GDPR & data compliance

Shopify mandatory webhooks

Dashprep implements all three Shopify-mandated compliance webhooks:

• customers/data_request — when a merchant receives a GDPR data request from one of their customers, Shopify forwards it to Dashprep and we return any data we hold for that customer.
• customers/redact — when a merchant receives a delete-my-data request, we erase all orders and line items associated with that customer's email within our 30-day window.
• shop/redact — 48 hours after a merchant uninstalls Dashprep, Shopify sends this webhook and we erase every trace of their shop from our systems.

Data export requests

If you're a customer of a Shopify merchant that uses Dashprep, direct your request to the merchant. They can forward it to us through the mechanism above, and Shopify will route it to us automatically.

Data deletion requests

Same pathway — ask the merchant you shopped with. We act on the Shopify-forwarded request within the timeframe Shopify specifies.

Merchant uninstall

When you uninstall Dashprep from Shopify, we tear down your tenant immediately on the app/uninstalled webhook. That includes: orders, line items, products, collections, users, sessions, team member accounts, subdomain mapping, and charge history.

Hosting & sub-processors

• DigitalOcean — app hosting and managed Postgres database (US-based)
• Pusher — realtime message delivery to station screens
• Shopify — OAuth and webhook source of truth
• Resend — transactional email for lead forms on this site
• Vercel — hosting for this marketing site (no tenant data stored here)

Data transfers

Our infrastructure is primarily hosted in US data centers. If you operate in a jurisdiction with data-residency requirements that conflict with US hosting, reach out — we handle this case-by-case on Enterprise plans.

Contact

Data-protection questions: privacy@dash-prep.com.