Effective date: May 21, 2026 Last updated: May 21, 2026
These Terms of Service and the attached Data Processing Addendum (together, the "Agreement") govern your use of the Professional List Manager application (the "App") provided by Digital Project Design ("DPD", "we", "us", "our"). The App is a B2B list-management tool that lets a merchant's sales representatives and logged-in business buyers create and manage saved product lists for reordering.
Contents
Part A — Terms of Service
1. Acceptance
By installing, accessing, or using the App, you ("Merchant", "you") agree to this Agreement. If you are accepting on behalf of a company, you represent that you are authorized to bind that company. If you do not agree, do not install or use the App.
2. The service and license
Subject to this Agreement, we grant you a non-exclusive, non-transferable, revocable license to use the App on your Shopify store(s) for your internal business purposes for as long as the App is installed and your fees are current.
3. Your responsibilities
You agree to:
- use the App in compliance with applicable laws and the Shopify Terms of Service and API/Partner terms;
- maintain your own privacy notice to your customers and obtain any consents you are legally required to obtain for the processing the App performs on your behalf;
- be responsible for the accuracy of the data in your store and for the actions of your staff and authorized users within the App;
- not misuse the App, attempt to circumvent its access controls or billing, reverse engineer it, or use it to infringe others' rights.
4. Fees and billing
The App is offered on the pricing described on its Shopify App Store listing, including any free trial. All fees are billed through Shopify's billing system under your Shopify account; we do not separately collect payment card details. Fees are charged in advance on a recurring basis and are non-refundable except as required by law or as expressly stated on the listing. We may change pricing prospectively; changes apply on your next billing cycle and are subject to Shopify's approval/notification requirements.
5. Term and termination
This Agreement is effective while the App is installed. Either party may terminate at any time: you by uninstalling the App; we by discontinuing the App or for your breach of this Agreement. On termination, your license ends and we delete your data as described in the Data Processing Addendum and our Privacy Policy. Sections that by their nature should survive termination (e.g., disclaimers, limitation of liability, governing law) survive.
6. Intellectual property
The App, including all software, design, and content we provide, is owned by DPD and its licensors. This Agreement grants no rights other than the limited license in Section 2. Data you and your customers create in the App ("Merchant Data") remains yours.
7. Disclaimers
The App is provided "as is" and "as available" without warranties of any kind, express or implied, including merchantability, fitness for a particular purpose, and non-infringement. We do not warrant that the App will be uninterrupted, error-free, or that it will meet your requirements. The App depends on the Shopify platform and other third-party services that are outside our control.
8. Limitation of liability
To the maximum extent permitted by law, DPD will not be liable for any indirect, incidental, special, consequential, or punitive damages, or any loss of profits, revenue, data, or goodwill. Our total aggregate liability arising out of or relating to this Agreement will not exceed the greater of (a) the fees you paid for the App in the twelve (12) months preceding the event giving rise to the claim, or (b) USD 100.
9. Indemnification
You will indemnify and hold DPD harmless from claims arising out of your use of the App in violation of this Agreement or applicable law, including your handling of your customers' data outside the App.
10. Changes to this Agreement
We may update this Agreement from time to time. We will revise the "Last updated" date and post the new version at the published URL. Your continued use of the App after changes take effect constitutes acceptance.
11. Governing law
This Agreement is governed by the laws of the State of California, United States, without regard to its conflict-of-laws rules. The parties submit to the courts located in Los Angeles County, California for any disputes, except that either party may seek injunctive relief in any court of competent jurisdiction.
12. Contact
Digital Project Design (DPD) — Digital Project Design LLC, 10441 Chaney Ave, Downey, CA 90241, USA — plm@digitalprojectdesign.com — https://www.digitalprojectdesign.com
Part B — Data Processing Addendum (DPA)
This DPA forms part of the Agreement and applies where DPD processes personal data of your customers and store visitors ("Customer Personal Data") on your behalf in connection with the App. In the event of a conflict between this DPA and Part A regarding the processing of Customer Personal Data, this DPA controls.
B.1 Roles
For Customer Personal Data processed through the App, you (the Merchant) are the data controller and DPD is the data processor. You are responsible for the lawfulness of the data and instructions you provide.
B.2 Scope and instructions
We will process Customer Personal Data only:
- to provide, maintain, and secure the App as described in the Agreement and our Privacy Policy;
- in accordance with your documented instructions, which include your configuration and use of the App and Shopify's standard data flows; and
- as required by applicable law (in which case we will inform you unless legally prohibited).
We will not use Customer Personal Data for our own purposes, will not sell it, and will not use it for advertising or profiling.
B.3 Details of processing
- Subject matter: provision of the App's list-management functionality.
- Duration: for as long as the App is installed, plus the limited deletion windows in Section B.7.
- Nature and purpose: storing and managing product lists created by a Merchant's logged-in buyers and sales representatives, and resolving B2B catalog/pricing context.
- Types of Customer Personal Data: a Customer's Shopify Customer identifier (ID/GID); the buyer's Shopify Company association (Company ID) for B2B scoping; and list content the user creates (list names, product/variant identifiers, quantities, timestamps, and an actor identifier recording who created or changed an item). We do not process customer names, email addresses, phone numbers, or postal addresses except where Shopify includes such identifiers within a mandatory compliance request, which we use only to fulfil that request.
- Categories of data subjects: the Merchant's logged-in customers / business buyers, and the Merchant's staff users who operate the App.
B.4 Security
We implement appropriate technical and organizational measures to protect Customer Personal Data, including encryption in transit (TLS) and at rest, per-Merchant database isolation, and least-privilege API access. These measures are described in Section 6 of our Privacy Policy.
B.5 Confidentiality
We ensure that personnel authorized to process Customer Personal Data are bound by appropriate confidentiality obligations.
B.6 Sub-processors
You authorize us to engage the following sub-processors, who are bound by data-protection obligations consistent with this DPA:
| Sub-processor | Purpose |
|---|---|
| Shopify Inc. | The platform the App runs on and the source of store/customer data |
| Cloudflare, Inc. | Application hosting (Workers) and database storage (D1) |
We will inform you of any intended changes to sub-processors and give you an opportunity to object on reasonable data-protection grounds.
B.7 Assistance, data-subject requests, and deletion
Taking into account the nature of the processing, we will assist you in meeting your obligations:
-
Data-subject requests. The App processes Shopify's mandatory compliance webhooks. On a
customers/data_request, we compile the list data we hold referencing the customer so you can respond. On acustomers/redact, we delete that customer's lists and items and anonymize residual audit references. -
Deletion on termination. When the App is uninstalled, Shopify issues a
shop/redactrequest (approximately 48 hours later), upon which we delete that store's entire dedicated database. We do not retain Customer Personal Data after this beyond what law requires. - Records and demonstrating compliance. We will make available to you the information reasonably necessary to demonstrate compliance with this DPA.
B.8 Personal data breaches
We will notify you without undue delay after becoming aware of a personal data breach affecting Customer Personal Data, and provide information reasonably available to us to help you meet your notification obligations.
B.9 International transfers
Customer Personal Data may be processed on Shopify's and Cloudflare's global infrastructure. We rely on our sub-processors' transfer safeguards for cross-border processing.
B.10 Liability
Each party's liability under this DPA is subject to the limitations of liability set out in Part A, Section 8.