Privacy Policy

1. Introduction

Banalabs ("we", "our", or "us") operates the website banalabs.xyz and provides Shopify applications including InvoiceSafe (collectively, the "Services"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Services.

By using our Services, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our Services.

2. Information We Collect

2.1 Website Information

When you visit our website, we may collect:

• Contact information you provide through forms (name, email address, company name, message content)
• Usage data (IP address, browser type, device information, pages visited, time spent on pages)
• Cookies and similar tracking technologies

2.2 Shopify App Information (InvoiceSafe)

When you install and use our Shopify applications, we collect and process:

• Store information (shop domain, store name, email address, contact details)
• Order data (order details, customer information, billing addresses, shipping addresses)
• Product data (product names, SKUs, prices, tax information)
• Refund and transaction data
• App configuration settings (branding preferences, language settings, customization options)
• Authentication and access tokens to interact with your Shopify store

3. How We Use Your Information

3.1 Website

• Responding to your inquiries and providing customer support
• Analyzing website usage to improve our services
• Sending marketing communications (only with your consent)
• Complying with legal obligations

3.2 Shopify Applications

• Providing core app functionality (generating invoices, credit notes, and other documents)
• Customizing documents according to your branding preferences
• Ensuring legal compliance with EU tax and invoicing requirements
• Maintaining document archives for your administrative access
• Processing refunds and generating corresponding credit notes
• Providing technical support and troubleshooting
• Improving and developing new features
• Detecting and preventing fraud or abuse

4. Data Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

• Service Providers: We may share data with third-party service providers who perform services on our behalf (hosting, analytics, customer support). These providers are contractually obligated to protect your data.
• Shopify: Our Shopify applications operate within the Shopify ecosystem and exchange data with Shopify's platform as necessary to provide services.
• Legal Requirements: We may disclose your information if required by law, court order, or governmental regulation.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.
• Your Customers: For InvoiceSafe, we generate and deliver invoices and credit notes to your customers on your behalf, which includes their order and billing information.

5. Data Retention

We retain your information for as long as necessary to provide our Services and comply with legal obligations:

• Website data: Contact form submissions are retained for 2 years or until you request deletion.
• Shopify app data: Order and invoice data is retained according to EU legal archival requirements (typically 10 years for tax purposes). You can request earlier deletion subject to legal constraints.
• Usage logs: Analytics and usage data are retained for up to 2 years.

When you uninstall a Shopify app, we delete your access tokens immediately. Historical data may be retained according to legal requirements.

6. Data Security

We implement appropriate technical and organizational security measures to protect your information:

• Encryption in transit (TLS/SSL) and at rest
• Access controls and authentication mechanisms
• Regular security assessments and updates
• Secure data storage with reputable cloud providers
• Employee training on data protection practices

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security.

7. Your Rights Under GDPR

If you are located in the European Economic Area (EEA), you have the following rights:

• Right to Access: You can request a copy of the personal data we hold about you.
• Right to Rectification: You can request correction of inaccurate or incomplete data.
• Right to Erasure: You can request deletion of your personal data, subject to legal retention requirements.
• Right to Restrict Processing: You can request that we limit how we use your data.
• Right to Data Portability: You can request a copy of your data in a machine-readable format.
• Right to Object: You can object to certain types of processing, such as direct marketing.
• Right to Withdraw Consent: Where processing is based on consent, you can withdraw it at any time.

To exercise these rights, please contact us at hello@banalabs.xyz. We will respond within 30 days.

8. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to improve user experience and analyze usage:

• Essential Cookies: Required for website functionality (session management, security).
• Analytics Cookies: Help us understand how visitors use our website (Google Analytics or similar).
• Preference Cookies: Remember your settings and preferences.

You can control cookies through your browser settings. Note that disabling cookies may affect website functionality.

9. Third-Party Services

Our Services may integrate with or link to third-party services:

• Shopify: Our apps operate on the Shopify platform. See Shopify's Privacy Policy for their data practices.
• Hosting Providers: We use secure cloud hosting services to store and process data.
• Analytics Services: We may use analytics tools to understand service usage.
• Payment Processors: App billing is handled through Shopify's billing system.

We are not responsible for the privacy practices of third-party services. We encourage you to review their privacy policies.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws.

When we transfer data internationally, we ensure appropriate safeguards are in place, such as:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions for data transfers to approved countries
• Compliance with applicable data protection frameworks

11. Children's Privacy

Our Services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us, and we will take steps to delete such information.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by:

• Updating the "Last updated" date at the top of this policy
• Posting a notice on our website
• Sending an email to registered users (for significant changes)

Your continued use of our Services after changes become effective constitutes acceptance of the updated policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: