Privacy Policy
Address Guardian
Last updated: [Date]
1. Introduction
This Privacy Policy explains how [COMPANY_NAME] (“[COMPANY_SHORT]”, “we”, “us”, “our”), operating the Address Guardian application (“App”), collects, uses, stores, and protects personal data when merchants install and use the App through the Shopify platform.
Address Guardian is a Shopify application that validates shipping addresses on orders to help merchants reduce failed deliveries, returns, and shipping costs.
Data Controller:
[COMPANY_NAME][COMPANY_ADDRESS]
[COUNTRY]
Contact: privacy@addressguardian.app
2. Scope
This policy applies to:
- Merchants who install and configure Address Guardian on their Shopify store.
- Customers whose order data (shipping addresses, email addresses, phone numbers) is processed through the App.
This policy does not cover data practices of Shopify Inc. or any third-party services beyond our direct integration. Please refer to Shopify's own privacy policy for their data handling practices.
3. Data We Collect
3.1 Merchant Data
When a merchant installs Address Guardian, we collect and store:
| Data | Source | Purpose |
|---|---|---|
| Shop name and domain | Shopify OAuth | App functionality, billing |
| Merchant email address | Shopify OAuth | Account identification, support |
| OAuth access token | Shopify OAuth | API access to merchant's store |
| App configuration settings | Merchant input | Customization preferences |
3.2 Customer Data (Order Data)
When an order is placed on a merchant's store, Address Guardian processes:
| Data | Source | Purpose |
|---|---|---|
| Customer name | Shopify order | Display in dashboard, correction emails |
| Customer email address | Shopify order | Correction email delivery (if enabled) |
| Shipping address (street, city, province, zip, country) | Shopify order | Address validation |
| Phone number | Shopify order | Phone validation (if enabled) |
| Order number and ID | Shopify order | Order identification, tagging |
| Payment method type | Shopify order | Express checkout detection |
3.3 Validation Results
When an address is validated, we store:
| Data | Purpose | Retention |
|---|---|---|
| Original address as entered | Comparison display | 90 days |
| Suggested corrected address | Correction workflow | 90 days |
| Validation status and match score | Dashboard analytics | 90 days |
| API response from validation provider | Debugging | 30 days |
3.4 Data We Do Not Collect
- Payment card details or financial information
- Customer passwords or authentication credentials
- Browsing history or tracking cookies
- Customer purchase history beyond order reference numbers
- Social media profiles or demographic data
4. How We Use Data
We use personal data exclusively for the following purposes:
- Address validation — Verifying shipping addresses against postal databases to detect errors.
- Email validation — Checking email format, domain validity, and detecting disposable or mistyped addresses.
- Phone validation — Verifying phone number format and validity.
- Correction notifications — Sending emails to customers with suggested address corrections (merchant opt-in only).
- Order management — Tagging orders in Shopify with validation status, updating corrected addresses.
- Merchant dashboard — Displaying validation results, analytics, and trends to the merchant.
- Billing — Recording validation usage for billing purposes.
We do not use customer data for marketing, advertising, profiling, or any purpose unrelated to address validation.
5. Third-Party Data Sharing
We share personal data with the following third-party processors, solely for the purposes described:
5.1 Loqate (GBG Group plc)
- Data shared: Shipping address fields (street, city, province, zip, country code).
- Purpose: Address verification and correction.
- No customer names or emails are sent to Loqate.
- Data processing location: Loqate operates globally. See Loqate's privacy policy.
5.2 Resend (Resend Inc.)
- Data shared: Customer email address, order number, original and suggested addresses.
- Purpose: Delivering correction notification emails to customers.
- Only used when: The merchant has enabled email notifications.
- Data processing location: United States. See Resend's privacy policy.
5.3 Google Cloud Platform (Google LLC)
- Data shared: All application data is hosted on Google Cloud Platform.
- Purpose: Application hosting, database storage, webhook delivery.
- Data processing location: us-east1 (South Carolina, USA).
- Certifications: SOC 2, ISO 27001, GDPR compliant. See Google Cloud's privacy policy.
5.4 Shopify (Shopify Inc.)
- Data shared: Order tags, shipping address updates, billing usage records.
- Purpose: Order management, address corrections, app billing.
- Data flows bidirectionally between Shopify and Address Guardian via authenticated APIs.
We do not sell, rent, or trade personal data to any third party. We do not share data with data brokers, advertising networks, or analytics platforms.
6. Data Retention
We retain personal data for the minimum period necessary to provide our services:
| Data Type | Retention Period | After Retention |
|---|---|---|
| Customer address data (original and suggested) | 90 days from order date | Automatically redacted |
| Customer name and email in validation records | 90 days from order date | Automatically redacted |
| API response data (Loqate) | 30 days from validation | Automatically deleted |
| Email notification records | 90 days from send date | Automatically deleted |
| Email validation records | 90 days from validation | Automatically deleted |
| Phone validation records | 90 days from validation | Automatically deleted |
| Merchant account data | Until app uninstall + 30 days | Hard deleted via Shopify webhook |
| OAuth session data | Automatic expiry (Shopify TTL) | Automatically deleted |
| Billing and usage records | As required by tax law | Retained per legal obligation |
After the retention period, personal data fields are overwritten with “[redacted]” or the entire record is deleted. This process runs automatically.
7. Data Security
We implement appropriate technical and organizational measures to protect personal data:
- Encryption in transit: All data transmitted between the App, Shopify, and third-party services uses TLS 1.2 or higher.
- Encryption at rest: Database storage is encrypted using Google Cloud's default encryption (AES-256).
