Skip to content
  • Home
  • About Us
  • Clients
  • Services
  • Integrations
  • Contact Us
Log in
    Digital Project Design
    • Home
    • About Us
    • Clients
    • Services
    • Integrations
    • Contact Us

    Professional List Manager — Privacy Policy

    Effective date: May 21, 2026    Last updated: May 21, 2026

    This Privacy Policy explains how Digital Project Design ("DPD", "we", "us", "our") handles information in connection with the Professional List Manager application (the "App") for Shopify. It applies to merchants who install the App ("Merchants") and to the merchant's customers and store visitors whose information the App processes ("Customers").

    The App is a B2B list-management tool: it lets a Merchant's sales representatives and a Merchant's logged-in business buyers create and manage saved product lists ("Lists") for reordering.

    Our role. For data about a Merchant's Customers, DPD acts as a data processor on behalf of the Merchant, who is the data controller. Each Merchant is responsible for its own privacy notice to its Customers and for any consent it is required to obtain. This policy describes what the App does so Merchants can make those disclosures accurately.

    Contents

    • 1. Information we process
    • 2. How we use information, and purpose limitation
    • 3. Automated decision-making
    • 4. How information is shared
    • 5. Data retention and deletion
    • 6. Security
    • 7. International data transfers
    • 8. Your rights
    • 9. Children's privacy
    • 10. Changes to this policy
    • 11. Contact

    1. Information we process

    a. Merchant and staff information

    • Store identifiers and configuration: your myshopify.com shop domain, app settings, and merchant-authored display/locale customizations.
    • Authentication credentials: OAuth access tokens issued by Shopify so the App can call the Shopify APIs on your behalf.
    • Staff user details (online sessions): when a sales representative uses the embedded admin tools, Shopify provides that staff user's identifier, and may provide their first name, last name, and email, which are stored as part of the Shopify session so the App can attribute actions and greet the signed-in user. This is data about your staff, not your Customers.

    b. Customer information

    The App processes the minimum Customer information needed to provide its functionality:

    • A Customer identifier — the Shopify Customer ID (a numeric/GID identifier) of a logged-in buyer, used to associate that buyer with their Lists and to record who created or changed a List item.
    • Business (Company) association — for B2B buyers, the Shopify Company ID the buyer belongs to, used to scope shared company Lists and to show the correct B2B catalog pricing. We read the Company's business name transiently to resolve this association; we do not store it.
    • List content the buyer creates — List names (text the buyer or representative types), the products and variants added to a List, quantities, and timestamps.

    We do not collect or store Customer names, email addresses, phone numbers, or postal addresses. The App is configured for Shopify "Protected customer data" at the base level and does not request access to those protected fields. (Where Shopify sends a Customer's email or phone to us inside a mandatory compliance webhook — for example a data-deletion request — we process those identifiers only to fulfil that request and do not retain them.)

    c. Catalog information (not personal data)

    To render Lists, the App fetches product, variant, price, and image information from Shopify in real time. This is store catalog data, not personal data.

    d. Information we do not process

    We do not collect Customer browsing/behavioral analytics, marketing/tracking data, payment card details, or order history beyond what is described above.

    2. How we use information, and purpose limitation

    We use the information above solely to:

    • provide and operate the App's list-management functionality (create, view, edit, and reorder Lists);
    • show B2B buyers the correct catalog and pricing for their Company location;
    • attribute List actions for audit and to fulfil data-subject requests;
    • authenticate sessions and bill the Merchant for the App.

    We limit our use of personal data to these purposes. We do not use Customer personal data for advertising, marketing, profiling, or analytics, and we do not sell or rent personal data to anyone.

    3. Automated decision-making

    The App does not perform automated decision-making or profiling that produces legal or similarly significant effects for any individual.

    4. How information is shared

    We share information only with the infrastructure providers that run the App, acting as our sub-processors:

    Sub-processor Purpose Data location
    Shopify Platform the App runs on; source of all store/customer data Per Shopify
    Cloudflare Application hosting (Cloudflare Workers) and database storage (Cloudflare D1) Cloudflare global network

    We do not sell personal data, and we do not share personal data for cross-context behavioral advertising. We may disclose information if required by law.

    5. Data retention and deletion

    We retain data only as long as needed to provide the App:

    • While the App is installed, we retain a Merchant's settings and the Lists created in that store.
    • Customer deletion requests — when Shopify sends a customers/redact request, we delete the Lists owned by that Customer (and their items), delete items that Customer added to shared company Lists, and anonymize any remaining audit references to that Customer.
    • Customer data requests — when Shopify sends a customers/data_request, we compile the List data we hold that references that Customer so the Merchant can respond within Shopify's required timeframe.
    • Uninstall — when the App is uninstalled, Shopify sends a shop/redact request approximately 48 hours later, at which point we delete that store's entire dedicated database and remove its records from our systems.

    These retention periods ensure personal data is not kept longer than needed for the purposes above.

    6. Security

    • Encryption in transit: all communication between the App, Shopify, buyers, and our infrastructure uses HTTPS/TLS.
    • Encryption at rest: data stored in Cloudflare D1 (and the App's session/configuration store) is encrypted at rest by Cloudflare.
    • Tenant isolation: each Merchant's List data lives in its own dedicated, per-store database, so one Merchant's data is never co-mingled with another's.
    • Least-privilege access: the App requests only the Shopify API scopes it needs to function.

    No method of transmission or storage is completely secure, but we take reasonable measures to protect the information we process.

    7. International data transfers

    The App runs on Cloudflare's global network and on Shopify's infrastructure, so information may be processed in countries other than where the Customer or Merchant is located. We rely on our sub-processors' safeguards for such transfers.

    8. Your rights

    Depending on where you live, you (or, for Customer data, the Merchant on a Customer's behalf) may have rights to access, correct, delete, or restrict the processing of personal data, and to object to certain processing.

    • Customers: please direct requests to the Merchant whose store you use; the Merchant is the controller of your data. The App provides the Merchant with the tools described in Section 5 to honor deletion and access requests through Shopify.
    • Merchants: contact us using the details in Section 11.

    9. Children's privacy

    The App is a business tool and is not directed to children. We do not knowingly process the personal data of children.

    10. Changes to this policy

    We may update this policy from time to time. When we do, we will revise the "Last updated" date above and post the new version at the published URL. Material changes will be communicated as required by applicable law.

    11. Contact

    Digital Project Design (DPD)
    Digital Project Design LLC
    10441 Chaney Ave, Downey, CA 90241, USA
    Privacy/support email: plm@digitalprojectdesign.com
    Website: https://www.digitalprojectdesign.com

    Digital Project Design

    Enterprise-grade commerce for growing brands

    Beautiful storefronts.

    Clean data.

    Smooth ops.

    • LinkedIn
    • About Us
    • Services
    • Partners
    • Clients
    • Contact Us
    © 2026, Digital Project Design Powered by Shopify
    • Choosing a selection results in a full page refresh.
    • Opens in a new window.