Privacy Policy

The controller for the processing of personal data described in this Privacy Policy is LIRH ShopsApp GmbH, Rothenbaumchaussee 40, 20148 Hamburg, Germany, email info@shops-app.com. Registered with the Amtsgericht Hamburg, HRB 198139.

Data Protection Officer. ShopsApp currently falls below the §38 BDSG threshold for mandatory DPO designation (fewer than 20 persons regularly engaged in automated processing of personal data), so no Data Protection Officer has been designated. Data-protection enquiries, including data subject requests under Articles 15–22 GDPR, should be sent to info@shops-app.com. ShopsApp will reassess this designation as headcount approaches the statutory threshold.

This Privacy Policy applies to personal data processed through the ShopsApp website, merchant onboarding, account administration, customer support, and the use of ShopsApp services for taking and managing orders through digital and messaging-based channels.

Depending on the nature of the interaction with ShopsApp, the following categories of personal data may be processed:

• Contact data, such as name, email address, phone number, postal address, and business contact information.
• Account data, such as login credentials, account settings, merchant profile information, and user identifiers.
• Billing and transaction-related data, such as billing contact details, invoices, payment-related metadata, and tax information where required.
• Communications data, such as inquiries, support requests, and other correspondence sent by email, forms, or messaging channels.
• Order-related data, such as customer name, phone number, order content, delivery information, and status information processed through the ShopsApp service.
• Technical usage data, such as IP address, browser type, device information, pages viewed, timestamps, referring URLs, and system log data.
• Cookie and similar technology data, as described in the Cookies section below.

When a merchant connects a third-party messaging account to ShopsApp (a “Connected Platform”), ShopsApp receives and processes the following data from that platform on the merchant's behalf:

From Meta Platforms Ireland Limited (Instagram, WhatsApp Business):

• The merchant's Instagram Business Account ID and Instagram username.
• The merchant's Facebook Page ID and Facebook Page name.
• The Page-scoped access token Meta issues to ShopsApp so we can send messages on the merchant's behalf. Tokens are stored encrypted at rest using AES-256-GCM and are deleted within 24 hours of the merchant disconnecting the Connected Platform.
• For each end customer who messages the merchant via WhatsApp: the customer's phone number in E.164 format and the content of messages they send. Meta also includes the customer's WhatsApp display name in each webhook payload, but ShopsApp discards it at the dispatcher boundary by design — the phone number alone is sufficient for routing, and not storing the display name keeps the breach-notification radius narrow (data-minimisation principle, Art. 5(1)(c) GDPR).
• For each end customer who messages the merchant via Instagram: the customer's Instagram-scoped user ID (IGSID) and the content of messages they send. ShopsApp does not access the customer's Instagram username, display name, profile picture, follower list, or media library.
• Webhook events Meta delivers when a customer messages the merchant or interacts with a button or quick reply.

ShopsApp does not access followers, media libraries, direct-message threads with other accounts, insights / analytics data, or any data not directly tied to a customer conversation taking place through ShopsApp.

Where ShopsApp processes Connected Platform data on the merchant's behalf, ShopsApp acts as a processor under Article 28 of the General Data Protection Regulation. Meta processes the same data as a separate controller under its own platform terms.

Personal data may be processed for the following purposes:

• To provide, operate, maintain, and improve the ShopsApp website and platform.
• To create and manage merchant accounts and provide onboarding, support, and account administration.
• To facilitate order handling, customer communication, and related merchant service functions.
• To monitor service performance, maintain security, prevent misuse, and troubleshoot technical issues.
• To communicate with users regarding inquiries, service updates, administrative notices, and support matters.
• To comply with legal obligations, enforce contractual rights, and protect legitimate business interests.

Where the General Data Protection Regulation applies, ShopsApp processes personal data on one or more of the following legal bases:

• Consent, where a user has given consent for a specific processing activity (Art. 6(1)(a) GDPR).
• Performance of a contract, where processing is necessary to provide requested services or to take steps prior to entering into a contract (Art. 6(1)(b) GDPR).
• Compliance with legal obligations, where processing is necessary to satisfy applicable legal or regulatory requirements (Art. 6(1)(c) GDPR).
• Legitimate interests, where processing is necessary for the operation, protection, and improvement of ShopsApp's business and services, unless such interests are overridden by the rights and freedoms of the individual concerned (Art. 6(1)(f) GDPR).

ShopsApp may process personal data both as a controller and, in certain situations, as a processor acting on behalf of merchant customers. ShopsApp generally acts as controller for personal data processed in connection with its own website, merchant account administration, billing, support, compliance, and business operations. Where personal data of end customers is processed on behalf of a merchant through the ShopsApp platform, the merchant is the controller for that data and ShopsApp processes such data on the merchant's instructions, subject to applicable contractual arrangements.

ShopsApp relies on the following sub-processors to operate the service. Each is bound by a data-processing agreement (Art. 28 GDPR) and, where applicable, EU Standard Contractual Clauses.

ShopsApp does not sell personal data and does not share personal data with parties not listed above, except where compelled by law.

Most processing takes place within the European Economic Area (EEA): the database is hosted by Hetzner Online GmbH in Germany, and application traffic is served from Vercel's EU edge network where possible.

