Privacy Policy

Last updated: January 25, 2026

1. Data Controller

Company Name: Rafał Stybliński

VAT/Tax ID: PL9691497521

Address: ul. Zwycięstwa 14/105, 44-100 Gliwice, Poland

Contact Email: contact@rafalstyblinski.pl

💼 B2B Service with B2C Privacy Protection:

The Service is intended for business use (B2B). While we primarily provide the App to merchants (businesses), this Privacy Policy applies to all natural persons whose data we may process in connection with the Service.

2. Data We Collect

The UK-EU Customs Calculator for Shopify collects the following data:

From Shopify API (merchant data):

  • Shopify store domain: e.g. example.myshopify.com
  • Store owner email: used for communication and technical support
  • Shop ID: unique identifier in Shopify
  • Product data: cart contents (product values), product weights (if available)
  • Subscription plan: Free or Pro (for billing)

Calculation logs (anonymous):

  • Date and time of calculation
  • Product value (in GBP and EUR)
  • Destination country (country code, e.g. "PL", "DE")
  • HS category used for calculations
  • Calculated amounts: duty, VAT, handling fee
  • User Agent (end customer's browser) - for debugging only

✅ IMPORTANT - End customer data:

We DO NOT collect personal data of end customers (buyers in the store). We do not have access to customer names, email addresses, or shipping addresses.

3. Data Storage Location

Data is stored in a Supabase (PostgreSQL) database.

Server region: Ireland, EU (eu-west-1)

GDPR compliant: ✅ YES (data does not leave the European Union)

Encryption: SSL/TLS connections, data in transit and at rest

Backups: Automatic daily backups (Supabase Pro Plan)

4. Legal Basis for Data Processing (GDPR)

📋 GDPR Article 6(1):

The legal basis for processing your data is:

  • Art. 6(1)(b) GDPR: Processing is necessary for the performance of a contract to which the data subject is party (providing the customs calculation service to you as a merchant)
  • Art. 6(1)(c) GDPR: Processing is necessary for compliance with a legal obligation (GDPR webhooks, tax records)

5. Purpose of Data Processing

We collect data exclusively for:

  • Service provision: Calculating duties and VAT for store customers
  • Billing: Managing subscription plan (Free vs Pro)
  • Technical support: Diagnosing errors and helping users
  • Statistics: Aggregated data (e.g., most popular product categories) - without the ability to identify specific users
  • Legal compliance: Fulfilling GDPR obligations (webhooks)

6. GDPR - Your Rights

Under GDPR, as a merchant (Shopify store owner) you have the right to:

  • Right of access: Request a copy of your data (implemented via webhook customers/data_request)
  • Right to erasure ("right to be forgotten"): Request deletion of your data (implemented via webhook shop/redact)
  • Right to rectification: Correct inaccurate data (possible through admin panel)
  • Right to data portability: Export data in JSON/CSV format
  • Right to restriction of processing: Deactivate the app in Shopify panel

7. Sharing Data with Third Parties

We DO NOT sell or share personal data with third parties for marketing purposes.

Data may only be shared with:

  • Accounting and Tax Services: We share data necessary for tax and accounting compliance with ifirma.pl (accounting software provider) and our professional accounting office.
  • Shopify International Limited: as our billing agent for processing all subscription payments.
  • Supabase: as our database infrastructure provider (located in Ireland, EU). Data Processing Agreement (DPA) in place.
  • Government authorities: only upon receipt of a valid court order

8. Cookies and Tracking

The App DOES NOT use tracking cookies for marketing purposes.

We only use:

  • Session cookies: For Shopify OAuth authentication (technically necessary)
  • Analytics (optional): Vercel Analytics (anonymous traffic statistics) - can be disabled

9. Data Retention Period

  • Store data (Shop): Until app uninstallation + 30 days (in case of restoration)
  • Calculation logs: 12 months, then automatic deletion
  • Financial data (subscription): 7 years (accounting requirement)

10. Contact for Privacy Matters

If you have questions regarding personal data processing or wish to exercise your GDPR rights, please contact:

Email: contact@rafalstyblinski.pl

Contact form: /contact

Response time: Up to 30 days (in accordance with GDPR)

💡 For Merchants (Shopify Merchants):

Remember that as a Shopify store owner, YOU are the data controller for your end customers. This Privacy Policy only applies to data collected by the UK-EU Customs Calculator app. You must also have your own privacy policy for your store.

← Back to Home