Effective Date: 04-AUGUST-2024

This Data Protection Agreement (“DPA”) is entered into by and between Ampyard Private Limited (“Company,” “we,” “our,” or “us”) and the merchant (“Merchant,” “you,” or “your”) who installs and uses the Risksumo Shopify extension.

1. Purpose and Scope

The purpose of this DPA is to outline the responsibilities and obligations of both parties concerning data protection.

2. Definitions

  • Personal Data: Any information relating to an identified or identifiable natural person.
  • Processing: Any operation or set of operations performed on Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure, dissemination, alignment, combination, restriction, erasure, or destruction.
  • Sub-processor: Any third party engaged by the Company who processes Personal Data on behalf of the Company.

3. Data Processing

  • Types of Data: Merchant’s email, phone number, and address; customers’ email, phone number, and address.
  • Nature and Purpose: Evaluating order risks and providing insights to merchants.
  • Categories of Data Subjects: Merchants and their customers.

4. Sub-processing

We engage AWS as our cloud provider.

5. Security Measures

  • All our infrastructure is access-controlled and on a need-to-know basis.
  • We encrypt all our data both in rest and in transit.

6. Data Subject Rights

We do not store Personal Data but only process it as it arises. For any data requests, users can use standard Shopify procedures to request their data.

7. Data Breach Notification

In the event of a data breach, we will put a notice on our website and inform the affected parties.

8. Data Retention and Deletion

We do not store Personal Data but only process it as it arrives. Therefore, data retention is not applicable.

9. International Data Transfers

All data processing infrastructure is located in the United States of America.

10. Term and Termination

  • Duration: This DPA remains in effect for as long as the Merchant uses the Risksumo app.
  • Termination: Either party can terminate the agreement with a 30-day notice period or immediately in case of a significant breach of the agreement.

11. Contact Information

For data protection inquiries, please contact:

Data Protection Officer:
Vivek Ganesan
Email: vivek.ganesan@ampyard.com