NOVA POST + GIMMICK.IN
Strategic Integration Partnership
for CZ/SK E-commerce
for CZ/SK E-commerce
Bridging the gap between Nova Post and 80,000+
Czech & Slovak e-shops
Czech & Slovak e-shops
Gimmick.in spol. s r.o. | Biatec.cz | 2026
1
Demonstration
2
Who we are (Gimmick.in spol. s r.o.)
Your Strategic Gateway to CZ/SK E-commerce
Technology House
- Czech-based technology company: ID/ICO: 28915119, VAT: CZ28915119, since 2009. For each solution we connect professionals with proven skills in technologies, banking, e-commerce, accounting, KYC, AML, compliance
Local Expertise
- Years of experience with local and international platforms (Magento, Shoptet), regulations (SK/CZ/EU), and business practices thanks to own e-commerce products and solutions
Data Transformation Specialists
- We don't just connect systems — we translate business needs into technical reality
- Expert at converting messy real-world data into clean, structured formats
3
Proven Resilience & Scale
We Handle Complexity at Scale
Sametic.cz
- B2C e-shop since 2012
- Experience with Magento, Shoptet, many payment and delivery methods
- Already exported to 50+ countries
- Proof: Deep knowledge of Czech and Slovak e-commerce
Rychlejsie.sk
- Mission-critical system for COVID-19 testing management
- 750,000+ processed records for the City of Bratislava, AAA auto and other cities and companies
- Massive data spikes handled with highest uptime thanks to MS Azure
- Proof: We deliver when failure is not an option
Biatec.cz
- B2B SAAS since 2014
- Seamless conversion of e-commerce data into accounting systems
- 40+ input formats supported
- Hundreds of active clients across CZ/SK
- Proof: We are experts at transforming messy data into clean formats
Garix.eu
- Automated sanction checks: UN, US, EU lists
- Compliance-grade data processing
- Understanding of legal & security requirements for international shipping
- Proof: We know the regulatory landscape
4
Nova Post - Shoptet Connector by Biatec
Bridging the Gap Between Nova Post and 80,000+ E-shops
Zero Integration Barrier
- Chrome Extension lets merchants ship with Nova Post instantly
- No Shoptet API subscription, no complex implementation
- Install extension → auto-setup wizard → ship in minutes
The "Clean Data" Engine
- Automatic data validation before reaching Nova Post API
- Optional (see roadmap): Phone formatting, weight normalization, COD parsing
- Country code mapping (CZ, SK, PL, HU, DE, AT, UA)
Checkout Widget
- Official Nova Post branch picker embedded in checkout
- Customer selects branch → data flows to merchant admin
- Works across all checkout steps with smart state management
Unified Platform
- One tool for Shoptet today, extensible to other platforms
- Platform-agnostic backend — only thin frontend adapters needed
- Roadmap: WooCommerce, PrestaShop, and more
5
Why Partner with Us?
More Than Just an Integrator — A Growth Partner
Immediate Market Penetration
We remove the technical friction that stops small and medium e-shops from switching to Nova Post.
We remove the technical friction that stops small and medium e-shops from switching to Nova Post.
Value-Added Knowledge
We provide the "know-how" on connecting local workflows (accounting, invoicing, local habits) to your global logistics.
We provide the "know-how" on connecting local workflows (accounting, invoicing, local habits) to your global logistics.
Built-in Marketing Channel
We can directly introduce Nova Post to our hundreds of existing Biatec.cz clients who already need better logistics.
We can directly introduce Nova Post to our hundreds of existing Biatec.cz clients who already need better logistics.
Local Agility
Shoptet changes their code? We update the connector the same day. No corporate delays.
Shoptet changes their code? We update the connector the same day. No corporate delays.
CZ/SK Expertise
We understand Czech and Slovak e-commerce regulations, payment methods, and customer expectations.
We understand Czech and Slovak e-commerce regulations, payment methods, and customer expectations.
Steps to Cooperation
Next Steps Towards a Strategic Partnership
1
Official Integrator
Conditional confirming Gimmick.in as the official integration partner for Nova Post in the CZ/SK region in case Chrome extension will be approved and installable from Chrome extensions.
2
Solution Verification
Validation of the solution after Extension approved in Chrome by Nova Post.
3
Pilot Phase
Starting a pilot phase with selected high-volume Shoptet merchants to prove the value.
4
Production
Implement the internal Nova Post process with connection of Nova Post clients to Gimmick.in.
