Privacy Policy

Last updated: 14 June 2026

Before launch: replace the bracketed details with your registered business information and have this reviewed by a legal professional.

This Privacy Policy explains how [Legal entity name]("EirLink", "we") collects, uses, and protects personal data when you use the EirLink application and website (the "Service"). EirLink connects a merchant's Shopify store to An Post to import orders and generate shipping labels. We are the controller for your account data and a processor for the order and customer data we handle on your behalf.

Who we are

[Legal entity name], [registered address], Ireland. Contact: hello@eirlink.ie.

Data we collect

Account data: your name, business name, email, and a hashed password.
Integration credentials: your An Post eCommHub API key and Shopify access tokens, stored encrypted (AES-256-GCM).
Order & customer data (as processor): recipient name, shipping address, email, phone, and order contents imported from Shopify to create labels.
Usage & technical data: logs, IP address, and timestamps for security and debugging.

How we use data

To provide the Service: importing orders, generating An Post labels, and syncing tracking and fulfilment back to Shopify.
To authenticate you and secure your account, including email verification.
To operate, debug, and improve the Service.

Our legal bases are performance of our contract with you and our legitimate interest in running a secure service. We do not sell personal data or use it for advertising.

Sub-processors

Railway — application hosting and database.
Vercel — web frontend hosting.
Shopify — source of the order and customer data you authorise us to access.
An Post (eCommHub) — carrier that creates the shipping labels.
ZeptoMail (Zoho) — transactional email (verification).

Data retention

We retain account and order data while your account is active. When you disconnect a store or uninstall the app, and on Shopify's mandatory shop/redact and customers/redact requests, we delete or anonymise the associated customer personal data. You may request deletion of your account at any time.

Your rights

Under the GDPR you can access, rectify, erase, restrict, and port your data, and object to processing. Contact hello@eirlink.ie. You may also complain to the Irish Data Protection Commission (dataprotection.ie). For customer data we process on a merchant's behalf, direct requests to that merchant (the controller).

Security

Credentials and access tokens are encrypted at rest and transmitted over TLS. No system is perfectly secure, but we take reasonable measures to protect your data.

International transfers

Where a sub-processor processes data outside the EEA, appropriate safeguards such as Standard Contractual Clauses are relied upon.

Changes

We may update this policy and will revise the date above.

Contact

hello@eirlink.ie

← Back to EirLink