← Back to home

Data Processing Agreement

Last updated 2026-06-08

This Data Processing Agreement ("DPA") forms part of the agreement between Address Verifier ("we", "us", the "Processor") and the merchant who installs and uses the Address Verifier app (the "Merchant", the "Controller"). It governs how we process personal data relating to the Merchant's customers on the Merchant's behalf. It takes effect when the Merchant installs the app and applies for as long as we process that data. Where it conflicts with our general Terms, this DPA controls for data-protection matters.

1. Roles

The Merchant is the controller of its customers' personal data and decides why and how it is processed. We act solely as a processor, processing that data only to provide address verification, and only on the Merchant's documented instructions — of which installing and configuring the app is the primary instruction. We do not determine the purposes of processing and we do not sell personal data.

2. Scope of processing

Subject matter & purpose: verifying and correcting shipping addresses so orders are deliverable.

Duration: for the term of the Merchant's use of the app, plus the limited retention described in clause 6.

Categories of data subjects: the Merchant's customers and order recipients.

Types of personal data: shipping-address fields (street, city, postal code, region, country) and the order reference they belong to. Recipient name and phone are read transiently from the order solely to preserve them when writing a corrected address back to the order; they are not stored by us. We do not process customer email.

3. Our obligations

We will: (a) process personal data only on the Merchant's instructions and as needed to provide the service; (b) ensure people authorized to process the data are bound by confidentiality; (c) implement the technical and organizational measures in clause 5; (d) assist the Merchant, taking into account the nature of processing, in responding to data-subject requests and in meeting its security, breach-notification, and impact-assessment obligations; and (e) make available the information needed to demonstrate compliance with this DPA.

4. Subprocessors

The Merchant authorizes us to engage subprocessors to deliver the service. Each is bound by data-protection terms no less protective than this DPA. Our current subprocessors:

  • Shippo (US) — carrier address verification. Receives shipping-address fields only; no name, order, or store identity.
  • Hetzner (US region) — hosting of the application, database, and cache.
  • Cloudflare (US) — edge TLS, CDN, and DNS for our endpoints.
  • Shopify — the platform through which the app is installed and billed.

Our error-monitoring (Sentry) and performance-monitoring (New Relic) providers are configured not to receive personal data. We will give notice of any new or replacement subprocessor with a reasonable opportunity to object; the current list lives on this page.

5. Security measures

We maintain technical and organizational measures appropriate to the risk, including: encryption of data in transit and at rest; data minimization (the cache is keyed by a one-way hash of the address with no name, order, or store attached, and raw provider responses are never persisted); least-privilege access over a private admin network with strong authentication; access logging; separation of test and production data; pre-deployment backups; and a documented incident-response process. We process the minimum data the service requires.

6. Retention & deletion

Cached validation results expire automatically — 90 days for an address verified as deliverable, 30 days for one confirmed undeliverable, 7 days otherwise — and hold only the corrected address, never what the customer typed. On uninstall we delete the store's data, and we honor Shopify's customers/redact, shop/redact, and customers/data_request webhooks. On the Merchant's request we will delete or return personal data at the end of the service, save where retention is legally required.

7. International transfers

Where personal data is transferred outside the EEA/UK, the transfer relies on an approved safeguard — the Standard Contractual Clauses (and the UK Addendum) or an adequacy decision — which is incorporated into this DPA by reference for such transfers.

8. Personal-data breaches

We will notify the Merchant without undue delay after becoming aware of a personal-data breach affecting data processed under this DPA, with the information the Merchant needs to meet its own notification obligations. Our process is described in our internal incident-response policy.

9. Audit

On reasonable written request, and no more than once a year unless required by a supervisory authority, we will provide information reasonably necessary to demonstrate compliance with this DPA.

10. Contact

Data-protection questions and requests under this DPA go to [email protected]. See also our Privacy Policy.