Introduction
VapeTax ("we," "our," or "us") is a BigCommerce application operated by SmokHaus. This Privacy Policy describes how we collect, use, and protect information when you use VapeTax.
Information We Collect
When you install VapeTax on your BigCommerce store, we collect and store the following information:
- Store Information: Your BigCommerce store hash, store name, and store URL, provided during the OAuth installation process.
- API Access Token: A permanent API access token issued by BigCommerce during installation. This token allows VapeTax to access your product catalog and process tax calculations.
- Product Catalog Data: Product names, SKUs, variant information, and prices synced from your BigCommerce catalog for tax calculation purposes.
- Tax Configuration: Tax rules, rates, product classifications, and markup settings that you configure within the app.
- Tax Calculation Records: Order-level tax calculation data including order IDs, shipping states, excise tax amounts, and sales tax amounts committed during checkout.
- Subscription Information: Your subscription plan status and BigCommerce billing subscription ID for managing your VapeTax subscription.
How We Use Your Information
- To calculate excise tax and sales tax at checkout on your BigCommerce store.
- To sync and display your product catalog within the VapeTax dashboard.
- To generate compliance reports and tax history for your records.
- To manage your subscription and billing status.
- To provide customer support when you contact us.
Information Sharing
We do not sell, trade, or rent your information to third parties. We share information only with the following service providers necessary to operate VapeTax:
- Supabase: Database hosting for storing your store data, product catalog, tax rules, and calculation records.
- Cloudflare: Hosting and content delivery for the VapeTax application.
- BigCommerce: We communicate with BigCommerce's APIs to process tax calculations, manage subscriptions, and sync your catalog.
Data Security
We use industry-standard security practices to protect your data, including encrypted connections (HTTPS), secure database access with row-level security policies, and signed session tokens for dashboard access. API access tokens are stored securely and used only for authorized BigCommerce API calls on your behalf.
Data Retention
Your data is retained for as long as VapeTax is installed on your store. If you uninstall VapeTax, your data is retained for 30 days to support reinstallation, after which it is permanently deleted. Tax calculation records are retained for as long as your account is active to support compliance reporting.
Your Rights
You can access, modify, or delete your tax rules, product classifications, and other configurations at any time through the VapeTax dashboard. To request deletion of all your data, uninstall VapeTax from your BigCommerce store or contact us at support@vapetax.io.
Customer Data
VapeTax does not collect or store any of your customers' personal information. Tax calculations are performed using product and shipping address data provided by BigCommerce at checkout. We do not store customer names, email addresses, payment information, or any other personally identifiable customer information.
Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date. Continued use of VapeTax after changes constitutes acceptance of the revised policy.
Contact
For questions about this Privacy Policy or your data, contact us at support@vapetax.io.