- Access control: API access is authenticated via Shopify OAuth tokens and HMAC signature verification.
- Webhook security: Shopify webhooks are delivered via Google Cloud Pub/Sub with OIDC token verification.
- No client-side exposure: Validation API keys are never exposed to the storefront or customer browsers. All API calls route through our backend.
- Minimal data collection: We only collect data necessary for address validation. No extraneous customer data is stored.
8. Legal Basis for Processing (GDPR)
For merchants and customers in the European Economic Area (EEA), United Kingdom, and Switzerland, we process personal data under the following legal bases:
| Processing Activity | Legal Basis (GDPR Art. 6) |
|---|---|
| Address validation on orders | Legitimate interest of the merchant (reducing failed deliveries) |
| Email/phone validation | Legitimate interest of the merchant |
| Correction email notifications | Legitimate interest (merchant opt-in, customer benefit) |
| Order tagging and management | Performance of contract (merchant-App agreement) |
| Billing and usage tracking | Performance of contract |
| Analytics and dashboard | Legitimate interest of the merchant |
The merchant is the data controller for their customers' personal data. [COMPANY_SHORT] acts as a data processor on behalf of the merchant. See Section 12 (Data Processing Terms) for details.
9. Your Rights (Data Subjects)
9.1 Customer Rights
If you are a customer whose data has been processed through Address Guardian, you have the following rights under GDPR, CCPA, and applicable data protection laws:
- Right of access — Request a copy of your personal data.
- Right to rectification — Request correction of inaccurate data.
- Right to erasure — Request deletion of your personal data.
- Right to restrict processing — Request limitation of data processing.
- Right to data portability — Receive your data in a structured format.
- Right to object — Object to processing based on legitimate interest.
How to exercise your rights: Contact the merchant (store owner) who installed Address Guardian. The merchant is the data controller for your order data and will relay deletion or access requests to us.
You may also contact us directly at privacy@addressguardian.app.
9.2 Merchant Rights
Merchants can:
- Access all validation data through the App dashboard.
- Delete their account and all associated data by uninstalling the App.
- Export validation data from the dashboard.
- Configure data processing (enable/disable email notifications, phone validation, etc.).
10. Shopify GDPR Compliance
Address Guardian implements all mandatory Shopify GDPR webhooks:
- customers/data_request — When a customer requests their data, we compile and return all records associated with their email address.
- customers/redact — When a customer requests deletion, we redact all personal data fields in our database for that customer.
- shop/redact — When a merchant's data must be erased (48 hours after uninstall), we permanently delete the entire shop record and all associated data.
11. California Consumer Privacy Act (CCPA)
For California residents:
- We do not sell personal information.
- We do not share personal information for cross-context behavioral advertising.
- We collect the categories of personal information described in Section 3, used solely for the business purposes described in Section 4.
- California residents may exercise their rights under CCPA by contacting privacy@addressguardian.app.
12. Data Processing Terms
This section constitutes a Data Processing Agreement (DPA) between [COMPANY_SHORT] (processor) and the merchant (controller), as required by GDPR Article 28.
12.1 Scope and Purpose
[COMPANY_SHORT] processes personal data on behalf of the merchant solely for the purpose of providing address validation services as described in this privacy policy.
12.2 Processor Obligations
[COMPANY_SHORT] shall:
- Process personal data only on documented instructions from the controller (merchant), as configured through the App settings.
- Ensure that persons authorized to process personal data have committed to confidentiality.
- Implement appropriate technical and organizational security measures (see Section 7).
- Not engage another processor without prior written authorization of the controller. Current sub-processors are listed in Section 5.
- Assist the controller in responding to data subject requests (Section 9).
- Delete or return all personal data to the controller after the end of the provision of services (upon app uninstall).
- Make available to the controller all information necessary to demonstrate compliance with GDPR Article 28 obligations.
12.3 Sub-Processors
The following sub-processors are authorized:
| Sub-Processor | Purpose | Location |
|---|---|---|
| Loqate (GBG Group plc) | Address verification | Global |
| Resend Inc. | Email delivery | United States |
| Google Cloud Platform | Hosting and database | United States (us-east1) |
We will notify merchants of any intended changes to sub-processors via email or in-app notification, giving merchants the opportunity to object.
12.4 Data Breach Notification
In the event of a personal data breach, [COMPANY_SHORT] shall notify the affected merchant without undue delay and no later than 72 hours after becoming aware of the breach.
12.5 International Data Transfers
Customer data is stored on Google Cloud Platform in the United States (us-east1 region). For transfers of personal data from the EEA to the United States, we rely on:
- Google Cloud's Standard Contractual Clauses (SCCs) and EU-U.S. Data Privacy Framework certification.
- Resend's Standard Contractual Clauses for email delivery.
13. Children's Privacy
Address Guardian does not knowingly collect or process personal data from children under 16 years of age. The App processes order data from Shopify stores, which are operated by adults.
14. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify merchants of material changes via email or in-app notification at least 30 days before changes take effect. The “Last Updated” date at the top of this policy indicates the most recent revision.
15. Contact Us
For privacy-related questions, data access requests, or complaints:
[COMPANY_NAME][COMPANY_ADDRESS]
[COUNTRY]
Email: privacy@addressguardian.app
Website: https://addressguardian.app
For unresolved complaints, EEA residents may contact their local data protection authority. A list of DPAs is available at edpb.europa.eu.
This privacy policy applies to the Address Guardian Shopify application. © 2026 [COMPANY_NAME]. All rights reserved.