Privacy & Data Handling

Table of Contents

Last Updated: February 6, 2026

Overview
#

This page provides detailed information about how Abnoba LLC handles, protects, and processes personal data in connection with the Altera services. It complements our Privacy Policy and provides additional technical and operational details relevant to data protection compliance.

Our Commitment to Privacy
#

At Abnoba, we are committed to:

Transparency in how we collect and use data
Security through industry-leading technical measures
Compliance with global privacy regulations
User Control over personal data
Data Minimization - collecting only what’s necessary

Data Processing Principles
#

We adhere to the following principles in all data processing activities:

1. Lawfulness, Fairness, and Transparency
#

We process data lawfully, fairly, and in a transparent manner. Our legal bases for processing include:

Contract performance (providing the Altera services)
Legitimate interests (improving services, security)
Legal obligations (compliance with applicable laws)
Consent (where required by law)

2. Purpose Limitation
#

We collect data for specific, explicit, and legitimate purposes and do not process it in ways incompatible with those purposes.

3. Data Minimization
#

We collect only the data necessary to provide the Altera services and fulfill our legal obligations.

4. Accuracy
#

We take reasonable steps to ensure personal data is accurate and kept up to date.

5. Storage Limitation
#

We retain data only as long as necessary for the purposes for which it was collected.

6. Integrity and Confidentiality
#

We implement appropriate technical and organizational measures to protect data against unauthorized access, loss, or destruction.

7. Accountability
#

We take responsibility for compliance with data protection principles and can demonstrate our compliance.

What Data We Collect
#

Account Data
#

Email address
Name
Company name
Shopify store URL
Payment information (processed by our payment provider)

Shopify Store Data (Processed on Your Behalf)
#

When you use Altera to import or export data, we temporarily process:

Products and variants
Customers
Orders
Inventory
Collections
Discounts
Metafields and metaobjects
Blog posts and pages
Other Shopify store data you choose to import/export

Important: This data is processed only at your direction and is not used for any other purpose.

Usage Data
#

Log data (access times, features used, errors encountered)
Performance data (operation completion times, success rates)
Device and browser information

Support Data
#

Support ticket contents
Communications with our support team

How We Use Data
#

Primary Uses
#

Service Delivery: To provide the import/export functionality
Service Improvement: To identify and fix bugs, improve performance
Customer Support: To respond to your questions and issues
Security: To detect and prevent fraud, abuse, and security incidents
Legal Compliance: To comply with applicable laws and regulations

We Do NOT:
#

Sell your data to third parties
Use your Shopify store data for advertising
Share your data except as described in our Privacy Policy and DPA
Process your data for purposes other than those described

Data Processing Lifecycle
#

1. Collection
#

Data is collected when you:

Register for an Altera account
Connect your Shopify store
Initiate import or export operations
Contact customer support

2. Processing
#

During import/export operations:

Data is temporarily stored in encrypted databases
Transformations are applied as needed (format conversions, validation)
Data is transferred to/from Google Sheets (if selected)

Processing Duration: Typically completed within minutes to hours, depending on data volume.

3. Retention
#

Temporary Processing Data: Deleted within 30 days of operation completion
Account Data: Retained while your account is active
Logs and Analytics: Retained for 90 days for security and operational purposes
Legal/Compliance Data: Retained as required by law

4. Deletion
#

Data is deleted when:

You delete your account (within 30 days)
Retention periods expire
You request deletion (subject to legal retention requirements)

Security Measures
#

We implement comprehensive security measures to protect your data:

Technical Measures
#

Encryption:

Data in transit: TLS 1.2 or higher encryption for all connections
Data at rest: AES-256 encryption for stored data
Encryption keys managed separately from data

Access Controls:

Role-based access control (RBAC)
Multi-factor authentication (MFA) required for team access
Principle of least privilege
Regular access reviews

Network Security:

Firewalls
DDoS protection (provided by GCP infrastructure)

Application Security:

Secure development lifecycle
Regular code reviews
Automated security testing

Infrastructure Security:

Hosting with SOC 2 Type II certified providers (GCP)
Physical security controls at data centers (provided by GCP)
Redundant systems and geographic distribution (provided by GCP)

Organizational Measures
#

Governance:

Designated Data Protection Contact
Privacy by design and by default
Data protection impact assessments for high-risk processing
Regular policy reviews and updates

Personnel:

Confidentiality agreements
Clear data handling procedures

Vendor Management:

Security assessments of all Sub-processors
Contractual data protection obligations
Regular Sub-processor audits
Maintained Sub-processor list

Incident Response:

Documented incident response plan
Breach notification procedures compliant with GDPR

International Data Transfers
#

Altera operates globally, which may involve transferring data across borders.

Transfer Mechanisms
#

For transfers from the EEA/UK/Switzerland to third countries:

Standard Contractual Clauses (SCCs): EU SCCs 2021 - see our SCCs page
Supplementary Measures: Additional technical and organizational safeguards
Transfer Impact Assessment: Regular assessment of transfer risks - see our TIA page

Primary Processing Locations
#

United States: Primary data processing location
Canada: Shopify API access (adequacy decision)

Your Rights
#

Under applicable data protection laws (including GDPR), you have the following rights:

1. Right to Access
#

Request a copy of your personal data we hold.

