Privacy Policy
Last updated: 25.06.2025
1. Data Controller
ShopFox is the data controller for the processing of personal data described in this privacy policy. You can contact us at:
Email: support@shopfox.io
Address: Wirmerstr. 5, 40474 Düsseldorf, Germany
2. Legal Basis for Processing
We process your personal data based on the following legal grounds under the General Data Protection Regulation (GDPR):
- Legitimate Interest (Article 6(1)(f) GDPR): For managing system access security and informing users about new features
- Contract Performance (Article 6(1)(b) GDPR): To provide our services and fulfill our contractual obligations
- Consent (Article 6(1)(a) GDPR): For marketing communications and certain data processing activities
- Legal Obligation (Article 6(1)(c) GDPR): Where required by applicable law
3. Data We Process
3.1 Information we collect for ShopFox’s own business purposes
ShopFox collects information about the users of our system (e.g. name, business name, email, mailing address) for two purposes:
1. In order to be able to manage the access security for a closed user-group with special options the user is authorised to use (such as our clients and employees of our clients);
2. In order to inform users about new features and special offers
The personal information is collected exclusively to the extent necessary to fulfil the above specific purpose. The information will not be re-used for an incompatible purpose; we may aggregate and/or de-identify any information that we collect, such that the information no longer identifies any specific individual. We may use, disclose and otherwise process such information for our own legitimate business purposes - including historical and statistical analysis and business planning - without restriction.
ShopFox will only disclose information to third parties if necessary for the fulfilment of the purpose(s) identified above. ShopFox will not divulge your personal data for direct marketing purposes;
As a data subject you also have the right to object to the processing of your personal data on legitimate compelling grounds except when it is collected in order to comply with a legal obligation, or is necessary for the performance of a contract to which you are a party, or is to be used for a purpose for which you have given your unambiguous consent; the personal data collected in this system about you as a user is needed to guarantee protection against unauthorised access to the system and is therefore a sine qua non for access; removing your data from the system can be executed at any time at your request (to be sent to support@shopfox.io) but will result in no longer having access to the system facilities. Retrieval and modification of your personal data can be done on-line through the available system utilities or via the same contact persons referred to above;
ShopFox only keeps the data for the time necessary to fulfil the purpose of collection or further processing as described above;
Please contact us via e-mail at support@shopfox.io if you have queries or complaints.
4. Data Processors
We use the following third-party service providers to process personal data on our behalf:
- Amazon Web Services (AWS): Infrastructure provider for hosting and data storage. AWS processes data in accordance with their Data Processing Addendum and provides appropriate technical and organizational measures. Data may be transferred to AWS data centers globally, with appropriate safeguards in place.
- Twilio: SMS service provider used only when merchants have enabled SMS notifications. Twilio processes phone numbers and message content for the sole purpose of delivering text messages to customers. This service is only activated when explicitly configured by the merchant.
All our data processors are required to implement appropriate technical and organizational measures to ensure the security of personal data and to process data only as instructed by us.
4.2 Information we collect from or on behalf of our clients
We may collect information about individual consumers from our clients or – at clients’ request – from their service providers (such as Shopify, for example). Our clients determine the scope of the information transferred to us, and the information we receive may vary by client. Typically, we may collect the following information from our clients' consumers:
- Order data (e.g. products ordered)
- Contact data (e.g. first and last name, email address, phone number, shipping and billing address)
We collect the data mentioned above to display this data on our apps’ back-end to you (e.g. on the order details screen within the app).
Proofer: The customer’s email address and/or phone number is used to send them a “Your proof is ready” notification when you add a new proof to an order within the app. If you’ve configured automatic reminders within the app’s settings, they may receive up to three reminders. If you’ve set up a print-on-demand integration, we process your customers’ shipping and billing addresses to facilitate the fulfillment of the ordered products. In addition, the products ordered by your customers are stored by us to enable filtering orders on the dashboard according to the ordered products.
