Data Processing Addendum (DPA)
This page summarizes processing roles, sub-processors, and security controls for ACP Feed Optimizer.
Controller: Merchant/store owner.
Processor: ACP Feed Optimizer.
Purpose: product feed analysis, optimization, and reporting for merchant-owned catalogs.
Security Measures
- TLS in transit for API and dashboard traffic.
- Encrypted token storage for provider and platform secrets.
- Least-privilege Shopify OAuth scopes (read-first flow).
- Row-level store isolation in database access.
Sub-processors
- Supabase (data storage and authentication infrastructure).
- OpenAI / Anthropic / Google Gemini (only when configured by merchant).
- Stripe (billing and subscription operations).
- Resend (transactional email delivery, if enabled).