Search
Close this search box

Our privacy policy

Welcome
Data Collected
Information Sharing
International Data Transfers
Children's Use of Services
Your Data Rights
Data Retention
Security Incident Response
Contact Information

Welcome to the OnionLab Privacy Policy

This Privacy Policy outlines how OnionLab collects, uses, and protects personal data, as well as the rights of our visitors, customers, and merchants regarding their data.

By using our website, apps, or services, you agree to the terms in this Privacy Policy and any other policies on our website. If you do not agree, please discontinue use immediately.

We may update this Privacy Policy periodically to reflect changes in our practices or for legal reasons. Major updates will be communicated on our website. Continued use of our services after any updates indicates acceptance of the revised terms.

Data Collected from Merchants

When you install our apps, we may access specific information from your Shopify account to provide our services, such as identity verification, customer support, and marketing content.

Data Collected from Merchant’s Customers

To improve our services and support merchants, we collect customer data stored in your Shopify Admin, such as first names, last names, and email addresses.

Data Collected from Website Visitors

We collect data about your device, such as web browser type, IP address, time zone, and cookies. We use:

  • Cookies: Small data files on your device, often including an anonymous identifier.
  • Log Files: Records of site activity, including IP addresses and browser types.
  • Web Beacons, Tags, and Pixels: Electronic files that track browsing behavior.

Information Sharing

We share your data with third parties to support our services:

  • Google Analytics: For understanding website and app usage.
  • CustomerIO: For email marketing.
  • Freshdesk: For customer support.

We may also share data to comply with legal obligations or to protect our rights. In the event of a business acquisition, your data may be transferred to new owners.

International Data Transfers

OnionLab processes personal data on servers located in the U.S. By using our services, you consent to this transfer, regardless of your location.

Children’s Use of OnionLab Services

OnionLab is not intended for children under 18. Children under 18 may use our services only with parental or guardian supervision.

Your Data Rights

You have rights regarding your personal data, including access, correction, deletion, and limiting its use. Merchants can contact us at [email protected] to exercise these rights. Verification may be required.

If you are a customer of a merchant, please contact the merchant directly for data requests.

Data Retention

For questions about your data or to request data deletion after uninstalling an app, email [email protected]. Data will be deleted within 48 hours of uninstallation.

Security Incident Response Policy

This policy outlines how we detect, report, and respond to security incidents to minimize their impact on our business.

Incident Severity Level

  • Low: Minor impact, resolved quickly.
  • Moderate: Noticeable impact, needs immediate attention.
  • High: Severe impact, urgent action required.


Roles and Responsibilities

  • Incident Response Team (IRT): Handles security incidents.
  • Incident Coordinator: Manages the incident response.
  • IT/Security Staff: Detects and addresses incidents.

 

Incident Escalation

  • Level 1: Minor incidents are resolved by the IRT without escalation.
  • Level 2: Moderate incidents are escalated to the Incident Coordinator.
  • Level 3: Severe incidents are escalated to senior management.

 

Evidence Collection and Incident Investigation

Relevant data will be preserved and analyzed to understand the incident’s cause and impact.

Contact Information

For any questions about this Privacy Policy or your data, contact us at [email protected].

Last updated: 01 Sep 2024