Privacy Policy

Overview

Passtiq ("we", "our", "the app") is a Shopify application that helps merchants create and manage EU Digital Product Passports (DPP) for their products. This policy explains what data we collect, how we use it, and your rights.

Data we collect

From merchants (via Shopify)

• Store information: shop domain, shop name, email address
• Product data: titles, descriptions, SKUs, barcodes, images, variants, vendor, product type, country of origin, HS codes
• Billing information: plan status (processed by Shopify, we do not store payment details)

From merchants (entered in the app)

• DPP data: manufacturer information, material composition, care instructions, recycling instructions, sustainability metrics, certifications
• Settings: brand color, default language

From consumers (public DPP pages)

• Scan analytics: user agent, referrer URL, timestamp. We do not collect personal information from consumers who view DPP pages.

How we use data

• Generate and display Digital Product Passports as required by EU ESPR regulation
• Generate QR codes linking to public passport pages
• Write passport URL and status to Shopify product metafields (for storefront display)
• Provide scan analytics to merchants
• Manage billing and subscription status

Data storage

All data is stored in a PostgreSQL database hosted on secure infrastructure. Product and DPP data are associated with the merchant's shop domain. Data is retained for as long as the app is installed. Upon uninstallation, merchant data is scheduled for deletion within 30 days.

Data sharing

We do not sell, rent, or share merchant data with third parties. DPP data is made publicly accessible only when the merchant explicitly publishes a passport. Published passport pages display only the product and compliance information the merchant has entered.

GDPR compliance

We handle mandatory Shopify GDPR webhooks for customer data requests, customer data erasure, and shop data erasure. Merchants can request data export or deletion by contacting us.

Cookies

The embedded app uses Shopify session tokens for authentication (no cookies). Public DPP pages do not use cookies or tracking scripts.

Contact

For privacy questions or data requests, email us at support@passtiq.com.