Privacy Policy

Last updated: March 15, 2026

1. Introduction

kwtSMS for Shopify ("the App") is operated by kwtSMS ("we", "us", "our"). This privacy policy explains how we collect, use, store, and protect your data when you install and use our Shopify app.

2. Data We Collect

When you install and use the App, we access the following data from your Shopify store:

• Order data (read-only): order number, total amount, currency, line items, fulfillment status, tracking numbers, and tracking URLs. Used to populate SMS template placeholders.
• Customer data (read-only): customer name, phone number, and locale/language preference. Used to send SMS notifications and determine message language.
• Fulfillment data (read-only): shipping carrier, tracking number, and tracking URL. Used for shipment notification SMS.
• Store configuration: your kwtSMS API credentials (encrypted at rest), selected Sender ID, notification preferences, and SMS templates.

3. How We Use Your Data

We use the collected data exclusively to:

• Send SMS notifications to your customers and/or store admins when order events occur (creation, payment, shipping, cancellation).
• Normalize and validate phone numbers before sending SMS.
• Display SMS delivery logs, balance information, and send statistics within the App.
• Authenticate with the kwtSMS gateway on your behalf using your encrypted API credentials.

We do not use your data for marketing, advertising, profiling, or any purpose unrelated to the core SMS notification functionality.

4. Third-Party Data Sharing

To deliver SMS messages, customer phone numbers and message content are transmitted to the kwtSMS gateway (kwtsms.com), which is the SMS delivery provider. This is required for the App to function.

We do not sell, rent, or share your data with any other third party.

5. Data Storage and Security

• All data is stored on our secure server with encrypted database connections.
• kwtSMS API credentials are encrypted using AES-256-GCM before storage. They are never exposed to the browser or logged in plaintext.
• Phone numbers are masked in the UI (e.g., 9659****432) and in logs.
• All webhook payloads from Shopify are verified using HMAC-SHA256 to prevent tampering.
• All communication between the App and Shopify, and between the App and kwtSMS, uses HTTPS/TLS encryption.

6. Data Retention

• SMS logs are retained for 90 days, then automatically deleted.
• SMS templates and settings are retained for as long as the App is installed on your store.
• kwtSMS credentials are deleted immediately when you disconnect your gateway account or uninstall the App.
• When you uninstall the App, all your data (credentials, settings, templates, and logs) is permanently deleted from our server.

7. GDPR Compliance

The App implements all three mandatory Shopify GDPR/privacy webhooks:

• Customer data request: when a customer requests their data, we provide all SMS logs and stored information associated with their phone number.
• Customer data erasure: when a customer requests deletion, we permanently remove all SMS logs and data associated with their phone number.
• Shop data erasure: when a store owner requests deletion, we permanently remove all data associated with their shop, including credentials, settings, templates, and logs.

8. Your Rights

As a store owner or customer, you have the right to:

• Access: request a copy of all data we store related to your store or phone number.
• Correction: request correction of inaccurate data.
• Deletion: request permanent deletion of your data. Uninstalling the App automatically triggers full data deletion.
• Data portability: request your data in a machine-readable format.

9. Cookies and Tracking

The App does not use cookies, tracking pixels, or analytics tools. The App operates entirely within the Shopify Admin iframe and does not track user behavior.

10. Changes to This Policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated revision date. Continued use of the App after changes constitutes acceptance of the updated policy.

11. Contact

For privacy-related inquiries, data requests, or questions about this policy:

• Website: kwtsms.com
• Email: support@kwtsms.com
• Phone: +965 9022 0322