Legal · Effective May 1, 2026

Data Processing Addendum

The terms governing Shopppio's processing of personal data on behalf of merchants.

Template notice. This document is a placeholder for the open beta. Adapt with your legal counsel before relying on it for production use.

1. Scope

This Data Processing Addendum ("DPA") forms part of the Terms when Shopppio processes Personal Data on behalf of the Customer as Processor.

2. Definitions

"Personal Data", "Processing", "Controller", "Processor" and "Data Subject" have the meanings given in applicable data protection law.

3. Processing details

Subject-matter, duration, nature, purpose, categories of data subjects and personal data are described in the Service Order.

4. Customer instructions

Shopppio processes Personal Data only on documented instructions of the Customer.

5. Confidentiality

People authorised to process Personal Data are bound by appropriate confidentiality obligations.

6. Security measures

Encryption in transit (TLS), encryption at rest via the hosting provider, least-privilege access, audit logging.

7. Sub-processors

Customer authorises the engagement of the sub-processors listed above. Shopppio will notify Customer of any addition or replacement (30-day objection right).

Sub-processorServiceLocation
Google CloudHosting, database, storageGoogle Cloud regions
StripeCard processingRazorpay (India / global)
CloudflareEmailTBD — see updated list
Sentrymarketing.legal.dpa.subprocessors.rows.3.servicemarketing.legal.dpa.subprocessors.rows.3.location
Segmentmarketing.legal.dpa.subprocessors.rows.4.servicemarketing.legal.dpa.subprocessors.rows.4.location
Twiliomarketing.legal.dpa.subprocessors.rows.5.servicemarketing.legal.dpa.subprocessors.rows.5.location
Postmarkmarketing.legal.dpa.subprocessors.rows.6.servicemarketing.legal.dpa.subprocessors.rows.6.location

8. Data Subject rights

Shopppio will assist Customer in fulfilling requests by Data Subjects to exercise rights under applicable data protection law.

9. Personal Data Breach notification

Shopppio will notify Customer without undue delay of becoming aware of a Personal Data Breach.

10. International transfers

Transfers are governed by appropriate safeguards under applicable law.

11. Audits

Customer may audit Shopppio's compliance on reasonable notice, subject to standard confidentiality.

12. Return & deletion

On termination, Shopppio will delete or return Personal Data within 60 days unless retention is required by law.

Questions? Email legal@shopppio.com.