7
Technical Architecture
A Complete, Production-Ready Integration Stack
Checkout Widget — Customer-facing
- Lightweight JS injected into Shoptet storefront
- Official Nova Post branch picker (iframe)
- Saves selection in machine-readable format
- Works across all checkout steps
- Country auto-detection (CZ, SK, PL, HU…)
Chrome Extension — Merchant-facing
- Enriches Shoptet admin with "Nova Post" column
- One-click shipment creation
- Bulk label download with PDF merging
- Auto-extracts order data (name, phone, COD)
- No Shoptet API subscription needed
Backend API — Infrastructure
- Node.js + PostgreSQL
- JWT authentication & multi-tenant isolation
- Nova Post API integration (create, track, label)
- Data validation & transformation layer
- Project verification & ownership system
8
The Data Flow
From Cart to Label — Every Step Automated
1
Customer Checkout
Customer selects Nova Post branch in checkout widget. Branch ID saved to order.
2
Merchant Admin
Extension detects Nova Post orders, extracts recipient details automatically.
3
Create Shipment
One click → data validated → Nova Post API called → tracking number returned.
4
Download Label
PDF label retrieved from Nova Post. Bulk merge for multiple shipments.
5
Track & Deliver
Status refreshed from Nova Post API. Full lifecycle visibility.
Data Validation Layer
- Phone numbers: extraction & formatting
- Weight: normalization (min 1 kg enforced)
- COD amounts: parsed from local currency formats
- Country codes: CZ, SK, PL, HU, DE, AT, UA mapping
- Branch fallback: automatic retry with alternative
- Address validation: format check before API call
- All errors caught before reaching Nova Post API
- Result: Higher success rate, fewer failed shipments
9
Technical Advantages
Why This Approach Wins
⚠ No native Shoptet module
→
Chrome Extension bypasses the need entirely
⚠ Merchants lack technical skills
→
Zero-code setup: install extension, widget auto-installs
⚠ Data quality crashes shipments
→
Pre-validation catches errors before Nova Post API
⚠ Each platform is different
→
Platform-agnostic backend, only frontend adapts
⚠ Need for bulk operations
→
Bulk creation + merged PDF labels in one click
Built for Scale: Multi-tenant isolation | JWT security | Project token auth | Failed shipment retry | Auto status refresh
10
Onboarding — E-shop Admin
From Zero to Shipping — Same Day Setup
1
Register & Configure
Create account on dashboard, enter Nova Post API key and sender details
5 min
→
2
Install Extension
Install Chrome Extension, follow the instructions to verify and insert widget
2 min
→
3
Auto-Setup
Extension auto-detects store, installs widget, and verifies — no manual work
1 min
→
4
Done!
Widget live in checkout, start creating shipments immediately
same day
No coding skills needed · No server setup · No Shoptet API subscription
10b
Onboarding — Operator
Warehouse Staff — No Registration Needed
1
Get Access Code
E-shop admin generates an access code in dashboard and shares it
1 min
→
2
Install & Connect
Install Chrome Extension, enter access code — no account needed
2 min
→
3
Done!
Operator can create shipments and print labels right away
same day
No registration
No email, no password
Delegated access
Admin controls who has access
Revokable
Admin can disable code anytime
11
Daily Usage Flow
How the Merchant Works With Nova Post Every Day
Customer
Shop Owner
Biatec Connector
Nova Post
Picks Nova Post branch in checkout widget
Places order (branch ID saved)
Opens Shoptet admin — sees Nova Post orders
Clicks "Create Shipment"
Validates data, formats address & phone
Sends shipment request →
Creates shipment, returns tracking #
Clicks "Print Label"
Fetches PDF →
Returns label PDF
Auto-refreshes status →
Returns tracking data
12
Architecture
Integration Overview — Browser Layer + Server Layer
13
Roadmap
From Shoptet to the Entire CZ/SK Market
Phase 1 — NOW
Shoptet Chrome Extension
Live and production-ready. Auto-install wizard, operator access codes.
Phase 2
Customs Automation
HS code mapping, CN22/CN23 form generation for cross-border shipments.
Phase 3
Additional Platforms
WooCommerce and PrestaShop connectors using the same backend.
Phase 4
Advanced Features
• Biatec.cz: COD Transactions for your customer's accounting directly from the Shoptet.
• Garix.eu: Sanction list check as integrated and exclusive advantage for Nova Post clients.
