Privacy Policy

Last updated: 19 April 2026

This policy describes how Sales & VAT Breakdown (the "app", "we", "us") handles data from your Shopify store. We built the app to help merchants produce accurate VAT and sales reports — we do not collect, sell, or share personal information beyond what is strictly required for the service to work. By installing, accessing, or otherwise using the Service, you automatically agree to this Privacy Policy and to our Terms of Service.

Who we are

The app is operated and data processing is handled by Ceeglo AB. Read more here. Contact: info@ceeglo.se.

What data we process

• Shop identifiers & access tokens — your store's .myshopify.com domain and the OAuth access token issued by Shopify. Required to read orders on your behalf.
• Merchant-entered settings — company name, VAT number, payment-gateway labels, country-region overrides, interface language preference. Used purely to populate report headers and your dashboard.
• Aggregate order data — fetched from the Shopify Admin API on demand when you run a report. We persist only aggregate snapshots (on the Pro plan) — not individual customer names, addresses, emails, or payment details.
• Operational logs — error reports and performance traces (Sentry), retained up to 30 days, no customer data.

What we do NOT store

• Customer names, emails, or addresses
• Payment card numbers or bank details
• Marketing or behavioural tracking cookies
• Any data after the app is uninstalled (see below)

Legal basis (GDPR)

Processing takes place under a contract (EU GDPR Art. 6(1)(b)) with the merchant who installed the app. Where orders include customer information, that information is processed only transiently, in memory, to compute aggregate totals — it is not retained in identifiable form.

Hosting & data location

All application and database infrastructure is hosted within the EU/EEA (primary region: Sweden).

Retention

• Sessions & access tokens — while the app is installed.
• Saved report snapshots (Pro plan only) — until you uninstall or explicitly delete them.
• Merchant settings — until you uninstall, then deleted via Shopify's shop/redact compliance webhook (within 48 hours).
• Operational logs — maximum 30 days.

What happens on uninstall

When you uninstall the app, Shopify sends a shop/redact webhook within 48 hours. On receipt, we delete all settings, saved reports, and sessions tied to your shop. Nothing is retained.

Your rights

You have the right to access, correct, delete, and restrict processing of your data. Contact info@ceeglo.se and we will respond within 30 days. If you are in the EU/EEA you may also lodge a complaint with your national data protection authority (in Sweden: Integritetsskyddsmyndigheten / IMY).

Cookies

The app uses only strictly-necessary cookies and session tokens required for the embedded Shopify admin experience. We do not use marketing, analytics, or third-party tracking cookies.

Third parties

• Shopify — the platform the app runs on.
• EU-based infrastructure providers — used for application hosting and database storage, under data processing agreements.
• Error monitoring — anonymous operational errors are captured for reliability. No customer data is transmitted.

We do not sell or share your data with any other third party for any purpose.

Changes

Material changes to this policy will be reflected in the "Last updated" date above. Substantial changes will be communicated via the app or by email where appropriate.

Contact

For any privacy-related question, GDPR request, or data concern: info@ceeglo.se.