Privacy Policy — GPSR Kit
Last updated: 5 July 2026
GPSR Kit (“the App”) helps Shopify merchants display product safety information required by the EU General Product Safety Regulation. This policy explains what data the App accesses, why, and how it is handled.
What we access
When you install the App, Shopify grants it access to your store’s products (read and write). The App uses this access solely to read product identifiers and titles, and to write GPSR safety metafields onto the products you choose. The App requests no access to customer records, orders, or payment data, and it does not read them.
What we store
The App stores the following on its own server:
- Your store’s domain and an offline access token issued by Shopify, used to authenticate API requests.
- Safety profile data you enter — manufacturer and EU responsible-person contact details, warnings, pictogram selections, and document links. This is business compliance information, not personal data about your customers.
- The association between your products and the safety profiles assigned to them.
The App does not collect, store, or process personal data belonging to your customers.
What we display to shoppers
The information you enter into a safety profile is displayed publicly on your storefront product pages via the App’s theme block. This is the intended purpose of the App and the disclosure GPSR requires.
Data sharing
We do not sell or share your data with third parties. Data is exchanged only between the App and Shopify’s APIs to provide the service.
Data retention and deletion
When you uninstall the App, it deletes your stored safety profiles, product associations, and session data in response to Shopify’s app-uninstalled webhook. The App also honours Shopify’s mandatory data-request, customer-redact, and shop-redact compliance webhooks; because the App holds no customer personal data, customer-redact requests return nothing to erase.
Contact
Questions about this policy or your data can be sent to support@magstudios.app.