Last Updated: February 6, 2026
Overview#
This Data Processing Agreement (“DPA”) forms part of the Terms of Service between Abnoba LLC (“Abnoba”, “we”, “us”, or “Processor”) and you (“Customer” or “Controller”) for the use of Altera (the “Services”).
This DPA reflects the parties’ agreement with regard to the processing of Personal Data in accordance with the requirements of Data Protection Laws, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”).
1. Definitions#
1.1 In this DPA, the following terms shall have the meanings set out below:
- “Controller” means the entity which determines the purposes and means of the Processing of Personal Data.
- “Data Protection Laws” means all applicable laws and regulations relating to privacy and data protection, including GDPR.
- “Data Subject” means the identified or identifiable person to whom Personal Data relates.
- “Personal Data” means any information relating to an identified or identifiable natural person that is processed by Abnoba on behalf of Customer in connection with the Services.
- “Processing” means any operation performed on Personal Data, including collection, storage, use, disclosure, or deletion.
- “Processor” means the entity which Processes Personal Data on behalf of the Controller.
- “Sub-processor” means any Processor engaged by Abnoba to Process Personal Data.
2. Scope and Roles#
2.1 Relationship of the Parties
Customer is the Controller of Personal Data, and Abnoba is the Processor. Abnoba shall Process Personal Data only on documented instructions from Customer, except where required to do so by applicable law.
2.2 Customer’s Processing Instructions
Customer instructs Abnoba to Process Personal Data for the following purposes:
- Providing the Altera import and export services
- Maintaining and improving the Services
- Customer support
- As further documented in the Terms of Service
2.3 Nature and Purpose of Processing
The nature and purpose of Processing, the types of Personal Data, and categories of Data Subjects are described in Annex I to this DPA.
3. Processor Obligations (Article 28 GDPR)#
3.1 Compliance with Instructions
Abnoba shall:
- Process Personal Data only on documented instructions from Customer
- Ensure that persons authorized to Process Personal Data are subject to confidentiality obligations
- Immediately inform Customer if instructions violate applicable Data Protection Laws
3.2 Security Measures
Abnoba shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:
- Encryption of Personal Data in transit and at rest
- Measures to ensure ongoing confidentiality, integrity, availability, and resilience of processing systems
- Regular testing and evaluation of the effectiveness of security measures
- Procedures for regular backup and restoration of Personal Data
3.3 Sub-processors
Abnoba may engage Sub-processors to assist in providing the Services. Customer grants general authorization for Abnoba to engage Sub-processors, subject to:
- Maintaining a current Sub-processor List
- Providing at least 30 days’ notice of any new Sub-processor
- Ensuring Sub-processors are bound by data protection obligations equivalent to this DPA
3.4 Data Subject Rights
Abnoba shall, to the extent legally permitted, assist Customer in responding to requests from Data Subjects to exercise their rights under Data Protection Laws, including:
- Access
- Rectification
- Erasure
- Data portability
- Restriction of processing
- Objection to processing
3.5 Data Breach Notification
Abnoba shall notify Customer without undue delay (and in any event within 72 hours) after becoming aware of a Personal Data breach affecting Customer’s Personal Data.
3.6 Assistance with Compliance
Abnoba shall assist Customer in ensuring compliance with obligations concerning:
- Security of processing
- Data protection impact assessments
- Prior consultation with supervisory authorities
3.7 Deletion or Return of Data
Upon termination of the Services, Abnoba shall, at Customer’s choice, delete or return all Personal Data to Customer and delete existing copies, unless retention is required by applicable law.
3.8 Audits and Inspections
Abnoba shall make available to Customer information necessary to demonstrate compliance with this DPA and allow for and contribute to audits, including inspections, conducted by Customer or an auditor mandated by Customer.
4. International Data Transfers#
4.1 Standard Contractual Clauses
To the extent Abnoba Processes Personal Data that is subject to GDPR and such Processing involves a transfer of Personal Data outside the European Economic Area (EEA), the parties agree to be bound by the Standard Contractual Clauses.
4.2 Transfer Impact Assessment
Abnoba has conducted a Transfer Impact Assessment (TIA) to evaluate the risks associated with international data transfers. A summary of this assessment is available on our Transfer Impact Assessment page.
5. Liability and Indemnification#
5.1 Each party’s liability arising out of or related to this DPA shall be subject to the limitations of liability set forth in the Terms of Service.
5.2 Customer shall indemnify and hold Abnoba harmless from any claims brought by Data Subjects or regulatory authorities arising from Customer’s violation of this DPA or applicable Data Protection Laws.
6. Term and Termination#
This DPA shall remain in effect for as long as Abnoba Processes Personal Data on behalf of Customer. The terms of this DPA shall survive termination of the Terms of Service to the extent necessary to comply with Data Protection Laws.
7. General Provisions#
7.1 Governing Law
This DPA shall be governed by the same governing law as specified in the Terms of Service.
7.2 Amendments
Abnoba may amend this DPA from time to time to comply with changes in Data Protection Laws. Material changes will be communicated to Customer with at least 30 days’ notice.
7.3 Conflict
In the event of any conflict between this DPA and the Terms of Service, this DPA shall prevail to the extent of the conflict.
Annex I: Details of Processing#
Nature and Purpose of Processing#
Processing is necessary to provide the Altera import/export services for Shopify stores, including:
- Importing and exporting store data (products, customers, orders, etc.)
- Temporary storage and transformation of data during import/export operations
- Integration with Google Sheets and Google Drive
Duration of Processing#
For the duration of the customer’s subscription to the Services, plus any retention period required by law or the Terms of Service.
Types of Personal Data#
- Customer data (names, email addresses, phone numbers)
- Order data (shipping addresses, order details)
- Product data (descriptions, images, pricing)
- Other Shopify store data as selected by Customer for import/export
Categories of Data Subjects#
- Customers of the Shopify store
- Store administrators and employees
- Vendors and suppliers (where applicable)
Special Categories of Data#
Abnoba does not intentionally Process special categories of Personal Data. Customer must not use the Services to Process such data without prior written agreement.
Contact Information#
For questions about this DPA or data processing practices, contact:
Abnoba LLC Email: privacy@getaltera.com