Free Refund Policy Generator for Shopify Store — DPDPA Compliant

🇮🇳 Key DPDPA Requirements

India's Digital Personal Data Protection Act (DPDPA) 2023 is India's first comprehensive data protection law. It applies to processing of digital personal data within India and to processing outside India if it involves offering goods or services to individuals in India. Significant Data Fiduciaries face enhanced obligations, and the Data Protection Board can impose fines up to ₹250 crore.

• Obtain free, specific, informed, and unconditional consent before processing personal data
• Provide a clear and plain-language privacy notice before collecting data
• Process personal data only for specified lawful purposes
• Implement security safeguards and notify the Data Protection Board of breaches
• Honor data principal rights: access, correction, erasure, and grievance redressal
• Significant Data Fiduciaries must appoint a Data Protection Officer and conduct audits
• Parental consent required for processing data of children under 18

Shopify Store — Specific Considerations

Shopify stores operate under Shopify's platform terms, which means your store shares data with Shopify Inc. as a data processor. Shopify automatically installs tracking pixels, collects checkout abandonment data, and enables third-party apps — each of which may process customer data. Your privacy policy must disclose Shopify's role as a data processor and list all installed apps that access customer data.

Data typically collected by Shopify Store businesses: customer name, shipping and billing address, email, phone, payment details (via Shopify Payments), order history, browsing and checkout abandonment data, Shopify analytics

• Shopify as data processor disclosure
• Shopify Payments and third-party payment gateway data
• Installed apps with customer data access
• Shopify analytics and behavior tracking
• GDPR compliance for EU customers via Shopify's tools