Security and Data Summary
Public due-diligence summary for Kedalion GPSR.
This page summarizes data handling, storefront publication, and merchant responsibilities for Kedalion GPSR.
Product Scope
Kedalion GPSR is a Shopify disclosure-builder workflow. It stores merchant-entered product safety information, writes app-managed metafields, and supports storefront publication through a theme app block.
Data handled
- Shop domain, app session, and Shopify admin context needed to authenticate the merchant.
- Product identifiers, titles, handles, vendor values, and related Shopify product metadata needed for the queue and editor.
- Merchant-entered manufacturer, EU representative, warning, origin, document-link, and publication settings.
- Workflow metadata used to show gaps, saved state, and publication state.
Data not intended for the app
- Payment card data, passwords, private credentials, or unrelated customer-account content.
- Private legal advice, confidential supplier contracts, or complete internal product files that do not need to be published.
- Raw sensitive data in support emails unless Kedalion explicitly asks for a minimized example.
Platform dependency
The app depends on Shopify authentication, Shopify product APIs, Shopify metafields, the merchant's Shopify theme configuration, and standard hosting/database infrastructure used to operate the service.
Customer responsibilities
Merchants remain responsible for product safety evidence, legal review, supplier verification, document hosting, representative appointment, and final publication decisions.