Privacy Policy
Last updated: 29 June 2026
1. Introduction
Voidly ("we", "our", "us") is a Shopify application that helps merchants
comply with the EU consumer withdrawal directive 2023/2673. This Privacy
Policy explains how we collect, use, and protect personal data when
merchants and their customers interact with our application.
Voidly is operated by G2A STUDIO&LAB, a French simplified joint-stock
company (SAS), registered under SIREN 883 836 256, with its registered
office at 10 rue de Penthièvre, 75008 Paris, France. Intracommunity VAT
number: FR06 883 836 256.
Director: Guillaume Aït.
Contact: privacy@voidly.eu
2. Data we collect
From merchants:
- Shop name, domain, contact email
- Shopify access tokens (encrypted, never shared)
- Configuration settings (commercial window, branding, language)
From end customers:
- Order number and email address (to verify withdrawal requests)
- Withdrawal request content (selected items, optional reason)
- Submission timestamp (mandatory under EU directive 2023/2673)
3. How we use this data
- Process withdrawal requests on behalf of the merchant
- Send legally required acknowledgment of receipt emails
- Update order statuses and process refunds through Shopify Admin API
- Maintain an audit log for legal compliance purposes
- Provide customer support and improve the service
We do not sell personal data to third parties. We do not use personal
data for marketing.
4. Data sharing
We share data only with:
- Shopify (mandatory, to operate the app)
- Mailgun (transactional email delivery)
- Hosting providers (Vercel, within the EU)
All providers are GDPR-compliant and bound by data processing agreements.
5. Data retention
- Active withdrawal requests: retained for the duration of the merchant
subscription plus 3 years (legal requirement for consumer rights disputes)
- Merchant account data: retained until the merchant uninstalls the app,
then deleted within 90 days
- Email delivery logs: 6 months
6. Your rights (GDPR)
EU residents have the right to:
- Access their personal data
- Request rectification of inaccurate data
- Request deletion (subject to legal retention obligations)
- Restrict or object to processing
- Data portability
To exercise these rights: privacy@voidly.eu
You also have the right to lodge a complaint with the CNIL (Commission
Nationale de l'Informatique et des Libertés, France) or your local data
protection authority.
7. Security
- Data encrypted in transit (TLS 1.3) and at rest (AES-256)
- Shopify access tokens stored encrypted
- Regular security audits
- Access controls and audit logs
8. Cookies
The Voidly app does not use third-party tracking cookies. Session cookies
are used solely for app functionality.
9. Changes to this policy
We may update this Privacy Policy from time to time. We will notify
merchants of significant changes via the app admin or by email.
10. Contact
For privacy-related questions or to exercise your rights:
privacy@voidly.eu
G2A STUDIO&LAB
10 rue de Penthièvre
75008 Paris, France
SIREN: 883 836 256
VAT: FR06 883 836 256