← Back to ShipWeaver

ShipWeaver Data Processing Agreement (DPA)

Last Updated: March 2026

This Data Processing Agreement ("DPA") forms part of the Terms of Service between the merchant installing the ShipWeaver application ("Merchant", "Controller") and ShipWeaver ("Processor", "we", "our", or "us").

This DPA applies to the processing of personal data, if any, performed by ShipWeaver in connection with the ShipWeaver Shopify application.

1. Roles of the Parties

For the purposes of applicable data protection laws, including the General Data Protection Regulation (GDPR):

  • The Merchant is the Data Controller
  • ShipWeaver acts as a Data Processor

ShipWeaver processes data only on behalf of the Merchant and solely for the purpose of providing the ShipWeaver application.

2. Nature and Purpose of Processing

ShipWeaver processes limited store configuration data necessary to operate delivery customization functionality within Shopify.

The processing includes:

  • storing merchant rule configurations
  • synchronizing delivery customization rules with Shopify APIs
  • maintaining Shopify authentication credentials required for app operation

ShipWeaver does not collect, store, or process customer personal data such as names, email addresses, phone numbers, or shipping addresses.

ShipWeaver may temporarily receive limited checkout context information from Shopify APIs (such as shipping method identifiers) solely to determine how shipping options should be displayed. This information is not stored.

3. Categories of Data

Data processed by ShipWeaver may include:

Merchant Data

  • Shopify shop domain
  • Shopify shop identifier
  • Authentication credentials
  • Rule configuration settings created by the merchant

Customer Data

ShipWeaver does not store customer personal data.

4. Processing Instructions

ShipWeaver processes data only according to:

  • instructions provided through the ShipWeaver application interface
  • Shopify API interactions required to operate the service
  • the Merchant's configuration of delivery customization rules

ShipWeaver will not process merchant data for advertising, profiling, or unrelated purposes.

5. Security Measures

ShipWeaver implements reasonable technical and organizational measures designed to protect merchant data, including:

  • encrypted HTTPS/TLS communication
  • secure storage of authentication credentials
  • restricted internal access controls
  • infrastructure protections including web application firewall and bot protection

6. Sub-processors

ShipWeaver uses trusted infrastructure providers to operate the service, including providers of cloud hosting, database services, and application infrastructure. These providers process data only to support the operation of the ShipWeaver application.

7. Data Retention and Deletion

Merchant data is retained only while the ShipWeaver application is installed.

Upon any of the following events:

  • merchant uninstalls the app
  • Shopify issues a shop/redact request
  • merchant requests deletion

ShipWeaver will permanently delete all associated merchant data.

8. Data Subject Requests

Because ShipWeaver does not store customer personal data, ShipWeaver typically has no customer data to provide or delete in response to data subject requests.

ShipWeaver supports Shopify's GDPR compliance webhooks including:

  • customers/data_request
  • customers/redact
  • shop/redact

9. International Data Transfers

ShipWeaver infrastructure providers may store data in multiple geographic regions, including the United States.

ShipWeaver relies on safeguards implemented by its infrastructure providers to support lawful data transfers.

10. Term

This DPA remains in effect for as long as the Merchant uses the ShipWeaver application.

Termination of the ShipWeaver service automatically terminates this DPA.

11. Related Documents

See also our Privacy Policy and Terms of Service.