Skip to main content

Privacy Policy

Privacy Policy for the Shopify App "4SELLERS Shipping Rules"

Last updated: June 22, 2026

This Privacy Policy describes how your personal information is collected, used, and shared when you install or use the App "4SELLERS Shipping Rules" (hereinafter "the App") in connection with your Shopify-supported store.

1. Who We Are (Data Controller)

The data controller responsible for processing data in accordance with the General Data Protection Regulation (GDPR) is:

4SELLERS GmbH Nelkenweg 6a 86641 Rain am Lech Germany Mail: agency@4sellers.de

2. What Data We Collect and Why

Because our App is designed to operate with data minimization in mind, we strictly separate the Merchant's (your) data from your end customers' data.

A. Merchant Data (Shop Information)

When you install the App, we access certain types of information from your Shopify account to authenticate and provide the App:

  • Shop Domain: (e.g., your-shop.myshopify.com) to uniquely identify your store.
  • Temporary Session Data / Access Tokens: To ensure secure communication between Shopify and the App.
  • Shipping Configuration: Rules, zones, and methods you create in the App. This data is stored natively in your Shopify store as metaobjects—not in our external database.
  • Product and Shipping Profile Data: When you assign shipping classes or save methods, the App reads and writes relevant product metafields and syncs with your Shopify shipping profile as needed.

Purpose: We use this data exclusively to provide you with the App's functionality, guarantee secure login, and fulfill our contract with you (Art. 6 (1) (b) GDPR).

B. Customer Data (Buyer Information)

When installed, the App registers a carrier service (shipping provider) in your Shopify store. At checkout, Shopify calls this service to calculate available shipping rates. For this purpose, Shopify transmits the data required for the calculation to our servers. We process this data only for the duration of the request and do not persistently store end customer data on our systems.

Depending on your configuration, this may include in particular:

  • Shipping destination: Country and postal code (and, where applicable, region) to match your shipping zones.
  • Cart contents: Products, quantities, prices, weights, and shipping classes needed to evaluate your rules.
  • Customer tags: Only if you use tag-based restrictions in your shipping rules.

We do not receive or process payment information, email addresses, names, or full delivery addresses, and we do not retain order history on our systems.

Purpose: We process this checkout data on your behalf to calculate shipping costs (Art. 6 (1) (b) GDPR in conjunction with our contract with you). You remain the data controller for your end customers' personal data; we act as a processor for this checkout-related processing.

3. Storage and Deletion of Data

We do not build persistent databases with your store or end customer data on our systems. We only store authentication session data on our servers.

  • Session data and tokens are automatically deleted or invalidated as soon as the session expires or you uninstall the App from your Shopify store.
  • Data transmitted during checkout rate calculation is processed in real time and is not written to persistent storage on our systems.
  • No personal data remains on our systems after the App is uninstalled.
  • Configuration data stored in Shopify (metaobjects, product metafields such as forsellers.shipping_class) remains in your Shopify store after uninstallation until you remove it there.

4. Compliance with Shopify Mandatory Webhooks

Shopify requires app developers to comply with specific data protection routines. Although our App does not store customer data, we have implemented the following mandatory webhooks to meet the requirements of the GDPR (and other privacy laws):

  • Customer Data Request (customers/data_request): If an end customer requests to view their personal data, Shopify sends a request to our App. Since we do not store customer data, our App automatically responds that no data is held.
  • Customer Redact (customers/redact): If an end customer requests the deletion of their data, Shopify sends a request to us. Since we do not hold customer data, no further deletion steps are required on our end.
  • Shop Redact (shop/redact): If you close your store or uninstall the App and 48 hours have passed, Shopify sends us a data deletion request. In this case, we delete all remaining session data, tokens, and store identifiers (if any) from our temporary storage.

5. Sharing of Your Data

We do not share, sell, or use your data for advertising purposes. Data is only shared in the following context:

  • Legal obligations: If we are legally required to do so (e.g., following an official authority request).

6. Your Rights

If you are a resident of Europe (GDPR), you have certain rights regarding your personal information:

  • The right to access the personal information we hold about you.
  • The right to correct inaccurate data.
  • The right to erasure ("Right to be forgotten").
  • The right to restrict processing.
  • The right to data portability.

To exercise these rights, or if you have questions about our privacy practices, please contact us at: agency@4sellers.de

Since you are the data controller for your own customers' data, we ask that you process your customers' requests regarding their data directly through your Shopify Admin panel.

7. Changes to this Privacy Policy

We may update this privacy policy from time to time in order to reflect, for example, changes to our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes via the Shopify Dashboard or by email.