Yes - AddressHero is GDRP compliant. We take privacy seriously and handle all customer data securely.
Does AddressHero load scripts automatically when the app is enabled?
AddressHero does not use Shopify ScriptTags or inject any third-party JavaScript into the merchants storefront. Instead, the app uses Shopify Checkout UI Extensions, which are Shopify-native components loaded and sandboxed by Shopify itself. Our extension only renders in three specific locations:
- During checkout (shipping address)
- On the Thank-you page
- On the Order-status page
No AddressHero code is loaded on your general storefront pages (homepage, product pages, collection pages, etc.).
Are AddressHero scripts be delayed or conditionally loaded based on the Shopify Customer Privacy API?
Since AddressHero uses Shopify Checkout UI Extensions (not script tags), the loading behavior is controlled entirely by Shopify's platform. These extensions are not subject to the same consent mechanisms as marketing/analytics scripts. The Shopify Customer Privacy API manages consent for three categories: Marketing, Analytics, and Preferences – none of which apply to address validation for order fulfillment.
Is there an alternative option to integrate AddressHero with consent-based control?
As we use Shopify's native extension framework rather than injected scripts, there is no alternative "script tag" integration that merchants would need to control. The extension is either enabled or disabled at the app level.
Does the AddressHero process any customer or personal data on page load or before consent is granted?
On general storefront pages: No. AddressHero has zero presence on your storefront before checkout.
During checkout: The extension performs local-only validation (e.g., checking for missing house numbers). No customer data is transmitted to our servers during this step.
On the Thank-you / Order-status page: The extension sends the shipping address to our backend for validation purposes. At this point, the customer has already actively submitted their address as part of the purchase process.
Server-side processing (orders/create webhook): After an order is placed, AddressHero validates the shipping address server-side. Depending on the merchant's plan and configuration, the address components only (street, house number, postal code, city, country code - no names or email addresses) may be sent to one of the following validation providers:
Google Maps Address Validation API (Google LLC, certified under the EU-US Data Privacy Framework)
Deutsche Post AddressFactory (Postdirekt, processed within Germany)
Klaviyo - if the merchant has configured address error notifications. An event containing the customer's email, name, and address error type is sent to Klaviyo via the merchant's own Klaviyo API key. In this case, Klaviyo acts as the merchant's own sub-processor, not AddressHero's.
General data collection
No cookies are set and no tracking scripts are loaded. AddressHero does collect aggregated, non-personal analytics data for the merchant dashboard (e.g. total number of spelling errors, missing house numbers, or corrections per day). This data is aggregated at the shop level and is not linked to individual customers - it only contains anonymous error-type counters to help merchants understand their address quality. No personal or customer-identifiable data is stored in these analytics.
What data is actually stored ?
We only fetch the data that is strictly necessary for our validation workflow:
Order ID
Order date
Shipping address, including:
Address lines 1 & 2
ZIP / postal code
City
Country code
Nothing beyond this is requested or stored.
How does the app retrieve data from Shopify — and is the connection secure?
AddressHero fetches data directly from Shopify using the Shopify GraphQL API.
The connection to Shopify runs over HTTPS with TLS, protecting all data in transit from interception or manipulation.
Authentication is handled via OAuth, using an App Token stored securely on the server. The token's scopes are kept minimal — only what is strictly necessary. Critically, the access token is a secret environment variable that never reaches the browser and lives exclusively on the server.
How is data transfer between the app and database secured?
Customer data follows a clear, controlled path:
During sync: Shopify → App → Database
The Shopify → App connection is secured as described above.
The App ↔ Database connection is even more locked down:
Both the app and the database are hosted at DigitalOcean and communicate over an internal network only. The database is not reachable from the public internet. On top of that, all traffic between app and database is also encrypted with HTTPS and TLS.
Where is the data stored?
To store the data we a MongoDB cluster hosted at DigitalOcean.
How is encryption and key management handled?
DigitalOcean uses LUKS (Linux Unified Key Setup) to encrypt the underlying storage volume of all MongoDB clusters. This means the disk your data lives on is encrypted at rest by default.
For how long is personal data being stored?
AddressValidation Data
Personal data: no (only addresses)
AddressFactory Validation (AF Cache) - no TTL
GoogleMaps Validation (Google Maps Cache) - no TTL
HeroSoftware Validation (Hero DB) - no TTL
Shopify Order Data
Personal data: yes (only accessible internally)
profileAttributes (name, mail and shipping address)
deleted after 7 days
Error Log Data
Personal data: yes (only accessible internally)
Deleted after 30 days
orderId und shop
originalAddress: Shipping address send as JSON-String
Street
postal code
city
country
addressSentToAPI: original input send to AddressFactory / Google Maps
validationResponse (API-Response)
addressFactoryResult
googleMapsResult
HeroDatabaseResult
Analytics Data
Personal data: no (only addresses)
No personal data is being stored for the analytics data. The data is aggregated at the shop level and is not linked to individual customers - it only contains anonymous error-type counters to help merchants understand their address quality. No personal or customer-identifiable data is stored in these analytics.
What happens when someone submits a deletion request for personal data?
We have implemented all three mandatory GDPR webhooks that Shopify requires for every public app:
customer/redact— When this webhook is triggered, all data belonging to the affected customer is deleted from our database. This covers individual deletion requests under GDPR.shop/redact— Once a shop has uninstalled the app and Shopify sends this webhook, all data for that shop is permanently and completely deleted. This happens automatically within 48h after uninstallation.customers/data_request— Enables us to provide a report of stored customer data upon request.
This means deletion requests are not handled manually — they are executed automatically via Shopify's webhook infrastructure, making the process reliable, traceable, and fully GDPR-compliant.
Legal basis
The processing of shipping addresses by AddressHero is based on Article 6(1)(b) GDPR (performance of a contract) - ensuring correct delivery is a necessary part of order fulfillment. This processing does not require additional consent via a cookie banner, as it falls outside the scope of the ePrivacy Directive / TTDSG cookie consent requirements.AddressHero acts as a data processor under Article 28 GDPR.