lock ENCRYPTED & SECURE

Privacy Policy & Disclosures

Transparency is the foundation of our partnership. We are committed to protecting your business data and maintaining the trust you place in GraphiTech’s fulfillment solutions.

1. Introduction

This Privacy Policy describes how GraphiTech Solutions Inc. (“we”, “our”, “us”) collects, uses, discloses, and protects personal information in connection with our products and services, including but not limited to Temply and Bakeflow (collectively, the “Services”).

We are committed to handling personal information in accordance with applicable privacy laws, including:

  • gavel Privacy Act 1988 (Cth)
  • security GDPR (EU)
  • verified_user CCPA (US)

2. Scope of this Policy

This Policy applies to:

  • storefront Merchants using our Services
  • group End customers of merchants
  • language Website visitors & prospects

6. Data Ownership and Control

  • account_balance
    Merchant Ownership:

    Merchants retain full ownership of their data.

  • settings_suggest
    Processing Role:

    We act as a data processor, not a data controller, for merchant customer data.

3. Information We Collect

person_add 3.1 Provided by Merchants

Account details (name, email, business details) and store configuration/operational settings.

hub 3.2 Processed for Merchants

Customer names, contact details, transaction info, and delivery/fulfilment data.

terminal 3.3 Automatically Collected Information

Device/browser information, log data, usage analytics, IP addresses, and session identifiers.

4. Purpose of Processing

  • check_circle Provide and maintain Services
  • check_circle Enable fulfilment workflows
  • check_circle Improve functionality & performance
  • check_circle Security & fraud prevention
  • check_circle Comply with legal obligations

5. Legal Basis (GDPR)

Where applicable, we rely on:

Contractual necessity Legitimate interests Legal obligations Consent

7. Data Sharing & 8. Transfers

7.1 No Sale of Personal Data

check_circle

We do not sell personal data under any circumstances.

7.2 Subprocessors

We share data with authorised providers including GCP, Postmark, and internal systems like Bakeflow.

Contractually bound to confidentiality and strict security controls.

8. International Transfers

Data may be processed in the United States. We implement safeguards like Standard Contractual Clauses (SCCs).

9. Data Retention

We retain data only for as long as necessary to provide Services and comply with law.

Merchant data is deleted/anonymised post-termination. Shopify data follows platform requirements.

10. Security Measures

  • lock Encryption at rest (AES-256)
  • sync_alt Encryption in transit (TLS 1.3)
  • verified Access controls & monitoring

11. Data Rights & 12. Shopify

11. Data Subject Rights

Rights to access, correction, deletion, restriction, and portability. Requests should be directed to the merchant (controller).

12. Shopify-Specific

We process data in accordance with Shopify’s API requirements and comply with all redaction/deletion webhooks.

13. Cookies

We use cookies to maintain sessions and improve user experience.

14. Children

Services are not intended for individuals under 16.

15. Changes

Updates will be communicated via website or email.