FraudBlock: We process your customers’ order data (names, email addresses, shipping addresses, billing addresses, IP addresses) whenever you receive a new order to be able to evaluate the order against a stored black-list/white-list and custom rules you may have set up with us (e.g. “block all orders where the billing address is different from the shipping address”).
Callback Request: We store the information provided by your customers via the Callback Request popup (such as names and phone numbers) to be able to display them to you in the app’s backend.
Smart Price Match Popup and AutoSync do not collect any information on your customers.
We do not share or sell your customers’ data. Customers can request that their information be deleted at any time by sending an email to support@shopfox.io.
5. Your Rights Under GDPR
As a data subject, you have the following rights under the General Data Protection Regulation:
- Right of Access (Article 15): You can request information about the personal data we process about you, including copies of your personal data.
- Right to Rectification (Article 16): You can request correction of inaccurate or incomplete personal data.
- Right to Erasure (Article 17): You can request deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the original purpose.
- Right to Restrict Processing (Article 18): You can request restriction of processing in certain circumstances.
- Right to Data Portability (Article 20): You can request to receive your personal data in a structured, commonly used format or have it transmitted to another controller.
- Right to Object (Article 21): You can object to processing based on legitimate interests or for direct marketing purposes at any time.
- Right to Withdraw Consent (Article 7): Where processing is based on consent, you can withdraw your consent at any time.
To exercise any of these rights, please contact us at support@shopfox.io. We will respond to your request within one month. In some circumstances, we may extend this period by two additional months, in which case we will inform you of the extension and the reasons for the delay.
You also have the right to lodge a complaint with a supervisory authority if you believe your data protection rights have been violated.
6. International Data Transfers
We may transfer personal data to countries outside the European Economic Area (EEA) for the purposes described in this privacy policy. When we transfer personal data to third countries, we ensure appropriate safeguards are in place:
- Adequacy Decisions: We may transfer data to countries deemed to provide adequate protection by the European Commission.
- Standard Contractual Clauses: We use the European Commission's Standard Contractual Clauses for transfers to countries without adequacy decisions.
- Certification Programs: Our service providers may participate in certification programs like the EU-U.S. Data Privacy Framework or similar mechanisms.
For transfers to the United States (where our infrastructure is primarily located), we ensure that appropriate safeguards are in place, including contractual protections and security measures that meet GDPR requirements.
7. Data Security
We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:
- Encryption of personal data in transit and at rest
- Regular security assessments and monitoring
- Access controls and authentication mechanisms
- Staff training on data protection and security
- Incident response procedures
While we strive to protect your personal data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but continuously work to improve our security measures.
8. Third-Party Links
Our website may contain links to third-party websites and services that are not owned or controlled by ShopFox. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party sites you visit.
9. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, subject to legal obligations. Our retention periods are as follows:
- User Account Data: Retained for the duration of the service relationship and up to 7 years after account closure for legal and business purposes.
- Customer Order Data: Retained for the duration of the merchant's use of our services and up to 1 year after service termination for legal compliance and support purposes.
- Communication Records: Retained for up to 3 years for customer support and service improvement purposes.
- Marketing Data: Retained until consent is withdrawn or for up to 3 years from last engagement, whichever is sooner.
- Analytics and Usage Data: Retained in aggregated/anonymized form for up to 7 years for business intelligence purposes.
We will delete or anonymize personal data when it is no longer needed for the specified purposes, unless we are required to retain it by law. You can request deletion of your data at any time, subject to legal obligations.
10. Changes to This Privacy Policy
We may update this privacy policy from time to time to reflect changes in our practices, legal requirements, or business operations. When we make material changes to this policy, we will:
- Update the "Last updated" date at the top of this policy
- Notify you by email if we have your email address
- Provide prominent notice on our website for at least 30 days
- For significant changes affecting your rights, we may seek your renewed consent where required by law
We encourage you to review this privacy policy periodically to stay informed about how we collect, use, and protect your personal data.
11. Contact Information
If you have any questions, concerns, or requests regarding this privacy policy or our data processing practices, please contact us at:
Email: support@shopfox.io
We will respond to your inquiry within a reasonable timeframe, typically within 30 days.