Privacy Policy – EU Withdrawal Form (Shopify App)

Applies to: The Shopify app "EU Withdrawal Form" (App Store listing).
Last updated: March 2026

1. Data controller

The operator of the app (provider) is responsible for data processing under this app. Contact details and, where applicable, physical address can be found in the Shopify App Store listing for "EU Withdrawal Form" or in the app under settings / legal / the app website imprint.

2. What data is collected?

2.1 Data from merchants (shop owners)

Shop domain (e.g. your-shop.myshopify.com) – for association and technical processing
Settings you configure in the app (e.g. withdrawal period, email notifications, B2B tag, SMTP configuration on Plus)
Session data (OAuth) – for access to the app in Shopify Admin (token, shop identification)
Acceptance of legal texts (e.g. privacy policy, terms of service) including timestamp; IP address and User-Agent may be stored for a limited time (see retention)

This data is collected via Shopify APIs and through your use of the app.

2.2 Data from merchants' customers (end consumers)

The app processes data of customers who submit a withdrawal, on behalf of the merchant:

Email address of the customer
Order reference (order number, order ID where applicable)
Withdrawal details (e.g. reason, selected items for partial withdrawal)
IP address and User-Agent (optional, for a limited time – see retention)
Verification code/token (for email verification), stored in hashed form

This data is entered by the customer in the storefront form or captured technically (IP/User-Agent). The app also uses Shopify APIs (e.g. Orders, Fulfillments) to validate the order and process the withdrawal (cancellation, return).

The app does not use cookies or tracking technologies for end consumers for marketing or tracking. Technically necessary session/token data is used only for form processing and verification.

3. Purpose of processing

Processing withdrawals: Validating the order, calculating the withdrawal period, cancelling unfulfilled orders, creating returns for fulfilled items, sending emails to merchants and customers
Evidence and abuse prevention: IP/User-Agent (legal basis: legitimate interest, Art. 6(1)(f) GDPR)
Contract performance towards the merchant (providing the app, settings, dashboard, Pro/Plus features)
Compliance with legal obligations (e.g. responding to access and erasure requests via Shopify GDPR webhooks)

4. Retention

IP address and User-Agent (WithdrawalRequest, WithdrawalStatusAuditLog): Anonymized no later than 30 days after the withdrawal is completed (completed/rejected status). Automated cleanup job (recommended daily).
IP/User-Agent (LegalAcceptance): Anonymized 90 days after acceptance.
VerificationToken (email verification): Deleted on GDPR webhook customers/redact; otherwise expiry by expiration date.
Webhook logs: Payload cleaned after 30 days; old entries deleted after 90 days.
Withdrawal requests (WithdrawalRequest): Core data (order, email, status, timestamps) is kept for contract performance and the merchant's legal retention obligations; on customers/redact and shop/redact (Shopify GDPR webhooks), personal data is redacted or deleted.

Contract performance (Art. 6(1)(b) GDPR): Providing the app, processing withdrawals on behalf of the merchant.
Legitimate interest (Art. 6(1)(f) GDPR): Storing IP/User-Agent for a limited time (evidence, abuse prevention).
Legal obligation (Art. 6(1)(c) GDPR): Responding to access and erasure requests (GDPR webhooks, data export).

6. Storage location / processing

Processing takes place on servers of the app operator or the commissioned hosting provider. If the operator is established in the EU or uses EU servers, processing is within the EEA. Details can be requested from the app operator (contact see section 1).

7. Data subject rights

Data subjects (e.g. merchants' customers) have the right to:

Access (Art. 15 GDPR) – The app offers merchants an export of withdrawal data stored for a given email address (Privacy section in the app; JSON or CSV format). The merchant can include this export in their response to the data subject.
Rectification (Art. 16 GDPR)
Erasure (Art. 17 GDPR) – The app responds to Shopify GDPR webhooks customers/redact and shop/redact and redacts or deletes the related personal data (including WithdrawalStatusAuditLog).
Complaint to a supervisory authority (Art. 77 GDPR)

Note: Legal responsibility for data processing in the merchant's shop lies with the merchant. The app supports the merchant with technical and documentary means (export, webhook response, retention, privacy policy).

8. Further information

The terms of service and in-app privacy policy (short version) are shown in the app on first access and must be accepted.
For access requests (GDPR Art. 15), the Privacy section in the app with export function is available to the merchant.

This privacy policy serves as the publicly linkable Privacy Policy for the Shopify App Store. For questions, contact the app operator (see section 1).

1. Data controller​

2. What data is collected?​

2.1 Data from merchants (shop owners)​

2.2 Data from merchants' customers (end consumers)​

3. Purpose of processing​

4. Retention​

5. Legal basis (GDPR)​

6. Storage location / processing​

7. Data subject rights​

8. Further information​