Information collected from Merchants
When you install any app, we are automatically able to access certain types of information from your Shopify account: You can see the details here. We collect this information to provide you with our services; for example, to confirm your identity, contact you, provide customer support when you contact us, provide you with advertising and marketing.
Information collected from Merchants’ customers
For us to be able to provide you with our services and support, for you to better serve your customers, and to improve our services, in some apps we collect information about your customers. Here are the details:
- LAI Product Reviews: We collect your customers' name and email for analytics and automated email marketing feature. If customers choose to submit a review on the Merchant’s website, we will collect any information customers choose to provide within such review, including: photos, rating, review text, and comments to the review.
- Product Labels: No customer personal information will be collected.
Information collected when you visit our Website
When you visit our website, we collect certain information about your device, including information about your web browser, IP address, time zone, and some of the cookies installed on your device. We collect the information using the following technologies:
- “Cookies” are data files that are placed on your device or computer and often include an anonymous unique identifier. For more information about cookies, including how to disable them, visit allaboutcookies.org.
- “Log files” track actions occurring on the site, and collect data such as your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.
- “Web beacons,” “tags,” and “pixels” are electronic files used to record information about how you browse the site.
How we share information
We share your Personal Information with the following third parties to help us conduct our business and support our customers.
- We use Google Analytics to help us understand how our customers use our website, our apps. You can read more about how Google uses your Personal Information at https://policies.google.com/privacy?hl=en. You can also opt-out of Google Analytics at https://tools.google.com/dlpage/gaoptout.
- We use CustomerIO for email marketing and to maintain our customer lists. You can read more about how CustomerIO uses your Personal Information at https://customer.io/legal/privacy-policy/.
- We use Freshdesk to communicate with you and provide customer support when you contact us. You can read more about how Freshdesk uses your Personal Information at https://www.freshworks.com/privacy/.
- We may also share your Personal Information to comply with applicable laws and regulations, to respond to a subpoena, search warrant, or other lawful requests for any information we receive, or to otherwise protect our rights.
- We may use your Personal Information to provide you with targeted advertisements or marketing communications we believe could be of interest to you. You can opt out of Facebook and Google targeted advertising at facebook.com/settings/?tab=ads and google.com/settings/ads/anonymous.
- Personal information may also be shared with a company that acquires our business, whether through merger, acquisition, bankruptcy, dissolution, reorganization, or other similar transaction or proceeding. If this happens, we will post a notice on our home page.
Smartify Apps processes and stores personal information using our server(s) based in the United States.
Use of Smartify Apps by Children
Smartify Apps is not intended for children. If you are under 13, you may use the site and services only with the supervision of your parents or guardian.
When importing or submitting reviews using LAI, you agree to the following conditions:
- You must make sure that you have the right to use all information that you import or submit.
- LAI has the right but not the obligation to remove any activity or content if you no longer have the rights required by the 1st term.
- You acknowledge and agree that we are not and will not be held liable or responsible, directly or indirectly, if any legal violation happened by not following our terms and conditions.
- You grant us the right to use all information you import to LAI, and you must make sure that you own or otherwise control all of the rights to all this information.
- We encourage the authenticity of all information you import, submit and use on your store. Hence we encourage you to import and submit only real reviews from real people.
Reviews edit policy
When using the Edit review feature, you must ensure the source and transparency of the review and ensure that edits will not change the original meaning of the review. The following are accepted:
- Correcting typos or grammatical errors.
- Translating review to another language.
- Updating reviews' information as requested by reviewers.
Smartify Apps understands that you have rights over your personal information, and takes reasonable steps to allow you to access, correct, amend, delete, port, or limit the use of your personal information. If you are a merchant and wish to exercise these rights, please contact us through firstname.lastname@example.org. We may require that you provide us with acceptable verification of your identity before providing access to such information.
If you are a merchant’s customer and wish to exercise these rights, please contact the merchants you interacted with directly — we serve as a processor on their behalf, and can only forward your request to them to allow them to respond.
