data controller.
Our servers are located in the Asia-Southeast region (Google Cloud Platform). If you or your customers are located in the European Economic Area (EEA) or United Kingdom, your data may be transferred to and processed outside these regions. We rely on Standard Contractual Clauses (SCCs) and our sub-processors' compliance frameworks to ensure adequate data protection for international transfers.
We retain your data for as long as the App is installed and your account is active. Upon uninstallation, Shopify sends us a shop data deletion request (shop/redact webhook) and we will delete or anonymize your store data within 30 days. Aggregated, non-identifiable data may be retained for analytics purposes.
We implement industry-standard security measures to protect your data, including encrypted connections (TLS/SSL), secure token storage, access controls, and HMAC signature verification for all webhook communications. In the event of a data breach, we will notify affected parties within 72 hours as required by applicable law. However, no method of electronic storage is 100% secure, and we cannot guarantee absolute security.
Our App does not place cookies or tracking technologies on your customers' devices. We use standard session management for authenticated users of our platform only.
We honor data subject requests received through Shopify's compliance webhook system (customers/data_request, customers/redact) and respond within 30 days.
Under GDPR (EEA/UK residents): You have the right to access, rectification, erasure, restriction of processing, data portability, objection, and to lodge a complaint with your local supervisory authority.
Under CCPA/US state privacy laws: You have the right to know what data we collect, request deletion, and opt out of any sale or sharing of personal information. We do not sell personal information. You will not be discriminated against for exercising these rights.
You may also uninstall the App at any time, which will trigger data deletion per our retention policy. Regardless of your location, we provide the same privacy protections to all users.
We may update this Privacy Policy from time to time. We will notify you of significant changes by updating the "Last updated" date at the top of this page. Continued use of the App after changes constitutes acceptance of the updated policy.
If you have any questions about this Privacy Policy or our data practices, please contact us at:
Smarkit Company Limited
Rm A, 9/F, Primoknit Industrial Building, 7-9 Kung Yip St, Kwai Hing, Hong Kong
Email: [email protected]
Website: https://www.infinite-ecommerce.com
© 2026 Smarkit Company Limited. All rights reserved.