Privacy Policy

Last updated: July 9, 2026

1. Who we are

OrderPad ("the App", "we", "us") is an order assistant for sales agents, embedded in the Shopify admin. It is operated by GC Global Digital Services LLC, a Delaware limited liability company (600 N Broad Street, Suite 5, Middletown, DE 19709, United States). For any privacy matter, contact us at support@dro.wtf.

2. Scope and roles

The App is installed by Shopify merchants. For the personal data of a merchant's customers and staff, the merchant is the data controller and we act as a data processor / service provider, processing data only on the merchant's instructions to provide the App. For the merchant's own account data (store domain, contact email, subscription plan), we act as an independent controller for the purpose of operating and billing the App.

3. Data we process

We do not process payment card data. Payments and app billing are handled entirely by Shopify.

4. Purposes and legal bases (GDPR)

5. Sharing and subprocessors

We do not sell or share personal information for advertising, and we do not use it for profiling or training purposes. Data is shared only with the infrastructure providers strictly needed to run the App:

6. International transfers

Where data is transferred outside the EEA/UK (e.g. to the USA), we rely on appropriate safeguards: the EU Standard Contractual Clauses and, where the provider is certified, the EU–US Data Privacy Framework.

7. Retention and deletion

8. Security

All traffic is encrypted in transit (TLS). Data at rest is encrypted by our hosting providers. Shopify access is performed with short-lived, automatically rotated access tokens, and every App request from the Shopify admin is verified with signed session tokens. Access to production systems is limited to the operator.

9. Your rights (EEA/UK)

Subject to the GDPR, you may exercise the rights of access, rectification, erasure, restriction, portability and objection. If you are a customer of a store using the App, please direct your request to that store (the controller); we will assist the merchant in fulfilling it. You may also lodge a complaint with your local supervisory authority.

10. US privacy rights (CCPA/CPRA and state laws)

We act as a service provider for merchant customer data. We do not sell personal information, do not share it for cross-context behavioral advertising, and do not use sensitive personal information beyond providing the service. US residents may have rights to know, delete and correct their personal information and will not be discriminated against for exercising them. Requests can be made through the merchant whose store you interacted with, or via support@dro.wtf.

11. Cookies and local storage

The App does not use advertising or analytics cookies. It only uses essential browser storage: your language preference and, for the App owner, an administration key. The App runs inside the Shopify admin, whose cookies are governed by Shopify's own privacy policy.

12. Children

The App is a business tool and is not directed to individuals under 16.

13. Changes

We may update this policy; the date above reflects the latest version. Material changes will be communicated through the App or the listing.

14. Contact

GC Global Digital Services LLC · 600 N Broad Street, Suite 5, Middletown, DE 19709, United States · support@dro.wtf