SuspireX ("we," "our," or "us") respects your privacy. This Global Privacy Architecture outlines our rigorous protocols for handling Merchant PII, End-Customer shipping data, and Financial Ledger hashes.
1. Data Collection Architecture
Upon provisioning a Merchant Account, we collect your Name, Email, Corporate Address, and VAT/IOSS numbers. We do not collect or store persistent credit card strings, as all capital top-ups are executed via secure, external manual gateways (Wire/JazzCash).
2. API Transmission Metadata
To fulfill orders, our API listener extracts specific data points from your Shopify or WooCommerce node. This is strictly limited to: End-Customer Name, Delivery Address, Phone Vector (for logistics couriers), and the purchased SKU array. We do not extract your customers' payment or browsing histories.
3. Immutable Ledger Financial Data
All wallet debits and credits are recorded on our internal `suspirex_ledger` database. This data is immutable and maintained indefinitely to comply with global anti-money laundering (AML) and corporate taxation laws.
4. Third-Party Fulfillment Nodes
To execute DDP shipping globally, we securely transmit the End-Customer's shipping vector (Name, Address, Phone) to our vetted 3PL logistics partners (e.g., Yanwen, YunExpress, DHL). These partners are contractually bound to utilize this data solely for the purpose of final-mile delivery.
5. EU GDPR & Cross-Border Data
If you process orders for citizens of the European Economic Area (EEA), you act as the Data Controller, and SuspireX acts as the Data Processor. We comply strictly with GDPR protocols regarding data minimization. We only hold EU customer data for the epoch required to guarantee delivery and process standard 30-day return windows.
6. Cookie & Application Tracking
The SuspireX Merchant SPA utilizes secure, HTTP-only session cookies and JWT (JSON Web Tokens) strictly for authentication and state management. We do not deploy third-party advertising trackers inside the logged-in Merchant environment.
7. Data Retention Epochs
End-customer shipping data is obfuscated 180 days after a successful delivery flag is received from the logistics courier. Merchant PII and ledger data are retained for a minimum of 5 years following account closure to satisfy financial auditing requirements.
8. Security & Encryption Standards
All traffic between your store and the SuspireX API is encrypted via TLS 1.3. WooCommerce Consumer Secrets and Shopify Admin Tokens are salted and hashed within our database. In the event of a system breach, plain-text API keys cannot be extracted.
9. Merchant Data Rights
As a registered merchant, you maintain the right to request a complete JSON export of your historical ledger data and active product import lists. You may also request the deletion of your Merchant Node, which will immediately sever all API handshakes and purge your PII, subject to our financial retention epochs.
10. Policy Mutations
SuspireX reserves the right to update this Privacy Architecture. Major structural changes to data handling will be broadcasted to all active merchants via an alert on the Vue Dashboard prior to taking effect.