2. Right to Rectification
#

Request correction of inaccurate or incomplete data.

3. Right to Erasure (“Right to be Forgotten”)
#

Request deletion of your personal data, subject to legal retention requirements.

4. Right to Restriction of Processing
#

Request that we limit how we use your data.

5. Right to Data Portability
#

Request your data in a structured, machine-readable format.

6. Right to Object
#

Object to processing based on legitimate interests.

7. Right to Withdraw Consent
#

Where processing is based on consent, withdraw it at any time.

8. Right to Lodge a Complaint
#

File a complaint with your supervisory authority.

Exercising Your Rights
#

To exercise any of these rights, contact us at privacy@getaltera.com. We will respond within:

30 days for most requests
1 month for GDPR requests (extendable by 2 months for complex requests)

Data Breach Procedures
#

In the event of a data breach:

Detection: Security monitoring systems alert our team
Assessment: We evaluate the scope, impact, and risk
Containment: Immediate action to stop the breach
Notification:
- Customers notified within 72 hours for GDPR-scope breaches
- Supervisory authorities notified as required by law
- Individual data subjects notified if high risk to their rights
Remediation: Fix vulnerabilities and prevent recurrence
Documentation: Full incident report and lessons learned

Compliance and Certifications
#

Current Compliance
#

GDPR (General Data Protection Regulation - EU)
UK GDPR
CCPA/CPRA (California Consumer Privacy Act)
Shopify App Requirements

Data Protection Contact
#

Although Abnoba LLC is not required to appoint a Data Protection Officer (DPO) under GDPR Article 37, we have designated a Data Protection Contact as your point of contact for privacy matters. A DPO is not required because:

Abnoba is a private company, not a public authority or body (Article 37(1)(a))
Our core activities do not consist of processing operations that require regular and systematic monitoring of data subjects on a large scale (Article 37(1)(b)). Altera is a Shopify data import/export tool — we process store data temporarily on behalf of merchants, at their direction, and do not monitor data subjects.
Our core activities do not involve large-scale processing of special categories of data or data relating to criminal convictions (Article 37(1)(c))

Contact: Email: privacy@getaltera.com Response Time: Within 48 hours for urgent matters, 5 business days for standard inquiries

EU/UK Representative
#

We have appointed Prighter Group with its local partners as our privacy representative and your point of contact for the following regions:

European Union (EU) — in accordance with GDPR Article 27
United Kingdom (UK) — in accordance with UK GDPR Article 27

If you want to contact us via our representative, or make use of your data subject rights, please visit the data subject rights portal.

Privacy by Design
#

We incorporate privacy considerations throughout our product development:

Privacy impact assessments for new features
Data minimization in system design
Security controls built into architecture
Default settings favor privacy
Regular privacy reviews

Third-Party Services
#

We use carefully selected Sub-processors to deliver our services. See our Sub-processor List for details.

All Sub-processors are required to:

Maintain GDPR-level data protection standards
Implement appropriate security measures
Process data only on our instructions
Assist with data subject rights requests

Children’s Privacy
#

Altera is not intended for use by anyone under 18 years of age. We do not knowingly collect data from children. If you become aware that a child has provided us with personal data, contact us immediately at privacy@getaltera.com.

Updates to This Page
#

We may update this page to reflect changes in our practices or applicable laws. Material changes will be communicated via:

Email notification to account holders
In-app notification
Notice on our website

Last Updated: February 6, 2026

Contact Us
#

For questions about our privacy and data handling practices:

Privacy & Data Protection Inquiries: privacy@getaltera.com

Support: support@getaltera.com

Mail: Abnoba LLC 7901 4TH St N, Suite 300 St. Petersburg, FL 33702

Overview#

Our Commitment to Privacy#

Data Processing Principles#

1. Lawfulness, Fairness, and Transparency#

2. Purpose Limitation#

3. Data Minimization#

4. Accuracy#

5. Storage Limitation#

6. Integrity and Confidentiality#

7. Accountability#

What Data We Collect#

Account Data#

Shopify Store Data (Processed on Your Behalf)#

Usage Data#

Support Data#

How We Use Data#

Primary Uses#

We Do NOT:#

Data Processing Lifecycle#

1. Collection#

2. Processing#

3. Retention#

4. Deletion#

Security Measures#

Technical Measures#

Organizational Measures#

International Data Transfers#

Transfer Mechanisms#

Primary Processing Locations#

Your Rights#

1. Right to Access#

2. Right to Rectification#

3. Right to Erasure (“Right to be Forgotten”)#

4. Right to Restriction of Processing#

5. Right to Data Portability#

6. Right to Object#

7. Right to Withdraw Consent#

8. Right to Lodge a Complaint#

Exercising Your Rights#

Data Breach Procedures#

Compliance and Certifications#

Current Compliance#

Data Protection Contact#

EU/UK Representative#

Privacy by Design#

Third-Party Services#

Children’s Privacy#

Updates to This Page#

Contact Us#

Related Documentation#