Data Processing Addendum

Data Processing Addendum

Merchants that require controller-to-processor terms for ProfitLens Analytics can request the DPA process here.

Effective date April 23, 2026
Last updated April 23, 2026

1. DPA availability

If your organization needs a Data Processing Addendum for ProfitLens Analytics, you can request the DPA process using the privacy contact path shown on this page.

This page is a merchant-facing summary of DPA availability. It is not itself the signed DPA.

2. Processing roles

For merchant-facing Shopify app services, the merchant usually acts as the controller or business deciding how store data should be used, and ProfitLens acts as a processor or service provider to the extent it processes data on the merchant's behalf to provide the app.

Where ProfitLens processes limited account, billing, support, or security data for its own operational purposes, it may act as an independent controller for those specific activities where applicable law permits.

3. Subject matter, duration, and purpose

  • Subject matter: provision of the ProfitLens Analytics app and related support.
  • Duration: for as long as the merchant uses the service and for any limited post-termination period reasonably required for deletion handling, legal recordkeeping, or security review.
  • Purpose: app operation, merchant analytics, support handling, security, and compliance.

4. Categories of data involved

  • Merchant account data
  • Store configuration and commercial inputs
  • Operational and financial Shopify order data used for analytics
  • Support correspondence and related metadata

5. Subprocessors

If a merchant requires subprocessor detail or related contract language, those points can be addressed through the DPA process.

6. International transfers

Where a subprocessor or service provider processes data internationally, the DPA identifies the applicable transfer mechanism for that provider and jurisdiction.

7. Security and assistance

ProfitLens is expected to apply reasonable technical and organizational measures appropriate to the service and to provide commercially reasonable assistance with verified privacy or data-protection requests relating to data actually held by the service.

8. Deletion or return

ProfitLens clears stored installation credentials, shop-scoped configuration records, and support-ticket records for the affected shop when uninstall or shop-redact handling is triggered through Shopify's relevant webhook flow.

Any DPA aligns the contractual deletion wording with the live technical deletion workflow used by the app.

9. How to request the DPA

To request the DPA process, email support@profitlensanalytics.com with your legal entity name, shop domain, and the signer details for your organization.