Install on Shopify

Data Processing Agreement

Last updated: July 2026 · Takes effect with the public launch of Collaudo.

This page summarises the DPA between you and WMIE. The signed agreement is the binding document; this is what it contains.

What the DPA covers

  • Roles. You (the merchant) are the data controller. WMIE is the data processor.
  • Scope and duration. Processing is limited to what your automations need and lasts as long as the app is installed.
  • Processing location. Your store data is processed in the EU.
  • Confidentiality. Anyone with access to store data is bound by confidentiality obligations.
  • Security measures. Technical and organisational measures appropriate to the risk, as GDPR Article 32 requires.
  • Sub-processors. We notify you before adding or replacing a sub-processor. A current list is available on request.
  • Deletion on termination. When you uninstall the app or terminate your account, we delete your data.
  • Audit support. We provide the information you need to demonstrate compliance, and we support audits.

EU data residency

Your store's automations run in an AWS environment in the EU. No transfer outside the EU is required for the service to operate.

Audit trail

Every automation that writes to your store produces a dry-run report, and every deployment records who approved it. These double as processing records you can hand to an auditor.

How to get it signed

A signed DPA is available on request on any paid plan.

Request the DPA

Related

For what data we process and the rights you have over it, read the Privacy Policy.