Privacy & Data Protection
What data Lærke PC Builder processes, how long we keep it, how it's protected, and what choices merchants and shoppers have.
Last updated 2026-05-28
Lærke PC Builder is a configurator app embedded in Shopify and on Shopify storefronts. It is operated by Spartahive.
Roles
The Shopify merchant who installs the app is the data controller for their store's data. Spartahive acts as a data processor on the merchant's behalf, under a Data Processing Agreement that is part of the app's terms of service.
What we process
| Category | Examples | Source |
|---|---|---|
| Catalogue data | Products, variants, prices, inventory levels and the metafields you map to components — read to render the builder and price a build. | The merchant's Shopify store, via the Admin API. |
| App configuration | Component groups, compatibility rules, price rules, configurators and branding settings you create. | Entered by the merchant in the app admin. |
| Build data | A saved build: the chosen variant identifiers, computed per-line prices and slot labels, under a random build identifier. No shopper name, email or address. | Generated when a shopper assembles a build. |
| Order outcome data | When an order is placed through the configurator: the order identifier, order total and the revenue-share amount, used to bill the merchant. No customer name, email, address or payment details are stored. | Shopify, via the order webhook. |
| Operational metadata | Timestamps, usage counts, audit log entries, error events. | Generated by the app itself. |
The app does not store shopper personal data, track or profile shoppers across sessions, set advertising cookies, or sell data to third parties. A build is added to the cart with hidden line properties (a build identifier, a price breakdown and a signature) so the build can be priced correctly at checkout — these are not personally identifying.
How we use the data
- Render the configurator and offer compatible parts.
- Price each build according to the merchant's rules.
- Create a draft order or a cart bundle so the build can be purchased through Shopify checkout.
- Bill the merchant's revenue share through Shopify on orders that include a configured build.
Sub-processors
| Category | Purpose | Region |
|---|---|---|
| Shopify International Ltd. | App platform, product, inventory and order data APIs. | EU / global |
| EU hosting provider | Server hosting and encrypted database storage. | EU |
Retention
| Data | Retention |
|---|---|
| App configuration & saved builds | Kept while the app is installed. Deleted when the app is uninstalled and Shopify sends the shop/redact webhook. |
| Order outcome / billing records | Kept for the period required to support billing and accounting, then deleted with the rest of the shop's data on shop/redact. |
| GDPR data requests | Handled through Shopify's customers/data_request and customers/redact webhooks. |
Security
In transit
All traffic between the shopper, the storefront, the app server and Shopify is encrypted with TLS.
At rest
The app's database runs on EU-hosted, encrypted storage and is not accessible outside the application.
Access control
Production access is limited to named Spartahive operators. The operator console is protected by per-user accounts with hashed passwords, and administrative actions are recorded in an audit log.
Shopper rights (GDPR)
Because the merchant is the data controller, shoppers exercise their rights through the merchant, using Shopify's standard customers/data_request and customers/redact flows. The app does not hold shopper personal data outside Shopify, so a redaction request requires no additional deletion on our side; we participate in both flows and log the request.
Contact
Privacy questions and DPA requests: laerke@spartahive.com.