Skip to main content
If you operate in the EU or handle data of EU residents, the following applies to how BackupMaster processes personal data.

Data controller and processor roles

You remain the data controller for your customers’ personal data. BackupMaster acts as a data processor, processing data only as needed to deliver the backup service.

Data Processing Agreement (DPA)

The Data Processing Addendum covers how BackupMaster processes personal data on your behalf.

Personal data in backups

Backups may contain personal data such as customer names, emails, and order details. This data is encrypted at rest using AES-256 encryption and in transit using TLS. For full details on how BackupMaster secures your data, see Security overview.

Data deletion on uninstall

When you uninstall BackupMaster, your backup data is permanently deleted after a retention period. See Data retention for details.

Shopify compliance webhooks

Shopify requires all apps to handle mandatory compliance webhooks. BackupMaster subscribes to the following webhooks:
  • customers/data_request — when a customer requests their stored data, BackupMaster processes the request and provides the relevant data
  • customers/redact — when a store owner requests deletion of a customer’s data (including GDPR right to erasure requests), BackupMaster removes the specified customer data from backups within 30 business days
  • shop/redact — sent 48 hours after you uninstall BackupMaster, triggering deletion of all store data from BackupMaster’s servers
For any data deletion requests that fall outside of Shopify’s webhook process, contact support at support@backupmaster.io.

Need help?

If you have questions or need assistance, the support team is here to help. Reach out at support@backupmaster.io.