GDPR Compliance
Roles
For your account data (email, order, intake) we are the controller. For your store's data — including your customers' personal data — we act strictly as your processor: it is copied from your source store to your destination store on your documented instruction (your order) and used for nothing else.
Lawful basis
Performance of a contract (Art. 6(1)(b)) for the migration itself; legitimate interest for minimal operational records.
Data subject rights
Access, rectification, erasure, portability and objection requests: support@shopify2shopify.pages.dev. Where a request concerns data in your stores, we will assist you as processor.
Retention
Migration working data and access tokens: deleted 30 days after completion (or sooner on request). Marketing consents migrate with their original state and timestamps preserved — customers are never opted in by the migration.
DPA
A signed Data Processing Agreement is available on request for EU/UK merchants.