FROM CACHE - en_header
Promotion image

Law 25 compliance with third party ( app developer)

Law 25 compliance with third party ( app developer)

Farah2025
Tourist
3 0 1
‎05-28-2025 05:22 PM

Helloo community,

 

I am glad to learn we can reach out there to ask support. I am trying to launch a company and I am stuck at a critical stage! I need to download an app that will help me upload images. However law 25, in Québec request formal contract with a third party if data is being transferred abroad. Now issue is i can not find any local app developer in shopify who store data in quebec and all the one I spoke to are refusing to have any formal contract with me saying, they have one with shopify. Now I need to know being shopify client, am I protected under shopify DPA?

 

Any kinds of help will be appreciated.

Labels:
761 Views
1 Like
Report
Replies 4 (4)

StevenT_A7
Explorer
156 13 17
‎05-28-2025 05:29 PM

Hi @Farah2025 , 

 

Based on your info i have reached to conclusion that :-

 

  • Yes, you are protected under Shopify’s DPA, but only for Shopify’s own services, not third-party apps.
  • Law 25 requires a formal contract (like a DPA) if personal data is transferred outside Québec.
  • If a third-party app refuses to sign a contract with you, you should not use it for handling personal data.
  • For uploading non-personal data (like product images), you’re likely okay.
  • To stay compliant:
  • Use Shopify-built apps (they fall under Shopify's DPA).
  • Avoid apps that process customer data without a contract.

Or use a custom uploader hosted in Canada with a proper DPA.

 

Thanks !

Steven Taylor
302-260-8345
749 Views
0 Likes
Report
In response to StevenT_A7

Farah2025
Tourist
3 0 1
‎05-28-2025 05:39 PM

Hi Steven, thank you so much for a prompt reply. Now I need to store clients pictures to make personalized magnets. I guess that falls in private dat!. When you say shopify built in apps what exactly you mean? Those app where there is a diamond next to it and says built for shopify? Are those covered under DPA? Can you give me an example?

 

Also, when toy say  use a custom uploader hosted in Canada with a proper DPA. what does that mean? Built my own app? Sorry can you please elaborate.

 

Thank you once again,

 

740 Views
0 Likes
Report
In response to Farah2025

StevenT_A7
Explorer
156 13 17
‎05-28-2025 06:05 PM

Hi @Farah2025 , 

 

To clarify, when I refer to "Shopify-built apps," I specifically mean those developed directly by Shopify, as opposed to apps created by third-party developers.

 

It's important to note that the "Built for Shopify" badge (indicated by a diamond icon) in the App Store signifies that an app meets certain quality standards, but it doesn't guarantee that it was developed by Shopify itself. These apps may still be from third-party developers and are not covered by Shopify’s Data Processing Addendum (DPA).

 

Examples of apps built by Shopify and thus covered under Shopify's DPA include:-

  • Shopify Email
  • Shopify Inbox
  • Shopify Flow
  • Shopify Translate & Adapt.

You can typically verify if an app is Shopify-built by checking the developer's name in the App Store, which will usually be listed as "Shopify." These apps are fully protected under Shopify’s privacy and security policies, including their DPA.

 

If you cannot find a suitable app that meets your requirements, an alternative solution would be to use or develop a custom uploader that ensures images are stored in Canada with a valid DPA. This approach would involve the following:

* Customers directly upload their photos to a secure server located in Canada.
* You (or a developer) integrate this custom uploader into your Shopify store.
* You establish a Data Processing Addendum directly with the hosting provider.

I hope this clarifies the distinction between Shopify-built and third-party apps, as well as an alternative solution for your needs.

Please let me know if you need any further clarifications.

Thanks !

Steven Taylor
302-260-8345
688 Views
0 Likes
Report
In response to StevenT_A7

Farah2025
Tourist
3 0 1
‎05-28-2025 10:10 PM

Hello again! 

 

Thank you for the clarification, I have reached out to few app developer  these pass few days but the issue is same ...data storage. I recommended canada base cloud but was told it can not be just any cloud but need to have I believe he said API. I hope i will find a solution soon. I'm surprised shopify does not offer a basic thing as upload. 

I do have one more question, so when people try 2 code and insert a basic upload option where are those images saved? Or the upload link isn't really uploadable unless programed to be stored to a cloud or something similar?!

641 Views
0 Likes
Report

Community Blog Articles

May '25.jpg
Celebrating our Members of May '25

June brought summer energy to our community. Members jumped in with solutions, clicked ...

By JasonH Jun 5, 2025
441285313-63bbef53-3fbe-4e8b-a706-5b37afa90468.png
Automate store operations with Shopify Academy & Coding with Jan

Learn how to build powerful custom workflows in Shopify Flow with expert guidance from ...

By Jacqui May 7, 2025
April 25.jpg
Highlighting our Members of April '25

Did You Know? May is named after Maia, the Roman goddess of growth and flourishing! ...

By JasonH May 2, 2025
Terms of Service Privacy Policy