Widerruf App ("the App") is developed and operated by DD-Gossen (Maik Gossen), a Shopify development agency based in Germany. Contact: support@dd-gossen.com
The App processes the following data on behalf of the merchant who installs it:
From store customers (end users): Name, email address, and order number — submitted voluntarily through the withdrawal form. This data is necessary to process the withdrawal request and send a confirmation email as required by EU consumer protection law.
From merchants: Shop domain, email settings (sender name, sender prefix, reply-to address), and app configuration preferences. No passwords or payment information are collected.
Customer data is used exclusively to process withdrawal requests and send legally required confirmation emails. Merchant data is used to configure the App and deliver its functionality. Data is never used for marketing, advertising, or profiling purposes.
All data is stored in a secure database hosted on Fly.io infrastructure in the Frankfurt (EU) region. Confirmation emails are sent via encrypted SMTP connections. Data is retained according to the merchant's configured retention period (default: 180 days) or until the merchant deletes it manually.
We do not sell, share, or transfer personal data to third parties. Data is only shared with:
Shopify: As required by the Shopify platform for app functionality (order verification, return creation).
Email delivery service: Customer name and email address are transmitted via SMTP to deliver confirmation emails.
The App is designed with GDPR compliance as a core principle. It implements data minimization (Art. 5(1)(c) GDPR), collects only strictly necessary data, supports automated data deletion, and provides full data export and deletion capabilities for merchants. The App responds to Shopify's mandatory GDPR webhooks (customer data request, customer data erasure, shop data erasure).
Merchants using the App are data controllers for their customers' data. Merchants are responsible for informing their customers about data processing in their own privacy policy and ensuring compliance with applicable laws.
Merchants can delete all stored data at any time through the App's settings page. When the App is uninstalled, all associated data is automatically removed. Customers can request data deletion through their merchant.
We may update this policy from time to time. Material changes will be communicated through the App's admin interface.
For privacy-related questions or requests, contact us at: support@dd-gossen.com