Shoppi

Privacy Policy

Last Updated: July 5, 2026

Shoppi owns and operates the website located at https://www.shoppi.app, sub-domains, and any associated web-based and mobile applications (collectively, "Platform" or "Service"). This Privacy Policy describes how we process personal data in compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679.

1. Our Roles under the GDPR

Shoppi operates as a B2B SaaS platform. Depending on the context, our roles are defined as follows:

  • Data Controller (Titolare del Trattamento): We act as the Data Controller for the personal data of our direct customers (Merchants, Partners, and Visitors of the Shoppi websites). This includes account registration, billing data, and direct communications.
  • Data Processor (Responsabile del Trattamento): We act as the Data Processor for any personal data processed through our Merchants' online stores (final buyers' names, addresses, shopping carts, etc.). Merchants are the Data Controllers for their own customers' data, and they are responsible for obtaining appropriate legal consent and providing their own privacy notices.

2. Legal Bases for Data Processing

We process personal data based on the following legal grounds:

  • Contractual Necessity: To provide and manage your Shoppi account, process payments, and deliver the SaaS features requested by you.
  • Consent: When you subscribe to marketing newsletters or accept non-essential cookies. Consent can be withdrawn at any time.
  • Legitimate Interest: To maintain Platform security, debug errors, analyze aggregate performance, and improve our services.
  • Legal Obligation: To comply with financial, tax, and regulatory requirements (e.g. bookkeeping).

3. Stripe & Sub-processors

We work with trusted third-party providers (sub-processors) to deliver our services, including payment processors like Stripe. We have signed Data Processing Agreements (DPAs) with these sub-processors to guarantee that personal data is handled securely and in full compliance with European data protection regulations.

4. International Data Transfers (Schrems II Compliance)

While our primary servers are located in the European Union, some of our service providers (such as Stripe and US-based cloud hosting/backup entities) may store or access data in the United States. To safeguard these transfers, we utilize Standard Contractual Clauses (SCCs) approved by the European Commission, along with supplementary measures including pseudonymization, IP masking, and end-to-end encryption to guarantee a level of data protection equivalent to that in the EEA.

5. Data Retention & Deletion

We retain your personal data only as long as necessary to fulfill the purposes outlined in this policy or as required by law (e.g., tax documentation is retained for 10 years). You have the right to request deletion of your personal data at any time.

Technical Deletion Request: If you wish to delete your Shoppi account and remove all personal records permanently, you can initiate a deletion request through your account panel or by contacting our team. Once validated, our system invokes an automated backend erasure routine that deletes your user files, wallet info, and associated metadata from our active databases.

6. Your Rights

Under the GDPR, you have the following rights: Right of Access, Rectification, Erasure ("Right to be Forgotten"), Restriction of Processing, Data Portability, and Objection. To exercise these rights, please contact our Data Protection Officer at [email protected].