Privacy Policy

Data We Collect and Process

1. Merchant Business Information

What we collect:

• Your Shopify store domain and access credentials
• Greek tax credentials (myDATA user ID and API subscription key)
• Business tax information: VAT number (ΑΦΜ), registered company name, business address, city, and postal code
• Optional company logo for branded delivery note PDFs
• App settings and preferences

Why we collect it:

• To authenticate your Shopify store and access order data
• To submit delivery notes to the Greek tax authority (AADE) on your behalf
• To generate legally compliant delivery notes with your business information as the issuer
• To manage your subscription and billing

Storage location: Supabase database (secure cloud storage with encryption)

2. Customer Personal Data

What we collect from your Shopify orders:

• Customer first and last name
• Shipping address (street address, city, postal code, country)
• Order details (product names, quantities, SKUs, prices, order numbers)

Why we collect it:

• Legal requirement: Greek tax law requires delivery notes to include recipient (customer) name and delivery address
• To submit legally compliant delivery notes to the Greek myDATA system
• To generate PDF copies of delivery notes for your records
• To maintain an audit trail of all tax submissions

Important notes:

• We do NOT collect customer email addresses or phone numbers
• We do NOT collect payment information or credit card details
• Customer data is only accessed when you explicitly submit a delivery note for an order

3. Subscription and Billing Data

What we collect:

• Subscription status (trial, active, cancelled, expired)
• Billing cycle dates (start and end of each 30-day period)
• Shopify recurring charge ID
• Submission usage counts (number of delivery notes submitted)

Why we collect it:

• To manage your 7-day free trial and paid subscription
• To track submission quota (100 submissions per month on paid plan)
• To enforce usage limits and billing

Data Sharing and Third Parties

1. Greek Tax Authority (AADE - myDATA API)

Legal requirement: Greek tax law mandates electronic submission of delivery notes to myDATA. This is the core purpose of the app - automating your legal tax compliance obligations.

What we share:

• Your business information (VAT number, company name, address)
• Customer names and shipping addresses
• Order line item details (product names, quantities, SKUs)

Data Retention

Active merchants: All data is retained indefinitely while your app is installed. Submission history is maintained as a permanent tax audit trail.

Uninstalled app: When you uninstall the app, your account is marked as “uninstalled” (soft delete). Your data is NOT automatically deleted - it is retained for legal and audit purposes.

Data Security

• All data stored in Supabase with Row Level Security (RLS) enabled
• Access restricted to service role only (no public access)
• HTTPS/TLS encryption for all data in transit
• Shopify access tokens stored securely, never exposed in logs
• myDATA API credentials encrypted at rest

Your Rights

Under GDPR and Greek data protection law, you have the right to:

• Access your data - view all data we store about you
• Rectification - correct inaccurate data
• Erasure - request deletion of your data (subject to legal retention requirements)
• Data portability - receive your data in a portable format
• Object to processing - in certain circumstances

Legal Basis for Processing

We process personal data under the following legal bases:

1. Contract performance - To provide the myDATA submission service you subscribed to
2. Legal obligation - To comply with Greek tax law requiring delivery note submissions
3. Legitimate interests - To maintain audit trails, prevent fraud, and provide customer support

Contact

For questions about this Privacy Policy or to exercise your data rights, please contact us at: support@mydatacomply.gr

---

Last updated: January 2026