Legal
Terms & Conditions
1. Acceptance of Terms
By installing or using the App on Shopify, you agree to these Terms & Conditions. If you do not agree, do not install or use the App.
2. Description of Service
The App provides:
- Resale workflow management
- Shipping rate calculation
- Shipping label generation
- Tracking updates
- Wallet-based prepaid shipping balance (if applicable)
- Draft order generation for shipping fees
We reserve the right to modify or discontinue features.
3. Shipping Fees & Label Generation
Shipping labels may be purchased via Shippo or integrated carriers. Shipping costs may be deducted from merchant wallet balance (if applicable). Rates are based on carrier pricing and may change. We are not responsible for carrier delays, losses, or service failures.
4. Wallet & Prepaid Balance (If Applicable)
If the App includes a prepaid wallet system:
- Funds added to the wallet are non-refundable except where required by law.
- Labels cannot be generated without sufficient balance.
- We may suspend shipping functionality if balance is insufficient.
- Wallet balances are not bank accounts and do not accrue interest.
5. Billing
Subscription and app charges are processed via Shopify. Usage charges (if applicable) are billed according to Shopify's billing cycle. Uninstalling the App may terminate active subscriptions immediately. Merchant is responsible for all outstanding charges incurred before uninstall.
6. Merchant Responsibilities
Merchant agrees to provide accurate shipment information, comply with carrier rules and restrictions, not misuse the App for fraudulent shipping, ensure products comply with applicable laws, and handle customer disputes appropriately.
7. Returns & Rejected Shipments
Unless otherwise specified, shipping costs are non-refundable. If a shipment is rejected or returned, additional shipping charges may apply. Customer is responsible for return shipping costs unless agreed otherwise.
8. Limitation of Liability
To the maximum extent permitted by law: we are not liable for indirect, incidental, or consequential damages; our total liability shall not exceed the amount paid to us in the preceding 3 months; and we are not responsible for carrier performance.
9. Indemnification
Merchant agrees to indemnify and hold harmless QUANTIC EC from claims arising out of improper use of the App, incorrect shipment data, violation of laws, and customer disputes.
10. Termination
We may suspend or terminate access if merchant violates these Terms, fraud or abuse is detected, or as required by law. Upon termination, access to the App will cease.
11. Contact Information
QUANTIC EC
Email:
support@resello.uz
Postal Address: Tashkent, Uzbekistan (full registered address available on request).
Privacy Policy
1. Introduction
This Privacy Policy describes how QUANTIC EC (“we”, “us”, “our”) collects, uses, and protects information when merchants install and use our Shopify application (the “App”). The App is designed to facilitate resale workflows, shipping label generation, tracking updates, and related services for merchants using Shopify.
QUANTIC EC is established in Uzbekistan and is not based in the European Economic Area (EEA), United Kingdom, or Switzerland. Personal data processed by the App is therefore transferred to and processed outside the EEA. Where required, we rely on Standard Contractual Clauses (SCCs) and other lawful transfer mechanisms as set out in Section 9 and in our Data Processing Addendum .
2. Information We Collect
2.1 Merchant Information
When you install the App, we may collect:
- Store name, store domain, Shopify store ID
- Merchant contact email
- Subscription and billing information (via Shopify)
- App usage data
- Wallet balance and transaction records (if applicable)
We do not collect your Shopify password.
2.2 Customer & Order Information
To provide shipping and resale functionality, we may process:
- Customer name
- Shipping address
- Email address
- Phone number (if provided)
- Order details and product information
- Tracking numbers and shipment status updates
This information is processed strictly for operational purposes.
2.3 Carrier & Shipping Data
If shipping labels are generated via Shippo or other carrier integrations, we may process shipment origin and destination, package dimensions and weight, carrier rates, and tracking events.
2.4 Cookies and Similar Technologies
The App's embedded admin surface may use strictly necessary cookies, session tokens, and local/session storage to authenticate merchants via Shopify's session token flow and to maintain UI state. We do not use third-party advertising or cross-site tracking cookies. Merchants may control cookies through their browser settings; disabling strictly necessary cookies may prevent the App from functioning.
3. How We Use Information
We use collected information to:
- Provide resale workflow functionality
- Generate shipping labels and calculate shipping rates
- Update shipment tracking status
- Manage merchant wallet balances
- Process billing via Shopify
- Improve app performance and reliability
- Provide customer support
- Prevent fraud or abuse
We do not sell or share personal data for cross-context behavioral advertising, and we do not use personal data for marketing or interest-based targeting.
