Privacy Policy — GPSR Shield

Last updated: June 5, 2026

Who we are

GPSR Shield (“the App”, “we”, “us”) is a Shopify app operated by Chao Li, trading as “GPSR Shield”, contactable at gpsr.support@gmail.com. This policy explains what data the App accesses and stores when you install it on your Shopify store.

Data we access

To provide its features, the App accesses the following from your Shopify store via the Shopify Admin API (scopes: write_products, write_metaobjects, write_metaobject_definitions):

• Products — titles, handles, status, vendor, product type, tags, images and product metafields, so we can list products and attach compliance information.
• Metaobjects & metafields — we create and manage compliance data (manufacturers, EU responsible persons, safety templates, compliance profiles and document links) as Shopify metaobjects/metafields inside your store.

We do not access, request or store your customers’ personal data (names, emails, addresses, orders, payment information).

Data we store

The App stores the minimum needed to operate, on our hosting infrastructure:

• Session records — the access token and shop domain Shopify issues so the App can call the Admin API on your behalf.
• Auto-bind rules — the matching rules you configure (tag/vendor/product type → compliance profile).

All of your actual compliance content (manufacturers, profiles, safety warnings, documents, product bindings) is stored in your own Shopify store, not on our servers.

How we use data

We use the data solely to provide the App’s features (displaying compliance information on your product pages, bulk binding, auto-bind rules, dashboard, import/export). We do not sell data or use it for advertising.

Subprocessors / third parties

• Shopify — the platform your store and our App run on.
• Fly.io — hosts the App server and database.

Data retention and deletion

• When you uninstall the App, we delete the session records for your store.
• We honor Shopify’s GDPR webhooks:
  • customers/data_request / customers/redact — we store no customer data, so there is nothing to return or erase.
  • shop/redact (sent ~48 hours after uninstall) — we delete all remaining data we hold for your shop (sessions and auto-bind rules).
• Compliance content stored in your Shopify store is owned and controlled by you.

Your rights

If you are in the EU/EEA or UK, you have rights to access, correct, delete or restrict processing of personal data. Since the App stores only merchant operational data (no end-consumer personal data), requests typically concern the merchant account; contact us at gpsr.support@gmail.com.

Changes

We may update this policy; the “last updated” date will change. Material changes will be communicated through the App or the App Store listing.

Contact

Chao Li (trading as “GPSR Shield”)
gpsr.support@gmail.com
Shenzhen, China