Privacy Policy
Effective date: 9 July 2026
Docufacture ("we", "us") is a Shopify application operated by Northgate Systems LLC, a Wyoming limited liability company. This policy describes what data we process when a merchant installs Docufacture, why, and how it is protected.
What we process, and why
Merchant data: your shop domain, contact email, company details you enter (name, address, VAT ID), and app settings. Used to operate the app, generate legally compliant documents, and provide support.
Order and customer data: when an order is placed in your store, we receive order details and the customer information required to produce an invoice: name, billing/shipping address, email, line items, prices, taxes, and VAT ID where provided. This is the minimum data legally required on an invoice. We use it solely to generate, store, and deliver invoice documents on your behalf. We do not use customer data for advertising, profiling, enrichment, or any purpose other than document generation and delivery.
What we store, and for how long
- Generated documents (invoices, credit notes, packing slips) and the data snapshot inside them are stored immutably, because invoices are legal records. They are retained while your account is active so you can re-download them at any time.
- Bulk print batch files are deleted automatically 30 days after creation.
- If you uninstall Docufacture, shop data is deleted within 30 days in response to Shopify's redaction webhooks. Where documents constitute legal records the merchant is obligated to retain, we make them available for export before deletion.
- We honor Shopify's GDPR webhooks: customers/data_request, customers/redact, and shop/redact.
Where data lives
All application data is stored and processed in the European Union: application hosting, databases, and document storage in the EU (Railway, Amsterdam region). Transactional email is delivered via Resend (EU region, Ireland).
Subprocessors
| Subprocessor | Purpose | Region |
|---|---|---|
| Railway | Application hosting, database & document storage | EU (Amsterdam) |
| Cloudflare | DNS & CDN | EU |
| Resend | Transactional email delivery | EU (Ireland) |
Security
Data in transit is encrypted (TLS). Documents are stored in access-controlled, non-public storage; download links require an authenticated Shopify admin session. We do not sell data. We do not run analytics on customer personal data.
Your rights & contact
Merchants and their customers may request access, correction, or deletion of personal data, subject to legal retention duties for invoice records. Contact: privacy@docufacture.com. If you are a customer of a store using Docufacture, your primary contact is the store (the data controller); we act as their processor and will assist them in fulfilling your request.
Changes to this policy will be posted at this URL with an updated effective date.