Privacy Policy

ZIM Wholesale Pricing Tiers — Last updated: February 2026

1. Data Controller

This Privacy Policy applies to the Shopify application ZIM Wholesale Pricing Tiers, developed and operated by:

ZIM Solutions
Email: zim.admin@zimeprsolutions.com

ZIM Solutions acts as the data controller for the purposes of the EU General Data Protection Regulation (GDPR) and applicable data protection laws.

2. Information We Collect

The App collects only the minimum data required to operate:

Shopify authentication data — your shop domain and OAuth access token, used exclusively to read and write product metafields and manage discounts on your behalf.
FTP connection settings — host, port, username, password, remote path, and file pattern, used to connect to your FTP server for automated CSV imports. Passwords are stored encrypted using AES-256-GCM. We encourage merchants to use FTPS (FTP over TLS) to protect data in transit; the App supports FTPS via configuration.
Pricing tier configuration — variant IDs, quantity thresholds, discount values, and tier names uploaded via CSV or imported from your FTP server.

3. Information We Do Not Collect

The App does not collect, store, or process any data belonging to your store’s customers — including names, email addresses, order history, payment information, or any other personally identifiable information relating to end consumers.

The App does not use cookies, tracking pixels, analytics scripts, or any session storage beyond what Shopify’s embedded app authentication requires.

4. Legal Basis for Processing (GDPR)

We process your data under the following lawful bases:

Data	Legal Basis
Shopify access token and shop domain	Contractual necessity — required to provide the service you installed
FTP credentials	Contractual necessity — required to perform automated FTP imports you configured
Pricing tier data	Contractual necessity — core function of the App

5. How We Use Your Information

To authenticate your Shopify store and make authorised API calls on your behalf.
To connect to your FTP server and automatically import pricing CSV files on your configured schedule.
To write pricing tier data to product metafields in your Shopify store.
To create and manage automatic discount rules in your Shopify store.

We do not sell, rent, share, or use your data for advertising or profiling purposes.

6. Third-Party Sub-processors

The App is hosted on infrastructure operated directly by ZIM Solutions. We do not use third-party cloud platforms (such as AWS, GCP, or Heroku) to store or process your data. All data remains on ZIM Solutions’ own servers.

The App integrates with the Shopify Admin API solely to perform actions on your behalf within your own store. Shopify’s own privacy practices are governed by Shopify’s Privacy Policy.

7. Data Storage and Security

All data is stored on secure servers managed by ZIM Solutions. FTP passwords are encrypted at rest using AES-256-GCM. Shopify access tokens are stored securely and used exclusively for authorised operations within your store. Access to stored data is restricted to authorised personnel only.

8. International Data Transfers

If you are located in the European Economic Area (EEA) and your data is processed or stored outside the EEA, we ensure appropriate safeguards are in place in accordance with GDPR Chapter V, including Standard Contractual Clauses (SCCs) where applicable. For enquiries about international transfers, contact us at zim.admin@zimeprsolutions.com.

9. Data Retention and Deletion

All data associated with your store — including session tokens, FTP settings, and pricing configurations — is permanently deleted within 48 hours of you uninstalling the App. You may also contact us at any time to request immediate deletion of your data.

10. Your Rights Under GDPR

If you are located in the EU/EEA, you have the right to:

Access — request a copy of the data we hold about you.
Rectification — request correction of inaccurate data.
Erasure — request deletion of your data.
Restriction — request that we limit processing of your data.
Portability — receive your data in a structured, machine-readable format.
Objection — object to processing based on legitimate interests.

To exercise any of these rights, contact zim.admin@zimeprsolutions.com. You also have the right to lodge a complaint with your local data protection authority.

11. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

Right to Know — request disclosure of the personal information we collect and how it is used.
Right to Delete — request deletion of personal information we hold about you.
Right to Non-Discrimination — we will not discriminate against you for exercising your privacy rights.
Right to Correct — request correction of inaccurate personal information.

We do not sell personal information. To submit a request, contact zim.admin@zimeprsolutions.com.

12. GDPR Webhook Compliance

The App implements all mandatory Shopify GDPR webhooks. Since no end-customer data is stored, customer data request and deletion webhooks are acknowledged with confirmation that no customer data is held. Shop data deletion requests result in complete and permanent removal of all associated merchant data within 48 hours.

13. Changes to This Policy

We may update this policy from time to time. Changes will be posted at this URL with an updated date. Continued use of the App after changes are posted constitutes acceptance of the updated policy.

14. Contact / Data Protection Enquiries

For privacy-related enquiries, data subject requests, or to reach our Data Protection contact:

ZIM Solutions — Privacy
zim.admin@zimeprsolutions.com