Your personal data and the store's data will be deleted 30 days after the app is uninstalled. If you wish to make a request to have your data removed immediately, either as a merchant of the platform or a buyer from a store, please contact us through email@example.com. We may require that you provide us with acceptable verification of your identity before providing access to such information.
Security incident response policy
The purpose of this policy is to provide a structured approach for detecting, reporting, assessing, and responding to security incidents in order to minimize the impact of incidents on the businesses' operations, reputation, and assets.
Incident severity scales
- Level 1 (Low): Incidents that have minor impact and can be resolved quickly without causing significant damage.
- Level 2 (Moderate): Incidents that have a noticeable impact on the organization and require immediate attention to avoid further damage.
- Level 3 (High): Incidents that have a severe impact on the organization's operations and require immediate action to contain and resolve the incident.
Roles and responsibilities
- Incident Response Team (IRT): The team responsible for responding to security incidents, consisting of IT staff, security personnel, and any other relevant stakeholders.
- Incident Coordinator: The individual responsible for managing the incident response process, including coordinating with the IRT and other stakeholders, assessing the severity of the incident, and ensuring that the response is effective.
- IT/Security Staff: Responsible for identifying, investigating, and resolving security incidents.
- Incident Reporting: All incidents must be reported to the Incident Response Team (IRT) as soon as they are identified. This can be done through a dedicated incident reporting system, an email address, or a phone number. The incident report should include a description of the incident, the impact it is having on the organization, and any relevant evidence.
- Initial Assessment:The IRT will conduct an initial assessment of the incident to determine its severity and impact. Based on this assessment, the IRT may decide to escalate the incident to a higher level.
- Level 1 Escalation: For low-level incidents, the IRT may be able to resolve the incident without escalating it further. This may involve implementing temporary fixes, applying security patches, or updating security policies.
- Level 2 Escalation: For moderate-level incidents, the IRT will escalate the incident to the Incident Coordinator. The Incident Coordinator will assess the incident and determine the appropriate response, which may involve involving additional resources or experts. The Incident Coordinator will also communicate with relevant stakeholders, such as management and legal, to keep them informed of the incident and any response actions.
- Level 3 Escalation: For high-level incidents, the IRT will escalate the incident to senior management or executive leadership. This may involve activating the organization's emergency response plan or bringing in outside experts or consultants to assist with the response. The Incident Coordinator will continue to coordinate the response, but with additional oversight from senior management or executive leadership.
As soon as an incident is detected or reported, all relevant systems, devices, and logs will be preserved to prevent any further modifications or deletions of data. This includes collecting and preserving electronic data, such as system logs, network traffic, and application data.
- Incident Identification: All employees will be trained to identify and report any security incidents as soon as they are detected. This includes reporting any suspicious activities, unauthorized access, data breaches, malware infections, and other security-related incidents.
- Incident Categorization: The IRT will conduct an initial assessment of the incident to determine its severity and impact. The incident will be categorized based on a predefined severity scale to determine the appropriate level of response.
- Incident Containment: The IRT will take immediate action to contain the incident to prevent further damage or loss of data. This may involve isolating affected systems, disabling network connections, or shutting down affected services.
- Incident Analysis: The IRT will analyze the incident to determine the root cause and identify any indicators of compromise. This may involve collecting and analyzing system logs, network traffic, and other relevant data.
- Incident Response: The IRT will develop a response plan based on the severity of the incident and the impact it is having on the organization. The response plan should include clear procedures for communication, coordination, and collaboration among the IRT members and other relevant stakeholders.
- Incident Recovery: The IRT will work to restore normal operations as soon as possible while ensuring the security of the systems and data. This may involve restoring from backups, patching vulnerabilities, or rebuilding systems.
- Incident Review: After the incident has been resolved, the IRT will conduct a post-incident review to identify any lessons learned or areas for improvement. This review will be used to update the organization's security incident response policy and procedures to better prepare for future incidents.