Privacy Policy for EPR Insights
Last Updated: August 5, 2025
1. Introduction
EPR Insights ("we", "us", "our") is committed to protecting the privacy and security of the data of Shopify merchants ("Merchants") and their end customers ("Customers"). This Privacy Policy explains what information we collect, how we use it, with whom we share it, and your rights regarding that information.
By installing or using our Shopify app, you agree to the collection and use of information in accordance with this Policy.
2. Data Controller
EPR Insights is the data controller for all personal data described herein. If you have questions or wish to exercise your data privacy rights, contact:
EPR Insights Support Team
Email: mae@eprinsights.com
3. Data We Collect
3.1 Shopify-Hosted Data (via Gadget)
- Order Details: Products, quantity, SKU, price, packaging type, electronics flag.
- Product & Inventory Metadata: Variant title, SKU, inventory quantity, timestamps.
- Shop & Customer Metadata:
- Customer names, email, phone, marketing consents
- Customer tags, subscription status, order history
- Shop domain, currency, locale, timestamps
3.2 Azure-Hosted Data
We store merchant representative details in Microsoft Azure:
- Full name
- Email address
- Country
- Phone number
- VAT number
- Postal address
4. Purpose & Legal Basis for Processing
- EPR Reporting: Distinguish B2B vs B2C orders and identify shipment destination country.
- App Functionality: Enable reporting features, improve performance, debug issues.
- Support & Compliance: Respond to merchant requests and legal obligations.
Legal bases: contract performance, legal obligation, and legitimate interests.
5. Data Sharing & Disclosure
5.1 Third-Party Service Providers
- Gadget: Backend orchestration and storage.
- Microsoft Azure: Infrastructure and security.
- Shopify: As required under Shopify Platform Terms and GDPR webhook process.
5.2 Legal Requirements
We may disclose personal data when legally required to do so (e.g., court orders, government requests).
6. Data Retention
- Transactional Data: Retained until app is uninstalled or deletion is requested.
- Azure Data: Retained until account closure or deletion request.
Data deletion is processed promptly via Shopify GDPR Webhooks.
7. Security Measures
- Encryption in transit and at rest
- Role-based access with least privilege
- Compliance with Shopify and Azure security standards
8. Your Rights
Depending on local law, you may have rights to:
- Access, correct, or update personal data
- Request deletion or restriction
- Object to or withdraw consent
- Port your data
To exercise these rights, contact mae@eprinsights.com. Identity verification may be required.
9. International Data Transfers
We may store data outside your country using Azure. Transfers from the EEA follow Microsoft’s commitments and EU Standard Contractual Clauses (SCCs).
10. Changes to This Policy
We may update this Policy from time to time. We will notify merchants via email and update the "Last Updated" date at the top.
11. Contact Us
EPR Insights Privacy Team
Email: mae@eprinsights.com
Thank you for trusting EPR Insights with your data.