Lexply is a Shopify app that helps merchants display EU product-compliance information (GPSR) on their stores. This policy explains what data the app handles and how.
Store data: your store's domain and a Shopify access token, required to operate the app (reading products, writing compliance metafields).
Merchant-entered business data: manufacturer and EU responsible-person business contact details (company name, business address, business email/phone), product identifiers and safety warnings. This information exists to be displayed publicly on your product pages, as EU law requires.
We do not collect or process your customers' personal data. Lexply never sees shopper names, addresses, emails, orders, or payment information. We use no advertising trackers. For site statistics we use Cloudflare Web Analytics, a privacy-first, cookieless service that collects only aggregate metrics (page views, referrers, country) — it sets no cookies, stores no IP addresses, and does not track or identify individuals.
Data is hosted on Vercel (application) and Neon (database), encrypted in transit (TLS) and at rest. Our subprocessors are Vercel Inc., Neon Inc., Shopify Inc., and Cloudflare Inc. (DNS, email routing, and cookieless analytics).
When you uninstall Lexply, your access token is invalidated immediately and all stored shop data is permanently deleted no later than 48 hours after Shopify's shop/redact notice. You may also request deletion at any time at the email below. We honor all of Shopify's mandatory GDPR webhooks.
Under the GDPR and similar laws you may request access, correction, or erasure of data we hold for your store. Contact support@lexply.com — we respond within 30 days.
We will post any changes to this policy on this page with an updated effective date.
Questions: support@lexply.com