Home / gdpr

GDPR Compliance

Roles

For your account data (email, order, intake) we are the controller. For your store's data — including your customers' personal data — we act strictly as your processor: it is copied from your source store to your destination store on your documented instruction (your order) and used for nothing else.

Lawful basis

Performance of a contract (Art. 6(1)(b)) for the migration itself; legitimate interest for minimal operational records.

Data subject rights

Access, rectification, erasure, portability and objection requests: support@shopify2shopify.pages.dev. Where a request concerns data in your stores, we will assist you as processor.

Retention

Migration working data and access tokens: deleted 30 days after completion (or sooner on request). Marketing consents migrate with their original state and timestamps preserved — customers are never opted in by the migration.

DPA

A signed Data Processing Agreement is available on request for EU/UK merchants.