The merchant.
The Shopify merchant who installs ClearConsent. You determine the purposes and means of processing personal data of your store visitors.
Trust & legal
Data Processing
Addendum.
This Data Processing Addendum ("DPA") forms part of the ClearConsent terms of service and applies whenever ClearConsent processes personal data on behalf of a Shopify merchant. Last updated May 2026.
When you install ClearConsent, you are the data controller of your store visitors' personal data. ClearConsent acts as a data processor on your behalf. This DPA defines that relationship.
/ The relationship
Roles & definitions
Controller, processor, sub-processors.
ClearConsent.
Operated by Jamie Shears, an independent developer. We process data only on documented instructions from you and as described in our terms of service.
Third-party services.
Hosting, error monitoring, analytics, and other services listed at /sub-processors. By installing ClearConsent you authorize the listed sub-processors solely for the purposes shown on that page.
Identifiable individuals.
Information relating to identified or identifiable individuals, as defined under the GDPR (EU Regulation 2016/679) and equivalent laws.
Data we process
What ClearConsent actually touches.
ClearConsent processes four categories of personal data on your behalf.
Visitor consent records.
Timestamp, consent state (accept/reject/preferences), coarse-grained country (derived from IP at request time, IP not stored), cookie categories chosen, and a session-scoped identifier. Retained for 1 year as compliance proof.
Scan results.
Trackers, cookies, and signals detected on your storefront when you run a compliance scan. Stored against your account and retained for up to 1 year, then permanently deleted. When a scan finds a substantive privacy policy (roughly 3,000+ characters), its text is sent to our sub-processor Anthropic (Claude API) for automated topic-coverage grading; per Anthropic's commercial terms this text is not used to train models and is processed under Anthropic's Data Processing Addendum. Thin or unreadable policy pages are not sent.
Account data.
Business name, contact email, Shopify shop domain, and subscription state. Retained for the life of the account plus 30 days after deletion, then permanently deleted.
Generated artifacts.
The privacy policy text and banner configuration generated from your scan. Stored against your account, served at your domain, retained until you delete them or uninstall the app.
What ClearConsent does not process.
- Full visitor IPs — only coarse country is derived at request time, then discarded.
- Credit card numbers — Shopify Billing handles all payment data.
- Visitor names or email addresses — not collected.
- Order or product data — the store catalog is not read.
Security measures
Technical and organizational safeguards.
ClearConsent implements the following technical and organizational measures.
TLS everywhere.
All connections between merchants, visitors, and ClearConsent use TLS 1.2 or higher. HTTP Strict Transport Security is enforced for two years on the primary domain.
Encrypted storage.
Database storage is encrypted at rest by Railway. Shopify access tokens are additionally encrypted with Fernet (AES-128) using a server-side key never exposed in logs or backups.
Least privilege.
Only the operator (Jamie) has production access. No employees, no contractors. Merchants sign in through Shopify; the administrative login is protected by bcrypt password hashing and brute-force lockout on failed attempts.
Logged operations.
Sensitive operations are logged with request IDs to a structured log. Sentry receives error events configured to avoid unnecessary PII. PostHog receives only aggregate usage signals.
Sub-processors
Third parties with data access.
Current list.
Maintained at /sub-processors with each provider's purpose and primary processing location. By installing ClearConsent you authorize the listed sub-processors solely for the purposes shown on that page.
Notice & objection rights.
30 days' written notice of any addition or replacement. You may object in writing during that window — and if we cannot reasonably accommodate your objection, cancel the affected paid service for a pro-rated refund of any unused subscription period.
Data subject rights
Visitor requests and how we help.
If a visitor exercises a data subject right under GDPR, CCPA/CPRA, or any equivalent law — access, deletion, correction, portability, opt-out — you (the controller) are responsible for fulfilling the request. ClearConsent will assist by:
Export the log.
Tooling to export the consent log for a specific session ID or country window so you can answer an access or portability request.
Delete on request.
Permanent deletion of consent records for a specific visitor within 30 days of your written request, where the relevant records can be identified (typically by session ID or timestamp window).
Confirm in writing.
A written confirmation of the deletion or anonymization steps taken, suitable for handing back to the data subject or a supervisory authority.
Breach notification
If something goes wrong.
In the event of a confirmed personal data breach affecting your data, ClearConsent will notify you in writing without undue delay and in any case within 72 hours of becoming aware. The notification will include, to the extent then known:
What happened.
Nature of the breach, categories and approximate number of data subjects and records affected.
Likely consequences.
Likely consequences and the measures taken or proposed to address the incident and limit further exposure.
Where to follow up.
Contact information for further inquiries and an ongoing channel for updates as the picture develops.
International transfers
Where data concretely goes.
Operating regions.
ClearConsent is operated from Canada. Sub-processors are located in the United States and Europe. Each provider's primary processing location is flagged at /sub-processors.
Transfer mechanism.
Where transfers of personal data outside the EEA occur, they are governed by the European Commission's Standard Contractual Clauses (2021/914/EU) or an applicable adequacy decision — whichever fits the destination jurisdiction.
Term & termination
What happens after uninstall.
This DPA stays in effect while ClearConsent processes data on your behalf — upon uninstall:
Subscription cancels.
Your Shopify recurring charge is cancelled automatically by Shopify when you uninstall. Final invoicing follows Shopify Billing's standard process.
Consent & scan history deleted.
Consent log records, scan history, and all other personal data associated with your store are deleted or redacted in accordance with Shopify's mandatory shop/redact GDPR webhook, typically within approximately 48 hours of uninstall. If you reinstall during that window, the deletion is skipped and your data is restored.
Account data soft-deletes.
Business name, email, and shop domain are soft-deleted immediately, then permanently deleted after 30 days.
Policy page preserved.
Your generated privacy policy page is preserved at its URL so bookmarked or indexed copies don't 404 silently — at uninstall the page body is replaced with a placeholder notice. You can edit or delete the page from Shopify admin when you're ready.
Liability
What ClearConsent is and isn't.
ClearConsent is an automated diagnostic tool, not legal advice. Responsibility for overall compliance with applicable privacy laws rests with you as the data controller — outcomes ultimately depend on your data handling practices, vendor agreements, and operational decisions that no scanner can observe.
Our liability under this DPA is limited as described in our Terms of Service. For your data protection officer or legal counsel: this DPA is intended to support, not replace, the controller-processor obligations applicable to your business.
Questions?
Signed copies.
For enterprise procurement teams that require a counter-signed DPA, contact us via the contact form. For most Shopify merchants, the published DPA on this page is intended to satisfy the Article 28 processor terms required for using ClearConsent.