GreenCommerceSign In

GDPR Compliance

Last updated: February 15, 2026

1. Data We Collect

GreenCommerce processes the following data from your Shopify store to provide carbon emission tracking and analytics:

  • Order data: Order numbers, prices, shipping addresses (city and country only), shipping methods, and product weights
  • Product data: Product titles, SKUs, and weights
  • Shipping data: Carrier names, service levels, and shipping costs
  • Account data: Your email address and store domain

2. Legal Basis for Processing

We process your data based on the following legal bases under the GDPR:

  • Contract performance: Processing necessary to provide the carbon tracking service you subscribed to
  • Legitimate interest: Improving our service and providing aggregated sustainability insights
  • Consent: For optional features like AI insights and email reports, which you can enable or disable at any time

3. Data Retention

We retain your data for the following periods:

  • Active accounts: Data is retained while your account is active and the app is installed
  • After uninstall: Your access token is immediately revoked. All store data is deleted within 48 hours via Shopify's mandatory data deletion process
  • Billing records: Retained for 7 years as required by financial regulations

4. Your Rights

Under the GDPR, you have the following rights:

  • Right of access: Request a copy of all data we hold about you
  • Right to rectification: Request correction of inaccurate data
  • Right to erasure: Request deletion of your data (also triggered automatically when you uninstall the app)
  • Right to restrict processing: Request that we limit how we use your data
  • Right to data portability: Receive your data in a machine-readable format
  • Right to object: Object to processing based on legitimate interest

5. GDPR Webhooks

GreenCommerce supports all mandatory Shopify GDPR webhooks:

  • Customer data request: When a customer requests their data, we compile all order and emission records associated with them
  • Customer data erasure: When a customer requests deletion, we redact all personally identifiable information from their orders
  • Shop data erasure: When you uninstall the app, all merchant data is permanently deleted

6. Data Security

We protect your data with industry-standard security measures:

  • All data transmitted via HTTPS/TLS encryption
  • Passwords hashed with bcrypt (12 salt rounds)
  • Shopify webhook signatures verified via HMAC-SHA256
  • OAuth state parameters validated to prevent CSRF attacks
  • Rate limiting on authentication endpoints
  • Session-based access control on all API endpoints

7. Contact

For GDPR-related inquiries or to exercise your rights, contact us at: privacy@greencommerce.io