Where personal data is transferred to a sub-processor outside the EEA — specifically Vercel Inc. and Sentry in the USA — ShopsApp relies on the EU Standard Contractual Clauses (Commission Implementing Decision (EU) 2021/914) combined with supplementary technical measures (TLS in transit, AES-256-GCM at rest, role-based access controls). Where the recipient is certified under the EU-US Data Privacy Framework, ShopsApp additionally relies on that adequacy decision.

A copy of the Standard Contractual Clauses and the Transfer Impact Assessment is available on request at info@shops-app.com.

Where longer retention is required by law, contract, or legitimate business need, the relevant data may be retained for that period and then deleted or anonymised where appropriate.

ShopsApp uses cookies and similar technologies on its website and, where applicable, within its web-based platform to enable core functionality, maintain security, remember user preferences, analyse traffic, and improve the user experience. Essential cookies may be used to support basic functions such as page navigation, session management, form submission, fraud prevention, and secure access to account areas.

Where non-essential cookies or similar technologies are used for analytics, performance measurement, or marketing, ShopsApp will seek consent where required by applicable law before placing such technologies on a user's device. These technologies may include session cookies, persistent cookies, local storage, pixels, tags, and analytics tools, and they may collect technical data such as IP address, browser type, device information, pages visited, referring URLs, timestamps, and interactions with the website or platform.

Users may manage cookie preferences through the cookie banner or consent-management tool made available on the ShopsApp website, and they may also control or delete cookies through their browser settings. Disabling certain cookies may affect the availability or functionality of parts of the website or platform.

Subject to applicable law, individuals have the right to:

• Request access to personal data processed by ShopsApp.
• Request correction of inaccurate or incomplete personal data.
• Request deletion of personal data, subject to legal limitations.
• Request restriction of processing in certain circumstances.
• Receive personal data in a structured, commonly used, and machine-readable format, where applicable.
• Object to certain processing activities based on legitimate interests.
• Withdraw consent at any time where processing is based on consent, without affecting the lawfulness of processing carried out before withdrawal.

Individuals have the right to lodge a complaint with a competent data-protection supervisory authority. As ShopsApp is based in Hamburg, the competent authority is the Hamburg Commissioner for Data Protection and Freedom of Information (Hamburgischer Beauftragter für Datenschutz und Informationsfreiheit).

ShopsApp implements appropriate technical and organisational measures designed to protect personal data against unauthorised or unlawful access, alteration, disclosure, loss, or destruction:

• In transit: TLS 1.2+ on every network path, no HTTP fallback. HSTS preload enforced so even first visits are forced to HTTPS.
• At rest — field level: AES-256-GCM applied per record to sensitive integration tokens (Meta page-scoped access tokens, 360 Dialog API keys) and to end-customer message bodies. Per-record initialisation vector and authentication tag; encryption key held in environment variables outside the application database.
• At rest — volume level: All other data, including end-customer phone numbers and consent ledger evidence, is protected by full-volume AES-256 encryption at the storage layer (provider-managed). Phone numbers are kept in deterministic plaintext at the field level because they function as lookup keys, webhook routing identifiers, and consent-ledger correlation values — an industry-standard pattern across messaging-platform SaaS.
• Access controls: Role-based access (ADMIN / MARKETING / FINANCE / viewer) enforced on every API route handler; multi-brand isolation enforced by scoping every database query by merchant ID; session cookies are HttpOnly + Secure + SameSite=Lax.
• Audit logging: Every mutation of merchant or marketing data is recorded (append-only). Consent transitions (opt-in, opt-out, DOI confirmed, DOI declined) are recorded to a separate append-only ledger preserved beyond contact deletion as compliance evidence.
• Hardening: Database firewall + per-source rate limit + fail2ban on PostgreSQL auth failures; routine vulnerability scans of dependencies and platform images.

No system is guaranteed to be completely secure. The safeguards above are designed to reduce risk and to support a defensible incident-response posture should an unauthorised access event occur.

If you are an end customer who has interacted with a merchant via Instagram or WhatsApp and you want your conversation data deleted from ShopsApp's systems, email info@shops-app.com with the subject line “Data deletion request” and include:

• The platform you used (Instagram or WhatsApp).
• The username or phone number you used to contact the merchant.
• The merchant business name you interacted with (if known).

ShopsApp will delete the conversation data within 30 days and email confirmation to the sender. If matching records cannot be located, ShopsApp will say so within the same window.

Consent-evidence preservation. Where you have previously granted or withdrawn marketing consent on a connected platform (for example, via WhatsApp double opt-in or an opt-out keyword such as “STOP”), ShopsApp keeps the consent ledger entry in append-only form even after deleting the contact record itself. This is a deliberate design choice required by German competition law (UWG §7) and by Meta platform policy: the right to erasure under Article 17 GDPR does not extinguish the merchant's separate obligation to keep evidence of prior consent transitions for defensive audit-trail purposes. The phone number on those preserved ledger entries is the onlyidentifier retained; the contact's other data — message history, language preference, tags — is irrevocably removed.

This URL — https://office.shops-app.com/privacy#data-deletion — is registered with Meta as ShopsApp's data-deletion request URL per Meta's Platform Terms.

ShopsApp may update this Privacy Policy from time to time. The current version will be made available on the ShopsApp website and within the Back Office.

Questions regarding this Privacy Policy or the processing of personal data may be directed to: