Privacy Policy for Addressed
**Last Updated**: October 24, 2025
Introduction
Addressed ("we", "our", "the App") is a Shopify application that helps merchants request and collect corrected shipping addresses from their customers. This Privacy Policy explains how we collect, use, store, and protect personal data in connection with our App.
By installing and using Addressed, you (the "Merchant") agree to this Privacy Policy and authorize us to process customer data as described herein.
1. Information We Collect
1.1 Merchant Information
When you install the App, we collect:
**Shop Information**: Your Shopify store domain, shop name, and contact email
**OAuth Credentials**: Access tokens to interact with your Shopify store (stored securely)
**Configuration Settings**: Your preferences for email templates, detection criteria, and order tags
1.2 Protected Customer Data (Level 2)
To provide address correction functionality, we access and process the following customer information from your Shopify store:
**Customer Names**: First and last names
**Email Addresses**: Customer email addresses for sending correction requests
**Shipping Addresses**: Complete shipping address information including:
- Street address (line 1 and 2)
- City
- State/Province
- ZIP/Postal code
- Country
- Phone number (if provided)
**Order Information**: Order numbers and IDs for tracking purposes
1.3 Usage Data
We automatically collect:
**Request Metadata**: Timestamps of when address correction requests are created, sent, and completed
**Application Logs**: Error logs and system performance data (no personally identifiable information included)
2. How We Use Information
2.1 Purpose Limitation
We use the collected information **solely** for the following purposes:
**Address Correction**: To send secure email requests to customers and collect corrected shipping addresses
**Order Updates**: To automatically update shipping addresses in your Shopify orders after customer submission
**Merchant Dashboard**: To display address correction request status and statistics
**Email Delivery**: To send professional correction request emails on behalf of your store
**App Functionality**: To provide the core features of the App as described in our listing
2.2 Data Minimization
We collect **only the minimum data required** to provide address correction functionality. We do not:
Access customer payment information
Collect customer browsing history
Track customer behavior outside of address correction
Share customer data with third parties for marketing purposes
Use customer data for purposes unrelated to address correction
3. Data Storage and Security
3.1 Storage Location
Customer data is stored in secure PostgreSQL databases hosted on industry-standard cloud infrastructure with:
Encryption at rest and in transit (TLS 1.2+)
Regular security updates and patches
Access controls and authentication
Automated backups
3.2 Data Retention
We retain customer data according to the following schedule:
**Active Address Requests**: Stored while status is "pending" (maximum 7 days before expiration)
**Completed Requests**: Stored for 90 days after completion for record-keeping
**Automated Cleanup**: Expired and old requests are automatically deleted after 90 days
**Merchant Uninstall**: All data is deleted within 30 days of app uninstallation
3.3 Security Measures
We implement industry-standard security practices:
Secure token-based customer form access (no login required)
CSRF protection on OAuth flows
Encrypted database connections
Regular security audits
Principle of least privilege for data access
4. Data Sharing and Disclosure
4.1 Third-Party Services
We use the following third-party services to operate the App:
**Email Service (Resend)**: For sending address correction emails to customers
- Only customer email addresses and order information are shared
- Resend's privacy policy: https://resend.com/legal/privacy-policy
**Hosting Provider**: For secure database and application hosting
- Data is encrypted and access-controlled
- Complies with industry security standards
4.2 Legal Disclosure
We may disclose personal data if required by law, court order, or governmental request, or to:
Protect our legal rights
Prevent fraud or security threats
Comply with valid legal processes
4.3 Business Transfers
In the event of a merger, acquisition, or sale of assets, customer data may be transferred to the acquiring entity, subject to the same privacy protections outlined in this policy.
5. Customer Rights and Consent
5.1 Merchant Obligations
As the merchant, you are responsible for:
Obtaining customer consent to share their data with third-party apps (as required by your jurisdiction)
Informing customers about address correction requests
Providing customers with access to your own privacy policy
Complying with applicable data protection laws (GDPR, CCPA, etc.)
5.2 Customer Rights
Customers whose data we process have the right to:
**Access**: Request a copy of their personal data
**Correction**: Update incorrect information via the correction form
**Deletion**: Request deletion of their data by contacting the merchant
**Objection**: Opt out of address correction communications (by contacting the merchant)
Customers should direct privacy requests to the merchant, who can contact us for assistance.
6. Compliance with Data Protection Laws
6.1 GDPR (European Union)
If you serve EU customers, we:
Process data based on legitimate interest (fulfilling orders accurately)
Implement appropriate technical and organizational measures
Respect data subject rights (access, rectification, erasure, portability)
Maintain data processing agreements with sub-processors
6.2 CCPA (California)
For California residents:
We do not sell personal information
Customers can request disclosure of data collected
Customers can request deletion of their data
6.3 Other Jurisdictions
We comply with applicable privacy laws in all jurisdictions where the App is used.
7. Shopify-Specific Terms
7.1 Shopify API Terms
Our use of customer data is subject to:
Shopify API License and Terms of Use
Shopify Partner Program Agreement
Shopify Protected Customer Data Requirements (Level 2)
7.2 Data Access Approval
We have been approved by Shopify to access Level 2 Protected Customer Data (names, addresses, emails, phone numbers) for the sole purpose of facilitating address corrections.
8. Children's Privacy
The App is not intended for use by children under 16. We do not knowingly collect personal information from children. If we become aware of such collection, we will delete it promptly.
9. Changes to This Privacy Policy
We may update this Privacy Policy periodically. Changes will be:
Posted on this page with an updated "Last Updated" date
Communicated to merchants via email for material changes
Effective immediately upon posting
Continued use of the App after changes constitutes acceptance of the updated policy.
10. Contact Information
For privacy-related questions, concerns, or requests, please use the support contact information provided in your Shopify admin or on the app listing page.
For data subject access requests or deletion requests, please contact us with:
Your full name
Email address associated with the request
Order number (if applicable)
Nature of your request
We will respond to privacy requests within 30 days.
11. Data Protection Officer
For EU-related privacy matters, please use the support contact information provided in your Shopify admin or on the app listing page.
---
Summary for Merchants
**What we collect**: Customer names, emails, shipping addresses, and order information
**Why we collect it**: To enable address correction functionality
**How long we keep it**: 90 days after completion, then deleted
**Who we share with**: Email service provider (Resend) only
**Your responsibilities**: Obtain customer consent, comply with local laws, inform customers
**Customer rights**: Access, correction, deletion, objection
By using Addressed, you confirm that you have the right to share customer data with us and that you comply with all applicable privacy laws.