Privacy Policy
EPR Auto-Tracker Β· MiniSage Tech Β· Last updated: 19 June 2026
2. What data we collect
When you install the App we collect and store:
- Shop domain and Shopify access token β required to call the Shopify API on your behalf.
- Packaging mappings β the material type (e.g. paper, plastic) and weight in grams you assign to each product variant.
- Report headers β country code, reporting period, and aggregated totals (grams per material) saved when you generate a report.
- Report line items β a snapshot per order line included in a report (order ID, variant ID, quantity, material, weight, ship-to country, order date). Used as an audit trail for regulators.
Order data is fetched from Shopify on demand when you generate a report. Full order details are not stored β only the line-item snapshot above.
We do not collect or store customer personal data (names, emails, addresses).
3. How we use the data
- To generate EPR compliance reports (LUCID XML, SYDEREP CSV, MITECO CSV, UK EPR CSV).
- To maintain an audit trail you can present to regulators.
- To authenticate API requests to Shopify.
We do not sell, share, or use your data for advertising.
4. GDPR & data subject requests
We comply with Shopify's mandatory GDPR webhooks without logging full webhook payloads:
- customers/data_request β we acknowledge receipt without logging the payload. We do not store customer PII, so there is no personal data to export.
- customers/redact β we delete any report line items associated with the specified orders.
- shop/redact β we delete all data for the shop within 48 hours of receiving the webhook after app uninstall.
5. Data retention
Your data is retained for as long as the App is installed. On uninstall, all shop data is permanently deleted when we receive the shop/redact webhook (typically 48 hours after uninstall).
6. Infrastructure & sub-processors
- Vercel (US) β application hosting and serverless functions.
- Neon (US East, AWS us-east-1) β PostgreSQL database.
Both providers maintain SOC 2 compliance. No other third parties have access to your data.
7. Your rights
You have the right to access, correct, or request deletion of your data at any time. Contact us at hello@packaging-epr.com.
8. Changes to this policy
We may update this policy. The date at the top of this page indicates the last revision. Continued use of the App after changes constitutes acceptance.
Β© 2026 MiniSage Tech Β· EPR Auto-Tracker