Data Processing Agreement
Overview
This Data Processing Agreement ("DPA") applies when a Shopify merchant uses Cancevia to process end-customer withdrawal data on behalf of the merchant's store.
The merchant is the data controller. Cancevia acts as the data processor for withdrawal data processed through the app.
Version: June 2026. Cancevia is a technical workflow tool and does not provide legal advice.
How It Works
By installing or using Cancevia, and where available by accepting the DPA in the app settings, the merchant accepts this DPA electronically.
Cancevia may record the accepted DPA version, acceptance timestamp, shop domain, and accepting Shopify user or account email where available.
What the DPA Covers
- Subject matter and duration of processing tied to use of the Shopify app
- Types of personal data processed for withdrawal requests
- Merchant instructions and merchant responsibilities
- Technical and organisational security measures
- Approved subprocessors and change notices
- Assistance with data subject rights and Shopify privacy webhooks
- Data breach assistance, audit information, retention, export, and deletion
- International transfer safeguards where a provider operates outside the EU/EEA
Where Is Your Data Stored?
Primary application and database processing is designed around EU/EEA infrastructure:
- Database: Supabase PostgreSQL, Central EU / Frankfurt (
eu-central-1) - Application servers: Fly.io, Frankfurt (
fra) as primary region - Email delivery: Resend EU domain region, Ireland (
eu-west-1) - Error monitoring: Sentry EU region, Frankfurt, if enabled
- Shopify platform services: Shopify global infrastructure, governed by Shopify's platform and data processing terms
Some providers are headquartered outside the EU/EEA or operate global account and support systems. Where this involves a third-country transfer, Cancevia relies on appropriate safeguards such as adequacy decisions, EU Standard Contractual Clauses, EU-US Data Privacy Framework certification where applicable, or another lawful transfer mechanism.
For the full provider list, see Subprocessors.
Personal Data Processed
Cancevia may process customer email, optional customer name, order number, Shopify order identifiers, selected line items, withdrawal declaration text, optional reason, submitted locale, timestamps, status history, email delivery metadata, and hashed rate-limit identifiers.
The withdrawal workflow is designed not to request or store customer address, phone, payment method details, or customer account credentials.
Key Responsibilities
Cancevia processes withdrawal data only on documented merchant instructions, including app installation, app settings, workflow configuration, retention settings, deletion controls, exports, Shopify privacy webhook events, and written instructions sent to support@cancevia.com.
The merchant remains responsible for the legal basis, customer notices, store legal texts, withdrawal handling, retention requirements, refunds, returns, and customer communications.
Retention and Deletion
Merchants can delete withdrawal data from settings, export records where available, and configure retention where plan features allow.
On uninstall, Cancevia deletes Shopify sessions, rate-limit events, withdrawal records, merchant-edited customer content templates, and custom withdrawal reasons. Cancevia also makes a best-effort request to remove the Resend sender domain and clears local sender-domain configuration, then marks the shop inactive.
Unless a shorter product workflow applies, deletion after termination or uninstall is completed without undue delay and within 30 days, unless legal retention obligations, Shopify privacy processes, export requests, security investigations, or automatic deletion of already-expired data require otherwise.
Frequently Asked Questions
Do I need to sign the DPA separately?
No separate paper signature is required. The DPA is provided electronically and can be accepted through installation, continued use, or in-app confirmation where available.
Who is the controller and who is the processor?
The merchant is the controller for end-customer withdrawal data. Cancevia acts as processor for that data.
Does Cancevia handle Shopify privacy webhooks?
Yes. Cancevia implements customer data request, customer redaction, and shop redaction workflows required for Shopify App Store apps.
How will I be notified of subprocessor changes?
Material subprocessor changes are communicated by website update, email, or in-app notice at least 14 days before the change takes effect where required.
Related Documents
Privacy Policy · Subprocessors · Security · Terms of Service
References
Contact
Data protection questions can be sent to support@cancevia.com.