Gift Flow is operated by outBloom Apps. This Data Processing Addendum forms part of the Gift Flow Terms of Service. It is accepted when the merchant installs, accesses, or uses Gift Flow. It does not require a separate signature unless Gift Flow and the merchant agree to separate written terms.
Roles
For customer and recipient personal data processed through a merchant store, the merchant is the controller or business, and Gift Flow acts as a processor or service provider for the merchant. For app account, security, billing, and operational data that Gift Flow uses to run the app, Gift Flow may act as an independent controller where applicable.
Processing Instructions
The merchant instructs Gift Flow to process personal data through the merchant's installation, app configuration, storefront use, admin use, Shopify app permissions, Shopify webhooks, privacy request workflows, and support requests.
Gift Flow processes personal data only for the purposes described in this Addendum, the Terms, the Privacy Policy, Shopify app configuration, and documented merchant instructions.
Subject Matter and Purpose
| Purpose | Processing activity |
|---|---|
| Multi-recipient checkout | Collect recipient addresses and gift-option values, group cart items, calculate shipping/tax/totals, and create Shopify draft orders and child orders. |
| Saved customer addresses | Read a logged-in customer's Shopify addresses or save a customer address in Shopify when the customer chooses that option. |
| Order status | Show the relationship between the parent payment order and recipient child orders to merchants and customers. |
| Refund support | Mirror refunds from linked child orders to the parent payment order and support merchant retry or recovery actions, including linked Gift Flow orders older than Shopify's default 60-day access window where approved. |
| Privacy requests | Receive Shopify compliance webhooks, create minimal request rows, provide merchant exports for customer data requests, process customer redaction, and process shop redaction. |
| Security and reliability | Authenticate requests, run scheduled recovery and retention jobs, log sanitized operational warnings/errors, monitor API costs, and respond to incidents. |
Data Categories
- Customer and recipient identifiers, including Shopify customer IDs, recipient IDs generated for the checkout flow, and privacy request IDs.
- Contact data, including customer email and phone where needed for Shopify draft orders and checkout.
- Recipient postal address data, including first name, last name, address lines, city, province/state, postcode/ZIP, country, and country/province codes.
- Cart, product, variant, quantity, gift-option, custom attribute, discount, shipping, tax, total, and currency data needed for checkout.
- Shopify draft order, parent order, child order, refund, fulfillment, metafield, and status data needed for order creation, reconciliation, status display, and refunds.
- Minimal privacy request metadata, including request topic, status, timestamps, Shopify customer/order IDs, hashed email/phone values, and matched-record counts.
- Sanitized operational logs and metrics used for security, reliability, and API cost monitoring.
Data Subjects
Data subjects may include merchant staff, store customers, gift recipients, and other people whose address or gift information is entered by a customer or merchant into the merchant's Shopify store.
Gift Flow Processor Commitments
- Process customer and recipient personal data only for the stated purposes and merchant instructions.
- Limit access to authenticated merchant admin surfaces, Shopify app-proxy flows, authenticated webhooks, and authorized operational processes.
- Use reasonable confidentiality, security, access control, encryption, logging, monitoring, backup, retention, and incident response safeguards.
- Avoid selling personal data, sharing it for cross-context behavioral advertising, or using it for unrelated advertising or profiling.
- Assist with customer data requests and redaction through Shopify compliance webhooks and the Gift Flow privacy request admin workflow.
- Maintain retention and minimization workflows for app-held data and delete shop-scoped app data when Shopify sends shop redaction after uninstall.
- Use subprocessors that are reasonably necessary to provide, secure, monitor, host, or support Gift Flow.
- Notify affected merchants without undue delay after confirming a security incident involving app-held personal data, taking into account incident facts, legal obligations, Shopify requirements, and available contact channels.
Merchant Commitments
- Provide legally required customer notices and obtain any required rights, permissions, or consents for customer and recipient data entered into the store.
- Configure Gift Flow only to collect data that is needed for the merchant's checkout, fulfillment, refund, support, and privacy workflows.
- Avoid using gift-option fields to request unnecessary sensitive personal data.
- Keep Shopify store settings, payment settings, products, shipping, markets, taxes, discounts, and Gift Flow setup accurate.
- Handle direct customer communications, legal notices, refund policies, shipping policies, and fulfillment obligations for the merchant store.
Subprocessors
| Subprocessor | Processing |
|---|---|
| Shopify | Commerce platform, app installation, authentication, app proxy, Shopify checkout, Admin API, webhooks, draft orders, orders, customers, refunds, metafields, and billing surfaces. |
| Render | Current public production hosting, database, backups, and application runtime infrastructure. |
| cron-job.org | External scheduling of authenticated maintenance, retention, redaction, retry, and recovery jobs. Processing is limited to scheduler metadata, the configured schedule secret, request timing/status, and aggregate job summaries; scheduled job responses do not include customer or recipient data. |
| Better Stack | Sanitized monitoring, alerting, and operational log/metric handling when configured. |
| Google Maps Platform | Optional address autocomplete and address validation where Gift Flow or merchant-owned Google Maps keys are configured. |
Gift Flow may update subprocessors as the app changes. Material subprocessor changes should be reflected in this Addendum or another public subprocessor notice.
Security Measures
- Shopify admin authentication for merchant app pages.
- Shopify app-proxy authentication for storefront requests.
- Shopify webhook authentication for compliance and order events.
- Secret-protected scheduled jobs for recovery, redaction, and retention.
- HTTPS/TLS for production app, webhook, app-proxy, and admin traffic.
- Provider encryption at rest for production database and backups.
- Environment separation between development, staging, and production.
- Production logging rules that avoid full webhook payloads, recipient addresses, order IDs, customer data, and large Shopify API responses.
- Sanitized audit logging for authenticated privacy request export views and downloads.
- Scheduled minimization, retention pruning, customer redaction, shop redaction, retry, stale-claim recovery, and refund retention workflows.
Deletion, Return, and Backups
Gift Flow deletes, redacts, or minimizes app-held personal data according to the Privacy Policy and app retention workflows. When a merchant uninstalls Gift Flow and Shopify later sends shop redaction, Gift Flow deletes shop-scoped app data and leaves only a minimal redacted lifecycle tombstone.
Encrypted provider backups may retain prior database state until the configured backup recovery window expires. Gift Flow does not use backups as an active processing source except for disaster recovery.
Audits and Information Requests
Gift Flow may provide reasonably available information about app security, retention, privacy request handling, subprocessors, and incident response to help merchants assess the processing described in this Addendum. Requests should be made using the contact details below.
Contact and Notices
Use this contact for privacy, data protection, security, and merchant notice requests relating to this Addendum.
Order of Precedence
If this Addendum conflicts with the Gift Flow Terms of Service, this Addendum controls for the processing of customer and recipient personal data on behalf of the merchant. The Shopify Partner Program Agreement, Shopify API terms, and Shopify platform rules remain separate obligations between Shopify and the relevant party.