← back to dola tech
▸ legal · shopify-addendum

Shopify App Privacy Addendum

Last updated: 4 May 2026 · Dola Tech Limited · Company No. 17163542

This addendum applies when we develop or operate Shopify apps that process Protected Customer Data (PCD).

Scope

We process the minimum PCD necessary to deliver the merchant-requested functionality, in line with Shopify's Protected Customer Data requirements.

Purpose limitation

PCD is used only for the documented purpose; no profiling, no resale, no secondary use.

Retention & deletion

Within 48 hours of app uninstall (or merchant request), we purge all PCD from production and trigger backup expiry within 30 days.

Sub-processors

Limited to those listed in the Sub-processor list, all bound by equivalent obligations.

Security

TLS 1.3 in transit, AES-256 at rest, RBAC, audit logs, annual access review.

Breach

Notification to the merchant within 72 hours of becoming aware, with impact, scope and remediation.

Questions? care@dolatech.co.uk · 20 Wenlock Road, London, England, N1 7GU