4. Legal Basis for Processing
We process data on the following legal bases: performance of our contractual obligations (GDPR Art. 6(1)(b)); compliance with legal obligations (Art. 6(1)(c)); legitimate business interests such as security, fraud prevention, and analytics (Art. 6(1)(f)); and consent where required (Art. 6(1)(a)). Where processing is based on consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing carried out before withdrawal.
5. Data Sharing
We may share data with Shopify (as required for app functionality), Shippo (for shipping label and tracking services), payment processors used by Shopify, and hosting providers and infrastructure partners. We do not sell or rent personal data.
6. Data Retention and Shopify-Mandated Data Requests
We retain data for as long as the App is installed, as required for legal or accounting purposes, and as necessary to resolve disputes.
In accordance with Shopify's Partner Program requirements, the App subscribes to and honors the following mandatory GDPR compliance webhooks:
- customers/data_request — upon receipt, we provide the merchant with the personal data we hold about the identified customer within 30 days.
- customers/redact — we erase or anonymize the identified customer's personal data within 30 days of receipt, unless retention is legally required.
- shop/redact — issued 48 hours after a merchant uninstalls the App; upon receipt we erase or anonymize all personal data associated with the shop within 30 days, unless retention is legally required.
Outside of these webhooks, upon app uninstallation we will delete or anonymize data within a reasonable timeframe unless legally required to retain it.
7. Security
We implement industry-standard security measures including secure API authentication, encrypted data transmission (HTTPS/TLS), and restricted internal access controls. However, no system is 100% secure.
8. Merchant Responsibilities
Merchants are responsible for ensuring they have a lawful basis to share customer data with us, maintaining compliance with applicable data protection laws, and informing customers about third-party processing.
9. International Data Transfers
As QUANTIC EC is established in Uzbekistan, personal data originating from the EEA, UK, or Switzerland is transferred outside those regions. Where such transfers occur, we rely on Standard Contractual Clauses (SCCs) adopted by the European Commission or other lawful transfer mechanisms, and we implement supplementary technical and organizational measures where appropriate.
10. Your Rights
Depending on jurisdiction, you may have rights to access your data, correct inaccurate data, request deletion (“right to be forgotten”), restrict processing, object to processing, data portability, withdraw consent at any time, and lodge a complaint with a supervisory authority.
California residents: Under the CCPA/CPRA you additionally have the right to know the categories of personal information collected, the right to delete, the right to correct, the right to opt out of sale or sharing (we do not sell or share personal information as defined by the CCPA), and the right to limit use of sensitive personal information (we do not use sensitive PI for purposes requiring such a limit).
To exercise any of these rights, contact us at support@resello.uz .
11. Children's Privacy
The App is intended for use by Shopify merchants and is not directed at children under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected such data, we will delete it promptly.
12. Data Protection Contact, EU Representative, and Supervisory Authority
Privacy Contact:
support@resello.uz
Postal Address:
QUANTIC EC, Tashkent, Uzbekistan (full registered address available on request from support@resello.uz).
QUANTIC EC has assessed its processing activities and has determined that appointment of a formal Data Protection Officer (DPO) is not mandatory under GDPR Art. 37 or comparable laws. A Privacy Contact is nevertheless designated above and is responsible for handling data protection inquiries.
EU/UK Representative (GDPR Art. 27 / UK GDPR): where required, QUANTIC EC will designate a representative in the EU and/or UK. Merchants and data subjects in those jurisdictions may contact support@resello.uz to obtain current representative details.
13. Changes to This Policy
We may update this Privacy Policy periodically. Where changes are material, we will notify merchants through the App, the Shopify App Store listing, or by email to the registered merchant contact address before the changes take effect. Continued use of the App after the effective date of any update constitutes acceptance of the revised Policy.
Data Processing Addendum (DPA)
This Data Processing Addendum (“DPA”) forms part of the Terms & Conditions between QUANTIC EC (“Processor”) and the Merchant (“Controller”) who installs and uses the App via Shopify. This DPA applies where personal data is processed subject to Regulation (EU) 2016/679 (General Data Protection Regulation — “GDPR”), the UK GDPR, or comparable data protection laws.
1. Definitions
Controller means the Merchant using the App. Processor means QUANTIC EC. Data Subject means the Merchant's customers. Personal Data has the meaning set out in Article 4 of GDPR. Sub-processor means any third party engaged by Processor to process Personal Data.
