This Privacy Policy describes how Ourava apps ("we", "us", or "our") collect, use, and share personal information when you use our Shopify applications and related services. Ourava is a Shopify app brand operated by CoreLink. The Shopify App Store developer of record is CoreLink. By installing Ourava B2B Quick Order, you agree to the practices described in this policy.
1. Information Collection
To provide our bulk ordering services, we collect the following types of information from users of our App:
- Account Information: Your name, email address, and Shopify store URL.
- Shopify Store Data: Product listings, variants, SKUs, inventory levels, and customer metadata necessary to power the ordering portal.
- Order Data: Purchase orders submitted through the portal, including SKU lists, quantities, and uploaded PO documents.
- Usage Data: Information on how you and your buyers interact with the Ourava portal, including session timestamps and feature utilization.
- Technical Data: IP addresses, browser types, and device identifiers used to access our platform.
2. Data Usage & AI Processing
We use your data to operate, improve, and personalize Ourava Quick Order. Specifically:
SKU Matching
Our AI matches pasted or uploaded SKUs against your Shopify catalog — including fuzzy matching for typos and alternate formats.
PO Processing
Uploaded CSV purchase orders are parsed to extract line items automatically. Files are processed ephemerally and not retained.
Important: Ourava does not sell your store data or customer data to third-party advertisers. All AI processing is performed within our secure infrastructure and is used solely to provide the service to you.
3. Data Security and Storage
We employ enterprise-grade security measures to protect your information:
- Encryption: All data is encrypted at rest using AES-256 and in transit via TLS 1.3.
- Access Controls: Strict internal identity management ensures only authorized personnel can access production infrastructure.
- Data Minimization: We only store data necessary to provide the service. Uploaded PO documents are processed and then deleted.
- Monitoring: 24/7 system monitoring and regular third-party security audits.
Data is stored on servers located in the United States. If you are located in the European Economic Area, your data may be transferred to and processed in the United States under appropriate safeguards.
4. Third-Party Services
Ourava integrates with the following third-party services to function effectively:
- Shopify: Our primary platform integration partner. Subject to Shopify's Privacy Policy.
- Cloud Infrastructure: Secure hosting provided by AWS and/or Google Cloud Platform.
- Payment Processors: We use Shopify Billing for all subscription operations. No credit card data is stored on our servers.
- AI Services: Document parsing and SKU matching may use third-party AI APIs. Data sent to these services is governed by their data processing agreements and is not used for model training.
5. Compliance (GDPR / CCPA)
We are committed to global data protection standards:
GDPR Rights (EU/EEA)
If you are located in the European Economic Area, you have the right to access, rectify, erase, restrict processing of, and port your personal data. You may also object to processing. To exercise these rights, contact us at [email protected].
CCPA Rights (California)
California residents may request disclosure of the specific pieces of personal information we have collected about them and have the right to opt out of the sale of personal information. We do not sell personal information. To submit a request, email [email protected].
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date. Continued use of the service after changes constitutes acceptance.
Questions or requests?
We respond to all privacy inquiries within 48 hours.