Privacy Policy & Data Security

We power your enterprise. We protect your data. Learn how ShopinoERP secures your sensitive business information and handles the realities of modern digital threats.

1. Our Core Privacy Principles

As an Enterprise Resource Planning (ERP) provider, ShopinoERP acts as the central nervous system for your business. We handle your most sensitive data—including financial records, manufacturing Bill of Materials (BOMs), logistics routes, API credentials for platforms like WooCommerce and Daraz, and your customers' personal details.

Because you trust us with your operational lifeblood, we operate under a strict code of transparency. We only collect what is strictly necessary to run your modules, we never sell your enterprise data, and we treat your customers' data with the exact same rigor as you do.

2. What Information We Collect

  • Enterprise Identity: Company details, tax information, billing data, and authorized user credentials.
  • Operational Data: Inventory counts, supplier information, logistics tracking details, and manufacturing workflows.
  • Financial & Transactional Data: Invoices, ledgers, payment reconciliation data, and localized financial summaries.
  • Third-Party Integrations: API keys, webhooks, and sync data from your connected commerce platforms.
  • System Telemetry: Anonymized usage logs to ensure our infrastructure scales with your transaction volume.

3. How We Secure Your Data

ShopinoERP was engineered from day one for multi-tenant enterprise environments. We deploy defense-in-depth strategies to ensure isolation and security:

  • Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256).
  • Tenant Isolation: Your database environment is logically isolated. Cross-tenant data leakage is structurally prevented at the architecture level.
  • Access Control: We enforce strict Role-Based Access Control (RBAC). Even our own support engineers cannot view your sensitive financial or customer data without your explicit, time-limited approval.
  • Redundancy: Continuous backups distributed across secure geographic zones to prevent data loss.

4. Security Realities in the AI Era & Data Breaches

Let's be candid: in the modern era of AI-driven cyber threats, automated vulnerability scanning, and sophisticated phishing, absolute 100% security is a myth. Any technology provider claiming otherwise is not being honest with you. While our systems are fortified to bank-grade standards, it is crucial to understand how we navigate this reality and what happens if a breach occurs.

We operate on a Zero-Trust mentality and assume our perimeter is always under pressure. In the unlikely event that ShopinoERP experiences a data breach, our incident response protocol prioritizes your operational continuity and transparency:

  1. Immediate Containment: Affected databases, modules, or API endpoints are immediately isolated to halt unauthorized access.
  2. Transparent Notification (Within 72 Hours): We will not hide an incident. You will be notified with a clear breakdown of what happened, exactly which data (if any) was compromised, and the severity of the threat.
  3. Mitigation & Reset: We will proactively invalidate compromised sessions, rotate potentially exposed API keys for your external channels, and work directly with your IT admins to secure your operational flow.
  4. Forensic Evolution: We utilize the incident to train our own security models, patching the vulnerability globally across all ShopinoERP instances.

* Security is a shared responsibility. We strongly advise enabling Multi-Factor Authentication (MFA) for all your staff accounts within ShopinoERP to mitigate credential-stuffing attacks.

5. Your Rights & Compliance

You retain absolute ownership of all data inputted into ShopinoERP. You have the right to:

  • Export your data at any time via standard formats (CSV, JSON, XML).
  • Request complete deletion of your data upon contract termination ("Right to be Forgotten").
  • Audit user access logs and permission histories within your dashboard.

For questions regarding data processing agreements, customized compliance requirements, or to report a security vulnerability, please reach out to our dedicated security team.

Contact Data Protection Officer