Data Processing Agreement
Last updated: 27 May 2026
This agreement governs how e-comProfitAgent processes personal data on behalf of merchants who connect their Shopify store. It forms part of the e-comProfitAgent Terms of Service.
1. Parties
Processor: e-comProfitAgent (operated by Shaun Sadiq, shaun@e-comprofitagent.com)
Controller: The merchant connecting their Shopify store to the platform.
2. What We Process
- Customer transaction data: order value, products purchased, fulfilment method
- Anonymised customer behaviour: cohort identifiers, repeat purchase frequency, lifetime value segments
- Attribution data: anonymised conversion events via first-party tracking pixel
We do not process special category data (UK GDPR Article 9).
3. Your Obligations as Controller
- You have a lawful basis for sharing personal data with us
- You have provided appropriate privacy notices to your customers
- You will notify us promptly of any changes to processing instructions
4. Our Obligations as Processor
- Process data only on your documented instructions
- Implement appropriate technical and organisational security measures
- Not engage sub-processors without prior authorisation
- Assist you in responding to data subject rights requests
- Delete or return all personal data upon termination
5. Sub-processors
By accepting these terms you authorise us to use:
- Supabase Inc. — database and authentication (EU West, Ireland)
- Railway Corp. — backend infrastructure (EU West)
- Anthropic PBC — AI processing (data not retained for model training)
- Netlify Inc. — frontend hosting
- Stripe Inc. — payment processing
6. Security
- All data encrypted in transit (TLS 1.2+)
- Database access restricted to server-side service keys
- Rate limiting on all authentication endpoints
- Input sanitisation on all data inputs
- Regular security reviews
7. Data Breach Notification
In the event of a breach affecting your data, we will notify you within 48 hours and provide sufficient information for you to meet your ICO notification obligations (72-hour deadline).
8. Termination
- We will cease processing your data within 30 days of subscription termination
- We will delete or return all personal data within 60 days
- We will provide written confirmation of deletion upon request
9. Governing Law
This DPA is governed by the laws of England and Wales.
10. Acceptance
By connecting a Shopify store to e-comProfitAgent and accepting the Terms of Service, the Controller agrees to this Data Processing Agreement.
Contact: shaun@e-comprofitagent.com