The platform-agnostic backend means each new platform is only a thin frontend layer away.
14
Plan B — What If Google Rejects the Extension?
Three-Tier Contingency Strategy
Tier 1 — Adapt & Resubmit
- Adjust to Google's specific feedback
- No widget injection, admin-only data ops
- Proven, approvable pattern (see below)
Tier 2 — Dashboard CSV/XML Import
- Export orders → upload to dashboard
- No extension, no API fees, any browser
- Limit: tracking numbers can't sync back — manual entry
Tier 3 — Full Shoptet API
- Server-to-server, maximum stability
- Unlocks customs automation (HS codes)
- Rejection accelerates the roadmap, not kills it
Proven Precedents — Google-Approved Extensions Doing What We Do
| Feature | Ali2Woo | DSers (80k+ installs) | WooCommerce AliExpress | Biatec Connectura |
|---|---|---|---|---|
| Purpose | AliExpress → WooCommerce product import & fulfillment | AliExpress → Shopify/Woo product import & order sync | Bulk product import from AliExpress to WooCommerce | Shoptet → Nova Post shipment creation & tracking |
| Injects UI | "Add to store" button on AliExpress | "Add to DSers" button on AliExpress | Import controls on product pages | Nova Post column in Shoptet admin |
| Reads DOM data | Products, prices, variants | Product details, shipping options | Products, images, categories | Order name, address, phone |
| Sends via API | To WooCommerce store | To DSers → Shopify/Woo | To WordPress/WooCommerce | To Biatec → Nova Post |
| Syncs data back | Fulfillment status | Tracking numbers | Stock & order status | Tracking number → Shoptet |
| Chrome Web Store | Approved | Approved | Approved | Pending submission |
Our extension follows the identical technical pattern as established, Google-approved e-commerce extensions with tens of thousands of users.
15
Plan B — Shipment Management Outside Shoptet Using API
Less Data, More Automation, Better Compliance
How It Works
- Shoptet API → read order in real time → send to Nova Post → store only tracking number
- No need to store recipient address, phone, or email — fetched on demand
- Server-to-server — no browser extension needed
Customs Automation
- Product data from Shoptet API → automatic HS code classification (TARIC database + AI)
- CN22/CN23 customs declaration generated automatically
- HS code mapping shared across merchants (anonymized SKU → HS code database)
Print Bundle
- Invoice — fetched directly from Shoptet API (PDF)
- Customs declaration — generated by Biatec (CN22/CN23)
- Shipping label — from Nova Post API
- All three printed together in one click
| What We Store | What We Don't Store | GDPR Benefit |
|---|---|---|
| Order ID + tracking number | Recipient name, address, phone, email | Minimal data footprint |
| Shipment status | Order contents, prices | No personal data at rest |
| HS code mappings (anonymized SKU → code) | Invoices — fetched live from Shoptet | Nothing to breach |
16
DOM Stability & Response Times
Two Independent Layers — Different Risk Profiles
| FE — Checkout Widget | Admin — Extension | |
|---|---|---|
| Who sees it | End customer | Merchant only |
| Complexity | Simple — 150 lines of code | Complex — 1,100 lines of code |
| Depends on | Shipping radio buttons, remark field | Order table structure, detail page HTML |
| If it breaks | Customer can't pick branch, but order still goes through | Merchant exports orders → imports on Biatec dashboard → processes → saves PDF |
| Fix estimate | 2–4 hours | 4 hours — 3 days |
Detection
- Sentry error tracking — real-time alerts when something breaks
- Automated smoke tests — daily DOM structure check
Resilience
- Text-based selectors — resilient to CSS/class changes
- FE and Admin are fully independent — one can break without affecting the other
Why It's Not a Showstopper
- Customers never see admin-side issues
- Fallback: export orders → Biatec dashboard → process → PDF
- Same model as Ali2Woo & DSers — years of stable operation
- API integration (Phase 3) eliminates DOM dependency entirely
The extension is a convenience layer, not a single point of failure.
