Privacy Policy — GPSR Kit

Last updated: 5 July 2026

GPSR Kit (“the App”) helps Shopify merchants display product safety information required by the EU General Product Safety Regulation. This policy explains what data the App accesses, why, and how it is handled.

What we access

When you install the App, Shopify grants it access to your store’s products (read and write). The App uses this access solely to read product identifiers and titles, and to write GPSR safety metafields onto the products you choose. The App requests no access to customer records, orders, or payment data, and it does not read them.

What we store

The App stores the following on its own server:

The App does not collect, store, or process personal data belonging to your customers.

What we display to shoppers

The information you enter into a safety profile is displayed publicly on your storefront product pages via the App’s theme block. This is the intended purpose of the App and the disclosure GPSR requires.

Data sharing

We do not sell or share your data with third parties. Data is exchanged only between the App and Shopify’s APIs to provide the service.

Data retention and deletion

When you uninstall the App, it deletes your stored safety profiles, product associations, and session data in response to Shopify’s app-uninstalled webhook. The App also honours Shopify’s mandatory data-request, customer-redact, and shop-redact compliance webhooks; because the App holds no customer personal data, customer-redact requests return nothing to erase.

Contact

Questions about this policy or your data can be sent to support@magstudios.app.