About This Page

Learn how CartDNA processes merchant and customer information for Shopify stores, including what we collect, how we use it, storage safeguards, and your rights. This page aligns with PCI DSS and GDPR best practices.

Last updated: February 2026

Table of Contents

Overview of Merchant & Customer Information for Shopify

CartDNA operates as a bridge between Shopify merchants and a diverse range of payment providers. To enable smooth payment flows and customer experiences, we process limited and purpose-built merchant and customer data. We minimize data collection and uphold strict privacy standards to reduce risk while ensuring functionality and compliance.

Merchant Data We Handle

  • Store identifiers and Shopify domain
  • App configuration, API credentials, and payment routing preferences
  • Transaction metadata, payment statuses, and settlement references
  • Support interactions and audit logs for diagnostics

Customer Data We Handle

  • Essential checkout data like name, email, and shipping address
  • Payment tokens and authorization results from providers
  • Device and fraud signals strictly for risk evaluation
  • No storage of raw card numbers; tokenized processing only

Data We Don’t Collect or Store

  • Raw payment card numbers (PANs), CVV/CVC
  • Unnecessary sensitive personal data not required for checkout
  • Buyer passwords or Shopify admin credentials

How We Collect and Use Data

We only collect data necessary to process payments, prevent fraud, and provide support for Shopify merchants and customers.

Collection

Data enters via Shopify APIs, checkout webhooks, and secure redirects from payment providers during authorization and capture flows.

Usage

We use data to route payments, reconcile transactions, power fraud checks (e.g., 3DS, velocity), and surface insights for support and operations.

Storage

Data is encrypted at rest (AES‑256) and segregated logically. Retention aligns with legal, settlement, and support needs, followed by secure purge.

Illustration of a secure payment data pipeline

Transparency

We document data flows and can provide a region-specific compliance overview on request.

Data Security & Compliance for Shopify Payments

Security is embedded through our stack with strict segregation, encryption, and observability. We apply least-privilege access, rotate credentials, and maintain continuous monitoring. Our practices align with PCI DSS for payment security and GDPR for privacy, enabling merchants to meet regional regulatory obligations.

Robust Encryption

TLS/HTTPS in transit, AES-256 at rest, tokenized PAN handling, and HSM-backed provider keys.

Fraud Controls

Device signals, velocity checks, 3DS flows, and adaptive risk scoring to reduce chargebacks.

Compliance Aligned

PCI DSS handling for payment data and GDPR-compliant processing across regions.

Data Retention

We retain transaction records and audit logs for legal, settlement, and support purposes, then purge or archive per policy.

Access & Control

Strict role-based access, multi-factor authentication, and peer-reviewed changes for operational safety.

Illustration of compliance and certification

Note

We collaborate with payment providers and merchants to keep configurations current and secure. Reach out for a compliance overview tailored to your region.

Your Rights & Controls

Under GDPR and similar privacy regulations, data subjects (your customers) have rights we help merchants fulfill:

Customer Rights

  • Access and portability of personal data
  • Correction and deletion (where applicable)
  • Objection or restriction of processing

Merchant Controls

  • Configuration dashboards for data flows
  • Audit logs and support tooling
  • Configurable retention windows (where supported)
Support specialist portrait

Privacy & Support

CartDNA Team

We provide workflows and guidance to help merchants respond to access and deletion requests quickly and securely.

Benefits for Merchants & Customers

With CartDNA, merchants gain access to flexible payment orchestration, optimized conversion, and reduced operational overhead. Customers benefit from localized payment options, secure checkout, and faster issue resolution.

Boosted Conversion

Smart routing, local payment methods, and frictionless flows increase checkout success.

Operational Efficiency

Unified configuration and observability reduce manual work and errors.

Customer Trust

Privacy-first handling and secure payments build long-term loyalty.

Ecommerce director portrait

Ecommerce Director

Global Retail Brand

CartDNA helped us launch alternative payments across regions without redeploying our checkout. Their privacy approach made stakeholder reviews straightforward.

Frequently Asked Questions

Do you store card numbers?

No. We process tokenized payment data provided by payment processors and never store raw PANs.

How is customer privacy protected?

We apply data minimization, encryption, regulated data access, and GDPR-aligned processing with user rights respected.

Can CartDNA support regional payment methods?

Yes. We integrate with various providers and methods to match customer preferences across regions.