17
Privacy & Checkout Data
What We Access, What We Don't
| FE — Checkout Widget | Admin — Extension | |
|---|---|---|
| Reads | Shipping method ID, delivery country | Order name, phone, email, address |
| Writes | Branch selection → remark field | Tracking number → Shoptet order |
| Sends to server | Nothing — all stays in browser (localStorage) | Order data via HTTPS → Biatec → Nova Post API |
| Receives from server | — | Tracking number, shipment status, PDF label from Nova Post |
| Payment data | No access — payment on external gateway | No access |
Customer Data
- Widget never sends customer data to our servers
- Branch selection stored only in browser localStorage
Merchant Data
- Extension only processes data the merchant already has full access to
- All transfers over HTTPS
Never Collected
- Card numbers, CVV, payment credentials
- Passwords or login tokens
- Personal documents or IDs
18
Data Reliability & Order Safety
Read-Only Approach — Orders Are Never at Risk
1. Read
- Extension reads order from Shoptet
- Read-only — never modifies the original order
- Branch ID stored in remark field at checkout — editable by admin if customer requests a change
2. Send
- Data sent to Nova Post API via HTTPS
- Clear success/fail response per order
- Each order processed individually — one failure doesn't block others
3. Confirm
- Tracking number written back only after Nova Post confirms
- Shipment stored in DB only on success
- If anything fails → Retry button, no data lost
| Safety Guarantee | If Something Goes Wrong |
|---|---|
| Orders are never deleted in Shoptet — only tracking number is written back | Extension shows clear error message per order |
| Failed shipments can always be retried — zero data loss | Merchant clicks Retry or creates shipment manually |
| Duplicate protection — same order won't be shipped twice (unless admin requests a new shipment) | Internet glitch mid-request → order stays in Shoptet, ready to retry |
| All communication over HTTPS — encrypted in transit | Original order in Shoptet is always intact |
19
GDPR & Data Storage
What We Store, Where, and Why
| Data Category | What We Store | Retention |
|---|---|---|
| Merchant account | Login, email, name, company, address, tax ID, password (bcrypt hash) | Until account deletion |
| Project config | Shoptet ID, shop URL, sender address, Nova Post API key (encrypted at rest in production) | Until project removal |
| Shipments | Recipient name, phone, email, address, branch ID, tracking number, status | 12 months, then anonymized |
| Customer checkout | Branch selection in browser localStorage only — never sent to our server | Browser session |
| Never stored | Payment data, card numbers, passwords in plain text | — |
Infrastructure
- Hetzner — ISO 27001 certified, EU (Germany/Finland)
- PostgreSQL with encrypted connections
- All API communication over HTTPS
Legal Roles
- Merchant = Data Controller
- Biatec = Data Processor (DPA provided)
- Nova Post = Carrier — receives only shipping data
Compliance
- Right to erasure — data deletion on request
- Data minimization — we only store what shipping requires
- No cross-merchant data sharing
20
Security & Token Architecture
How We Keep Tokens Safe
Authentication
- Admin JWT — login/password, full project access, 30-day expiry
- Operator token — access code, single-project scope, no credentials needed
- Two roles, least-privilege principle
Token Isolation
- Stored in
chrome.storage.local— sandboxed by Chrome - API calls via background service worker — isolated process
- Web pages cannot access extension storage
Transport Security
- All communication over HTTPS
- Tokens never exposed to page DOM
- No tokens in URLs or query strings
| Attack Vector | Protection |
|---|---|
| Malicious script on Shoptet page | Cannot access chrome.storage — sandboxed by Chrome architecture |
| Other browser extensions | Cannot read another extension's storage — Chrome enforces strict isolation |
| Network interception (MITM) | HTTPS encryption on all API calls — tokens encrypted in transit |
| Token theft from device | 30-day JWT expiry, operator tokens scoped to single project — limited blast radius |
21
Support & Monitoring
How We Know When Something Goes Wrong
Error Tracking
- Sentry integration in extension & backend
- Real-time alerts when errors spike
- Full stack trace — pinpoints exact line of failure
Proactive Monitoring
- Automated smoke tests — daily DOM structure check on Shoptet
- Uptime monitoring — API health check every 5 minutes
- Nova Post widget versioning — monitor for new versions, verify compatibility on each update
Merchant-Side Visibility
- Extension shows clear status per order (success / error / retry)
- Version check — extension notifies merchant of available updates
- Setup wizard validates configuration step by step
| Layer | Tool | Detection Time | Response |
|---|---|---|---|
| Backend API | Uptime monitor + Sentry | Minutes | Auto-alert → immediate investigation |
