Legal

Data Processing Addendum

This addendum describes how Vaestic processes merchant app data when providing Shopify apps.

Parties And Roles

The Shopify merchant is the controller of personal data processed through the merchant's store and app configuration. Vaestic acts as a processor when it processes personal data on the merchant's instructions to provide, maintain, support, and secure Vaestic apps.

For privacy questions, contact privacy@vaestic.com. For app support, contact support@vaestic.com.

Subject Matter And Duration

The subject matter is the provision of Vaestic Shopify apps, including installation, authentication, app settings, billing state, support, troubleshooting, security, and mandatory Shopify compliance webhooks.

Processing lasts for the term of the merchant's app installation and for a limited period afterward when needed for legal, billing, support, security, or Shopify platform obligations. Shop data is deleted or anonymized after uninstall according to Shopify privacy webhook requirements and Vaestic's retention practices.

Nature And Purpose Of Processing

Vaestic processes data to provide app functionality, store app settings, authenticate app access, confirm billing state through Shopify, respond to support requests, maintain service reliability, prevent abuse, and comply with Shopify platform requirements.

Data Categories

Data categories may include Shopify shop identifiers, app installation state, app configuration, billing status, technical logs, webhook metadata, support messages, and product or variant availability data needed for app functionality.

Vaestic: Hide Sold Variants is designed to use shop identification, installation state, settings, billing status, and product/variant availability data. It does not need checkout, cart, discount, loyalty, payment, or customer-account login data for its core function.

Data Subjects

Data subjects may include merchant staff who install or configure the app, support contacts, and shoppers only if Shopify compliance webhooks or support messages include shopper-related information.

Merchant Instructions

Vaestic processes data according to the merchant's use of the app, Shopify platform flows, app settings, support requests, and applicable legal obligations. Vaestic will not sell merchant or customer data.

Security Measures

Vaestic uses reasonable technical and organizational safeguards, including HTTPS, access controls, secret management, encrypted token storage boundaries, webhook signature verification, limited data retention, and provider access limited to what is needed to operate the service.

Subprocessors

Vaestic may use service providers for hosting, database, error monitoring, support inbox, uptime monitoring, domain/DNS, and email. The current provider list is published at /legal/subprocessors.html and updated when providers materially change.

Data Subject Requests And Deletion

Vaestic assists merchants with privacy requests related to Vaestic apps. Shopify privacy webhooks for customer data requests, customer redaction, and shop redaction are authenticated before processing. Valid requests are accepted quickly and handled according to the app's data model and Shopify requirements.

International Transfers

If app data is transferred internationally, Vaestic will use appropriate safeguards required by applicable law where needed. Specific transfer mechanisms and provider regions should be confirmed before production launch.

Return Or Deletion

After app uninstall or termination, Vaestic deletes or anonymizes app data when it is no longer needed for legal, billing, security, support, or Shopify platform obligations.

Contact

For privacy questions about this addendum, contact privacy@vaestic.com. For app support questions, contact support@vaestic.com.

Last updated: July 5, 2026.