Legal
GDPR & Data Rights
Last updated · {{TODO: real updated date}}
{{TODO: legal review required — do not publish without lawyer sign-off}}
This document is a structural placeholder. Real GDPR disclosure copy must be reviewed and approved by qualified legal counsel.
Your rights under GDPR
If you are a data subject in the EU, EEA, or UK, you have the right to:
- Access the personal data we hold about you
- Correct inaccurate data
- Delete your data (right to be forgotten)
- Restrict or object to certain processing
- Data portability — receive your data in a machine-readable format
- Lodge a complaint with your local data protection authority
How to exercise your rights
Email [email protected] with:
- Your name and the email address associated with your account (or the visitor session ID if you are a storefront visitor)
- The shop domain where your data was collected
- The specific right you’re exercising
We will respond within 30 days, as required by GDPR Article 12.
Shopify GDPR webhooks
Cervito honors all three mandatory Shopify GDPR webhooks within Shopify’s stated timelines:
customers/data_request— visitor data exportcustomers/redact— visitor data deletionshop/redact— full shop data deletion
These are wired and tested. {{TODO: link to public test report once shipped}}
Data residency
{{TODO: confirm Railway region + sub-processor regions — typically us-west or eu-west, document}}Sub-processors
Current list at /legal/dpa.