Last Updated: June 19, 2026

Data Processing Agreement

This Data Processing Agreement ("DPA") forms part of, and is incorporated by reference into, the FormFlow Terms of Service between Lord Systems ("Processor," "FormFlow," "we," "us") and the merchant ("Controller," "you") for use of the FormFlow Shopify application. By accepting the Terms of Service, you agree to this DPA.

1. Roles

For personal data of your customers and form submitters processed through FormFlow, you are the Controller and FormFlow is the Processor, acting only on your documented instructions — your configuration of forms and destinations constitutes those instructions. For your own merchant account data, FormFlow is the Controller (see our Privacy Policy).

2. Subject Matter, Duration, Nature & Purpose

  • Subject matter: processing of form submission data to provide the FormFlow service.
  • Duration: the term of the Agreement, plus the retention window you configure (see §6) and any deletion timelines below.
  • Nature & purpose: storing submissions; routing them to the destinations you connect; applying marketing consent; and producing analytics.

3. Categories of Data Subjects and Personal Data

  • Data subjects: your customers and prospective customers who submit your forms.
  • Personal data: form field values (which may include name, email, phone, and postal address), submitter IP address and user-agent, and marketing-consent state. FormFlow does not require or intend to process special-category data; you must not collect it via forms without your own lawful basis.

4. Processor Obligations

FormFlow will:

  • process personal data only on your documented instructions;
  • ensure personnel authorized to process the data are bound by confidentiality;
  • implement the technical and organizational measures in §7;
  • assist you, taking into account the nature of processing, with data-subject requests and with your obligations under §8–9;
  • make available information necessary to demonstrate compliance and allow for audits per §11; and
  • delete or return the data per §12.

5. Sub-processors

You authorize FormFlow to engage sub-processors. Current sub-processors:

  • Infrastructure: Railway (hosting + PostgreSQL), Cloudflare R2 (file/export storage), Google Cloud KMS (encryption key management), Postmark (transactional email), Sentry (error monitoring), and SupportCore (support).
  • Merchant-directed destinations: the CRM/email/messaging/spreadsheet/ticketing services you connect are recipients you instruct FormFlow to send to.

FormFlow imposes data-protection terms on sub-processors no less protective than this DPA and remains liable for their performance. We will give notice of any new or replacement sub-processor by updating our sub-processor list and Privacy Policy and, for material changes, notifying you at least 14 days in advance; you may object on reasonable data-protection grounds within that window.

6. Retention

FormFlow deletes submissions after the retention window you set in Settings → Data & privacy (default 24 months; you may shorten it or opt into indefinite retention). Data is also deleted on a verified deletion request or on uninstall / shop redaction.

7. Security Measures

  • Encryption in transit: TLS/HTTPS enforced (HSTS).
  • Encryption at rest: database and backups encrypted at the storage layer; merchant credentials and access tokens additionally encrypted with AES-256-GCM under per-shop keys wrapped by Google Cloud KMS, with key destruction (crypto-shredding) on shop deletion.
  • Access control: least-privilege staff access to customer data, recorded in a customer-data access log.
  • Resilience, data-loss prevention, and incident response: maintained under our internal security and incident-response policies.

8. Personal Data Breaches

FormFlow will notify you without undue delay after becoming aware of a personal data breach affecting your data, with the information you need to meet your own notification obligations.

9. Assistance with Data-Subject Rights

FormFlow assists you in responding to data-subject access and erasure requests via Shopify's privacy webhooks: a data request compiles the customer's stored data and delivers it to your store contact; a deletion request erases the customer's submissions; and shop redaction erases all of your data.

10. International Transfers

FormFlow is operated on infrastructure hosted in the United States (Railway, Cloudflare). Where personal data of data subjects in the EEA, UK, or Switzerland is transferred cross-border, FormFlow relies on the European Commission's Standard Contractual Clauses (and the UK IDTA / Swiss addendum as applicable), and ensures its infrastructure sub-processors maintain equivalent transfer safeguards. This mirrors our Privacy Policy (§14).

11. Audits

FormFlow will make available to you information reasonably necessary to demonstrate compliance with this DPA. Where you require further assurance, FormFlow may satisfy audit requests by providing its then-current third-party security reports, certifications, or a completed security questionnaire in lieu of an on-site audit, no more than once per 12-month period (or following a personal-data breach affecting your data), subject to confidentiality.

12. Deletion or Return on Termination

On termination, FormFlow deletes your customers' personal data within 90 days, except where retention is required by law. Uninstalling triggers Shopify's shop/redact, which results in immediate full erasure plus per-shop encryption-key crypto-shredding.

13. Acceptance & Availability

This DPA is incorporated by reference into the FormFlow Terms of Service, which you accept when you install the App; accepting the Terms constitutes acceptance of this DPA. No separate signature is required. Merchants who require a countersigned copy may request one at privacy@lord.systems.

14. General

This DPA forms part of, and is governed by, the FormFlow Terms of Service. In the event of a conflict on matters of personal-data processing, this DPA controls; on all other matters, the Terms of Service control. Governing law, limitation of liability, and dispute resolution are as set out in the Terms of Service. This DPA is effective on the date you accept the Terms of Service or the "Last Updated" date above, whichever is later.

15. Contact Us

Lord Systems
Email: privacy@lord.systems
Web: lord.systems/contact