2. Scope of Processing
Processor processes Personal Data solely for the purpose of providing the App's services, including shipping label generation, shipping rate calculation, shipment tracking updates, resale workflow management, wallet and billing management, and fraud prevention and service security.
3. Nature and Purpose of Processing
Nature: Collection, storage, transmission, organization, and deletion of personal data. Purpose: To enable resale and shipping functionality within the Merchant's Shopify store.
4. Categories of Data
Processor may process customer name, shipping address, email address, phone number (if provided), order details, tracking numbers, and shipment status data. Processor does not intentionally process special categories of personal data under Article 9 GDPR.
5. Duration of Processing
Processor will process Personal Data for as long as the Merchant uses the App, and for a reasonable retention period required for legal, accounting, or dispute resolution purposes. Upon uninstall of the App, Personal Data will be deleted or anonymized within a reasonable period unless retention is legally required, and in any event consistent with the Shopify-mandated shop/redact webhook (see Section 13).
6. Controller Obligations
The Controller represents and warrants that it has a lawful basis under Article 6 GDPR to process and share Personal Data, that it has provided appropriate privacy notices to Data Subjects, and that it complies with applicable data protection laws.
7. Processor Obligations
Processor shall process Personal Data only on documented instructions from Controller; ensure persons authorized to process data are bound by confidentiality; implement appropriate technical and organizational security measures; assist Controller in fulfilling GDPR obligations (data subject rights, breach notifications); and delete or return Personal Data upon termination of services.
8. Security Measures
Processor implements appropriate technical and organizational measures, including encrypted data transmission (HTTPS/TLS), access controls and authentication mechanisms, role-based internal data access restrictions, secure cloud hosting infrastructure, and monitoring for unauthorized access. Processor regularly reviews and updates security practices.
9. Sub-Processors
Controller authorizes Processor to engage Sub-processors as necessary to provide the services. Current Sub-processors may include:
- Shopify (platform infrastructure)
- Shippo (shipping label & tracking services)
- Cloud hosting providers (e.g., AWS, GCP, or similar)
Processor shall enter into written agreements with Sub-processors, ensure GDPR-compliant obligations are imposed, and remain responsible for Sub-processor compliance. Processor will inform Controller of material changes to Sub-processors where legally required.
10. International Data Transfers
Processor is established in Uzbekistan. Where Personal Data is transferred outside the European Economic Area (EEA), United Kingdom, or Switzerland, Processor shall ensure that Standard Contractual Clauses (SCCs) adopted by the European Commission, the UK International Data Transfer Addendum, or other lawful transfer mechanisms under GDPR / UK GDPR are implemented where required, together with appropriate supplementary measures.
11. Data Subject Rights
Taking into account the nature of processing, Processor shall assist Controller by providing access to Personal Data, supporting correction or deletion requests, supporting restriction or objection requests, and supporting data portability and consent-withdrawal requests. Controller remains responsible for responding to Data Subject requests.
12. Personal Data Breach
Processor shall notify Controller without undue delay, and in any event within 72 hours where feasible, after becoming aware of a Personal Data breach affecting Controller data. Notification will include the nature of the breach, categories of data affected, likely consequences, and measures taken or proposed.
13. Shopify GDPR Compliance Webhooks
Processor subscribes to and honors Shopify's mandatory privacy webhooks on behalf of Controller:
- customers/data_request: Processor provides the Personal Data it holds about the identified Data Subject to Controller within 30 days of receipt.
- customers/redact: Processor erases or anonymizes the identified Data Subject's Personal Data within 30 days of receipt, unless retention is legally required.
- shop/redact: Received 48 hours after uninstallation; Processor erases or anonymizes all Personal Data associated with the shop within 30 days, unless retention is legally required.
14. Audit Rights
Upon reasonable request, Processor shall provide information necessary to demonstrate compliance with this DPA. Audits must be reasonable in scope, must not interfere with operations, and must be subject to confidentiality.
15. Data Protection Contact and EU/UK Representative
Processor's Privacy Contact: support@resello.uz . Processor has assessed its processing activities and has determined that appointment of a formal Data Protection Officer (DPO) under GDPR Art. 37 is not mandatory; the Privacy Contact handles data protection inquiries. Where a representative under GDPR Art. 27 or UK GDPR is required, Processor will designate one and provide current details to Controller upon request.
16. Liability
Each party's liability under this DPA shall be subject to the limitations set out in the main Terms & Conditions, unless prohibited by GDPR.
17. Order of Precedence
In the event of conflict between this DPA and the Terms & Conditions, this DPA shall prevail with respect to data protection matters.