Skip to main content
— Concept walkthrough

GDPR for digital downloads

Under GDPR, your shop is the data controller and Alva Apps is the processor. Alva holds the customer email and name attached to each Shopify order, the order ID, license keys assigned post-purchase, and a per-attempt download log (IP, user agent, timestamp). This article is informational and is not legal advice — talk to a privacy lawyer for jurisdictional specifics. Below is the honest summary of what's stored, where it sits, and how to handle a data-subject request.

Last updated · May 6, 2026 Read time · 4 min Author ·

What Alva stores about your customers

  • Customer email and name — copied from the Shopify order when orders/paid fires.
  • Order references — Shopify order ID, order number, and the line items that mapped to digital files or license keys.
  • Download usage logs — each download attempt writes a row with IP address, user agent, timestamp, and the requested file. Powers fraud limits and the per-customer log export.
  • License-key assignments — the specific key value issued to each customer, stored on PurchaseLicenseKey.
  • Email logs — which delivery emails Alva sent (subject, recipient, send timestamp).

Alva does not store payment details, shipping addresses, or anything Shopify doesn't pass through the order webhook.

Where the data lives

Customer rows, purchase records, license keys, download logs, and email logs sit in a PostgreSQL database hosted on Heroku. Uploaded product files sit in Cloudflare R2. Outbound delivery emails route through Postmark or MailerToGo depending on plan and custom-domain status. The current subprocessor list and international-transfer mechanism are in Alva's privacy policy — read that alongside this article.

Customer data-export request (Article 15)

Shopify fires a customers/data_request webhook to Alva when a merchant submits a request through the Shopify admin. Alva is registered for that topic (in shopify.app.toml under compliance_topics) and acknowledges every fire, but the export itself is generated manually rather than auto-emailed. Forward the customer email and order ID to digitaldownloads@alvaapps.com and we'll return the matching rows within 30 days.

For most cases the data is already reachable: the order detail page shows the customer email, license keys, and download log; Settings → Download log exports a per-customer CSV. Combined with Shopify's own customer export, that typically satisfies an Article 15 request without involving Alva support.

Screenshot needed

Shopify Partners admin → App configuration → Compliance webhooks panel showing the three registered topics (customers/data_request, customers/redact, shop/redact) for Alva Digital Downloads. Or alternatively a redacted sample CSV row from the Download log export. Browser chrome cropped out, no real merchant data visible.

Shopify's compliance webhooks panel — Alva is registered for all three topics.

Customer data-delete request (Article 17)

Right-to-erasure runs through Shopify's customers/redact webhook, which Shopify fires 60 days after the controller marks a customer for redaction — a standard delay window covering open chargebacks and refund flows. Alva is registered for the topic and on receipt we redact the matching Customer, Purchase, PurchaseLicenseKey, DownloadLog, and EmailLog rows for that customer email.

What gets deleted: personal identifiers, download-log rows, and email-log rows. What stays: aggregate counters and the underlying product files you uploaded — those are your data, not the customer's. To trigger a redact outside Shopify's flow, email support with the customer email and order numbers.

Shop-data delete request (uninstall)

The shop/redact topic and a full uninstall both wipe everything tied to the shop. Mechanics, what survives, and how to back up first are covered in What happens if I uninstall Alva Digital Downloads.

Frequently asked questions

Does Alva have a Data Processing Agreement (DPA)?

Yes. Email digitaldownloads@alvaapps.com and we'll send a signed DPA naming Alva Apps as processor and your shop as controller. The DPA references the subprocessors listed in the privacy policy and Standard Contractual Clauses for international transfers.

How long does Alva keep customer data after an order ships?

Customer email, order metadata, license-key assignments, and download-usage logs are retained for the lifetime of your installation. They are deleted only when you uninstall the app or when you submit a redact request for that customer. There is no automatic time-based purge.

Where is the data physically stored?

Order records and download logs sit in PostgreSQL on Heroku. Uploaded files sit in Cloudflare R2. Outbound emails are sent through Postmark or MailerToGo. The current subprocessor list is in the privacy policy at /privacy-policy.html.

See also

Billing & plans

What happens if I uninstall Alva

The full uninstall path — what gets deleted, what stays, and how to prepare.

 Billing & plans

Which features require a paid plan

DPAs and custom email domains live on the paid tiers — quick reference.

 Fraud & security

Audit fraud decisions with the fraud action log

The download log isn't the only audit surface — fraud actions are logged separately.

Was this helpful?

Still stuck? Email us.

Last updated 2026-05-06