Privacy Policy

Last updated: April 16, 2026

1. Introduction

QuickStore ("we," "us," or "our") operates the QuickStore platform, a SaaS tool that helps users create Shopify dropshipping stores using product data from AliExpress. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our website and services.

2. Information We Collect

2.1 Account Information

When you create an account, we collect your:

  • Full name
  • Email address
  • Password (stored as a bcrypt hash — we never store your plain-text password)
  • Google account profile data (name, email, and profile picture) if you sign up via Google OAuth

2.2 Shopify Store Data

When you connect your Shopify store via OAuth, we request the following permissions: write_products, write_themes, and read_orders. This allows us to create and update products, upload store themes, and receive order data through webhooks. Your Shopify access token is encrypted using AES-256-GCM before storage.

2.3 AliExpress Account Data

When you connect your AliExpress seller account, we store your access and refresh tokens (encrypted with AES-256-GCM) to place dropship orders, retrieve product information, and sync tracking numbers on your behalf.

2.4 Order and Customer Data

When your store receives orders, we process and store: customer name, email, shipping address, billing address, line items, order totals, and fulfillment status. This data is necessary to automate order fulfillment through AliExpress. Customer shipping addresses are transmitted to AliExpress to place dropship orders.

2.5 Product Data

When you import products from AliExpress, we process product URLs, images, descriptions, pricing, variants, and supplier information. Product images may be stored on our cloud infrastructure (AWS S3) to generate store listings.

2.6 Usage Data

We automatically collect information about how you interact with our platform, including pages visited, features used, browser type, IP address, device information, and timestamps.

2.7 Payment Information

Subscription billing is handled through Shopify's Billing API. We do not store credit card numbers or full payment details on our servers. Shopify collects and processes your payment information in accordance with their own privacy policy.

2.8 Feedback and Support

If you submit feedback or bug reports through our platform, we store your message text, feedback type, and any images you attach (stored on AWS S3).

3. How We Use Your Information

We use the information we collect to:

  • Create and manage your account
  • Build, publish, and manage your Shopify stores and themes
  • Generate AI-powered product listings, descriptions, images, and SEO content
  • Automatically place and fulfill dropship orders through AliExpress
  • Sync order tracking numbers and delivery status
  • Monitor product availability and alert you to stock changes on AliExpress
  • Process subscription payments and manage your plan
  • Provide customer support via live chat (Tawk.to)
  • Analyze usage patterns to improve the platform
  • Prevent fraud, abuse, and enforce our Terms of Service

4. Third-Party Services

We share data with the following third-party services, only as necessary to operate the platform:

  • Shopify — to create and manage your online store, publish products and themes, and receive order webhooks via their API
  • AliExpress — to import product data, place dropship orders, and sync tracking information. Customer shipping addresses are shared with AliExpress to fulfill orders
  • Shopify Billing API — to process subscription payments securely through the merchant's Shopify account
  • Google — for OAuth authentication, and for AI image generation (Google Imagen) and image analysis (Google Gemini) used to create product photos
  • Anthropic — for AI-powered content generation, product descriptions, and store copy using Claude
  • Amazon Web Services (AWS) — for cloud storage of product images, theme files, and feedback attachments via S3
  • Tawk.to — to provide live chat customer support on our website

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

5. Data Storage and Security

Your data is stored on secure servers. We implement the following security measures:

  • TLS/SSL encryption for all data in transit
  • AES-256-GCM encryption for all third-party access tokens (Shopify, AliExpress) at rest
  • Bcrypt hashing (12 rounds) for passwords
  • Short-lived JWT access tokens (15 minutes) with rotating refresh tokens (30 days)
  • Rate limiting on authentication endpoints (10 requests per minute)

While we take reasonable measures to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

6. Data Retention

We retain data according to the following schedule:

  • Account data: retained for as long as your account is active
  • Order data: retained for the lifetime of your account for analytics and fulfillment tracking
  • Refresh tokens: automatically expire and are rotated every 30 days
  • AliExpress tokens: refreshed automatically; revoked when you disconnect your account
  • Preview themes: automatically cleaned up after 24 hours

If you delete your account, we will remove your personal information within 30 days, except where required for legal or compliance purposes. Deleting a store cascades deletion to all associated products, orders, and related data. Store data synced to Shopify remains on Shopify's platform and is governed by their policies.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Export your data in a portable format
  • Withdraw consent for data processing
  • Object to automated decision-making
  • Revoke third-party access (Shopify, AliExpress) by disconnecting from your dashboard

To exercise any of these rights, contact us at support@quickstore.app.

8. Cookies and Local Storage

We use browser local storage to maintain your authentication session (access and refresh tokens). We do not use tracking cookies. Third-party services embedded on our site (Tawk.to, Google) may set their own cookies. You can control cookie behavior through your browser settings, but disabling storage may prevent you from logging in.

9. International Data Transfers

Your data may be processed in countries other than your own. Product images are stored on AWS S3 (EU region). Order data is transmitted to AliExpress servers for fulfillment. By using the Service, you consent to these transfers. We ensure appropriate safeguards are in place for cross-border data transfers.

10. Children's Privacy

QuickStore is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected data from a child, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes through a notice on our platform. Continued use of the service after changes take effect constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy, contact us at support@quickstore.app.