Privacy Policy

Revoka — EU Withdrawal Button for Shopify

Last updated: April 2026

Revoka is a Shopify app by Timmgard GmbH that enables online stores to comply with the EU withdrawal button obligation per § 356a BGB and to issue the model withdrawal form. This privacy policy informs about the processing of personal data when using the app.

1. Data Controller

Timmgard GmbH, Kurhausstraße 78a, 53773 Hennef, Germany. Commercial Register: HRB 17527 (Amtsgericht Siegburg). VAT ID: DE359202464. Authorized Representative: S. Timm. Email: [email protected].

2. Overview of Data Processing

Revoka processes withdrawal and order data to fulfil the legal information, confirmation, and documentation obligations under § 356 and § 356a BGB and under Directive 2011/83/EU (as amended by 2023/2673). Processing is carried out on behalf of the merchant.

3. Data Collected

• Order number, email address, order date, customer name (for identification) • Withdrawal reason (voluntary, never mandatory) • IP address and user agent (exclusively for rate limiting in memory, not stored) • Generated model withdrawal PDF (timestamp, language, merchant data)

4. Legal Basis

• Art. 6(1)(c) GDPR (legal obligation of merchant to provide withdrawal process per § 356a BGB) • Art. 6(1)(f) GDPR (legitimate interest in abuse prevention via rate limiting) • Art. 6(1)(b) GDPR (contract performance)

5. Hosting & Processors

Data is processed exclusively on EU servers (Render Services, Frankfurt, Germany). No data transfer to third countries. A data processing agreement (DPA) per Art. 28 GDPR is in place with Render. Transactional emails are sent via Resend (certified under the EU-US Data Privacy Framework).

6. Retention

Withdrawal records are automatically deleted 6 months after completion. Upon uninstallation of the app, all shop data is completely deleted within 48 hours (customers/redact, shop/redact webhooks).

7. Security

• TLS encryption for all transfers • HMAC-signed state parameters preventing tampering • Rate limiting against abuse • Cross-shop isolation via shopId scoping on all queries • Honeypot fields against automated requests • Email verification on order lookup

8. Your Rights

Access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), data portability (Art. 20), objection (Art. 21), withdrawal of consent (Art. 7(3)). Contact: [email protected]. Right to complaint with supervisory authority (LDI NRW).

9. Changes

We reserve the right to update this policy. The current version is always available at this URL.