Privacy Policy — GPSR Compliance

Last updated: 15 June 2026

GPSR Compliance (“the App”) helps Shopify merchants add the product safety information required by the EU General Product Safety Regulation (GPSR) to their store. This policy explains what data the App accesses and stores.

Data we access

• Store information — your store name and domain, to operate the App.
• Product data — product titles and product metafields, to read and write GPSR safety information (manufacturer, EU Responsible Person, importer, traceability, warnings).

The App does not access, collect, or store any customer personal data, orders, or payment information.

Data we store

• The GPSR default details you enter (manufacturer, EU Responsible Person, importer, safety warnings) and your settings.
• A change history (audit log) of compliance actions performed in the App.
• Your Shopify session token, to keep the App connected.

How we use it

Data is used solely to provide the App’s functionality — displaying and managing GPSR information on your products. We do not sell or share your data with third parties for marketing.

Data retention & deletion

When you uninstall the App, your data is deleted automatically within 48 hours (via Shopify’s mandatory shop redaction webhook). You may also request deletion at any time by contacting us.

Your rights (GDPR)

You can request access to, correction of, or deletion of your data. We respond to Shopify’s data-request and redaction webhooks and to direct requests.

Contact

For privacy questions, contact: privacy@gemsprings.com