| Extension (Admin) | Sentry error tracking | Minutes | Error report with context → targeted fix |
| Widget (Checkout) | Sentry + smoke test | Hours (daily check) | DOM change detected → fix deployed same day |
| Shoptet DOM change | Automated smoke test | Within 24 hours | Proactive fix before merchants notice |
22
Platform Compliance & Shoptet Relationship
Using Standard Platform Features, Not Workarounds
Current Approach
- Widget uses Shoptet's built-in HTML code feature — official, documented functionality
- Same mechanism used by Google Analytics, Hotjar, chat widgets, and hundreds of integrations
- Merchant controls their own admin — extension is a browser-side productivity tool
Risk Mitigation
- Official Shoptet API integration path available — zero platform friction
- Extension is a convenience layer, not a dependency
- If Shoptet changes policy, merchant switches to API-based flow — no service interruption
Nova Post Protection
- Biatec is the integration partner — not Nova Post
- All legal and technical responsibility sits with Biatec
- Nova Post's brand and reputation are never at risk
| Concern | Our Position |
|---|---|
| Bypassing Shoptet's marketplace? | We use the same HTML code injection that Shoptet provides to all merchants — it's a standard feature, not a bypass |
| What if Shoptet sends a C&D? | Biatec absorbs any legal responsibility. Migration to official Shoptet API is ready as a fallback — seamless transition |
| Could this damage Nova Post? | Nova Post is the carrier, not the integrator. Biatec is the contractual partner — Nova Post's brand stays clean |
| Long-term sustainability? | API integration (Phase 3) eliminates any platform dependency — the extension is a fast-start tool, not the endgame |
Key message: We don't bypass Shoptet — we use standard platform features available to every merchant.
Key message: We don't depend on any single channel — we have alternative solutions ready for any scenario.
23
What If Shoptet Blocks Our Integration?
Contingency Plan for Every Technical Restriction
| Scenario | Likelihood | Impact | Our Response |
|---|---|---|---|
| Shoptet blocks our domain | Low — Shoptet would have to target us specifically | Checkout widget stops loading | Negotiate with Shoptet. Ask merchants to request Shoptet to allow the widget. |
| Shoptet adds strict CSP | Very low — would break Google Analytics, Hotjar, and thousands of eshops | External scripts & iframes blocked on checkout — branch picker won't load | Disable branch delivery, keep address-only. Or: link to external branch picker, customer enters branch ID manually. Merchants lobby Shoptet to whitelist Nova Post widget. |
| Shoptet removes HTML code feature | Very low — core feature used by majority of merchants | No place to inject widget loader | Extension injects widget directly — or switch to API integration |
| Shoptet blocks extension entirely | Near zero — technically impossible without blocking all Chrome extensions | Admin extension cannot modify pages | Dashboard CSV import (Tier 2) + API integration (Tier 3) — fully independent of Shoptet frontend |
CSP Workarounds
- Admin extension still works — Chrome extensions bypass CSP for DOM access
- Checkout: fallback to address-only delivery or external branch picker link
- Merchants request Shoptet to whitelist Nova Post widget domain
Domain Independence
- Widget is a static JS file — can be hosted on any domain or CDN
- Domain switch requires only updating the loader snippet — no code changes
Nuclear Option
- If all browser-side approaches fail, API integration runs entirely server-to-server
- Shoptet has zero control over what happens outside their platform
- Near-zero risk that Shoptet would block the checkout branch picker widget — it would hurt their own merchants
24
Plan A vs Plan B — Summary
Both plans use the checkout widget for branch selection on the frontend
Plan A — Chrome Extension
Advantages:
- Proven solution — validated in MVP
- Everything in one place — merchant stays in Shoptet admin
- No paid API required
Disadvantages:
- Sensitive to Shoptet DOM changes (1–2x per year)
- Requires Google Chrome Web Store approval (~2 weeks from finalization)
- PDFs not stored in Shoptet
- No customs declaration support
Typical Client:
- Low-volume Nova Post shipments
- Small / medium eshop without Shoptet API
Plan B — Biatec Dashboard + Shoptet & Nova Post API
Advantages:
- Standard API integration — robust and maintainable
- Resilient to Shoptet DOM changes
- No Google approval needed
- Faster deployment for first clients (~5 days)
- Optional: temporary PDF storage for labels & customs documents
- Extensible: customs declarations, automated HS code suggestions
Disadvantages:
- Merchant uses a separate application for shipments
- Requires paid Shoptet API
Typical Client:
- Higher-volume Nova Post shipments
- Larger eshop with Shoptet API
- Tariff: Shoptet Premium, from 12 000 CZK / month
Available in Both Plans
- Garix.eu sanction list check
- COD transaction exports for accounting software (SK & CZ)