Privacy Policy

CheckoutPanda (“we”, “our”) is a checkout-replacement service for Shopify merchants. We act as a data processor for shopper data on behalf of merchants and a data controller for merchant account data.

Controller for purposes of GDPR for merchant accounts: CheckoutPanda. Contact: privacy@checkoutpanda.se.

From shoppers (on behalf of merchants):

• Contact: email, phone (optional), marketing opt-in state.
• Delivery address: name, street, postal code, city, country.
• Cart contents and pricing.
• Payment authorization metadata (PSP reference, payment method type) — not raw card data; card data is processed directly by Adyen, Stripe, and Klarna.
• Locale and IP address (used for rate limiting, fraud-signal, and currency selection).

From merchants:

• Account: email, name, Shopify store domain.
• Integration credentials: Adyen / Stripe / Klarna API keys, Shopify admin tokens (stored at rest in our database; encryption-at-rest is provided by our DB host).
• Billing: Stripe customer ID, subscription state.

• To complete the checkout and create the corresponding order in Shopify.
• To enable post-purchase upsells where the merchant has configured them.
• To enable the merchant to issue refunds, view analytics, and operate their store.
• To meet legal obligations (tax, accounting, fraud-prevention).
• To protect the service from abuse (rate limiting, signature verification).

For shoppers, our processing is performed on behalf of the merchant under their lawful basis (typically performance of a contract — completing the purchase — or legitimate interest for fraud prevention and analytics). For merchants, our processing of account data is performed on the basis of performance of a contract with the merchant.

We rely on the following sub-processors. Each is contractually bound to GDPR-equivalent terms:

• Vercel (US) — application hosting.
• Supabase (EU) — Postgres database.
• Upstash (EU) — Redis for rate limiting.
• Adyen (NL) — payment processing.
• Stripe (US/IE) — payment processing & merchant subscription billing.
• Klarna (SE) — payment processing.
• Resend (US) — transactional email.
• Shopify (CA) — merchant store integration.
• Google (US) — address autocomplete.

• Completed checkout sessions and orders: kept while the merchant is active, then for 7 years for tax purposes (EU standard) or as required by local law, whichever is longer.
• Abandoned/pending sessions: 90 days, then deleted.
• Merchant account data: kept while the account is active, then 60 days after cancellation for billing reconciliation, then deleted.

Under GDPR you have the right to:

• Access the personal data we hold about you.
• Request correction or deletion of that data.
• Object to or restrict processing.
• Receive your data in a portable format.
• Lodge a complaint with your local supervisory authority (in Sweden: Integritetsskyddsmyndigheten).

To exercise these rights, contact the merchant whose checkout you used — they are the controller of your purchase data. For account-level requests, email privacy@checkoutpanda.se.

All traffic is TLS-encrypted in transit. Card data never touches our servers — it goes directly from the buyer's browser to Adyen, Stripe, or Klarna. Database storage is encrypted at rest. Webhook payloads are HMAC-verified. Access to merchant data is scoped by merchant ownership at the API layer.

We'll update the “Last updated” date at the top whenever this policy changes. For material changes we'll notify merchants by email.