Privacy Policy
Please note: This is a courtesy translation. Only the German version of this privacy policy is legally binding. In case of any discrepancies, the German version prevails.
1. Overview
General Information
The following information provides a simple overview of what happens to your personal data when you visit our website (gaponik.com) or use our Shopify app Idealo EasyConnect. Personal data is any data that can be used to personally identify you.
This privacy policy is divided into two parts:
- Part A covers visits to our website (gaponik.com),
- Part B covers the use of our Shopify app Idealo EasyConnect.
Information on the Responsible Party
The party responsible for processing within the meaning of the GDPR is:
UCX Media - Sergei Gaponik
c/o Online-Impressum.de #6171
Europaring 90
53757 Sankt Augustin
Germany
E-Mail: info@gaponik.com
The responsible party is the natural or legal person who, alone or jointly with others, decides on the purposes and means of processing personal data.
Your Rights
You have the right at any time to receive free information about the origin, recipients, and purpose of your stored personal data (Art. 15 GDPR).
You also have the right to request the correction (Art. 16 GDPR), deletion (Art. 17 GDPR), or restriction of the processing (Art. 18 GDPR) of this data, the right to data portability (Art. 20 GDPR), and the right to lodge a complaint with the competent supervisory authority (Art. 77 GDPR).
Where processing is based on your consent, you may withdraw it at any time with effect for the future (Art. 7 (3) GDPR). Where processing is based on our legitimate interest (Art. 6 (1) lit. f GDPR), you may object at any time (Art. 21 GDPR), e.g. by email to info@gaponik.com.
Data Protection
We take the protection of your personal data very seriously. Processing is carried out in accordance with the statutory data protection regulations and this privacy policy.
We would like to point out that data transmission over the Internet and within cloud-based platforms may have security vulnerabilities. Complete protection of data against access by third parties is not possible.
Part A: Website (gaponik.com)
A.1 Website Hosting
Our website is hosted as a static site by Cloudflare (Cloudflare Pages):
Cloudflare, Inc.
101 Townsend Street
San Francisco, CA 94107
United States of America
When you access the website, Cloudflare processes technically necessary data such as IP address, date and time of access, pages accessed, browser type, and operating system (server log files). This processing is based on our legitimate interest in a secure, stable, and efficient provision of the website (Art. 6 (1) lit. f GDPR). Cloudflare is certified under the EU-US Data Privacy Framework; standard contractual clauses are also in place. A data processing agreement (DPA) pursuant to Art. 28 GDPR has been concluded with Cloudflare.
The fonts used on the website are loaded locally from our own servers; no data is transferred to third parties in the process.
A.2 Cookies
Our website does not use cookies or comparable storage technologies on your device. A consent banner is therefore not required.
A.3 Web Analytics with PostHog
We use the analytics service PostHog on our website:
PostHog, Inc.
2261 Market Street #4008
San Francisco, CA 94114
United States of America
PostHog is operated on this website without cookies and without local storage on your device. There is no recognition across multiple sessions and no identification of individual persons. Anonymized usage data is collected, such as pages visited, interactions, technical device information, and the origin of the visit (e.g. UTM parameters).
The analytics data is processed exclusively on servers in the European Union (EU cloud, Frankfurt). A data processing agreement (DPA) pursuant to Art. 28 GDPR has been concluded with PostHog.
Processing is based on Art. 6 (1) lit. f GDPR (legitimate interest in analyzing and improving our web offering).
A.4 Contact
If you contact us by email, the data you provide (e.g. name, email address, content of the message) will be stored in order to process your request. This data will not be passed on without your consent.
Processing is based on Art. 6 (1) lit. b GDPR (initiation of a contract) or Art. 6 (1) lit. f GDPR (legitimate interest in responding to inquiries).
A.5 External Links
This website may contain links to external websites (e.g. LinkedIn, GitHub). We accept no responsibility for their content and data protection practices.
Part B: Shopify App Idealo EasyConnect
B.1 Data Collection Within the App
How do we collect your data?
On the one hand, your data is collected when you provide it to us while using the app, e.g. through inputs, configurations, or support requests.
Other data is collected automatically through the technical use of the app within the Shopify platform. This is in particular technical data (e.g. shop domain, API accesses, timestamps of app actions).
What do we use your data for?
Processing is carried out exclusively to:
- provide the functionality of the app (in particular the transmission of product data to idealo, see B.4),
- store configurations and settings,
- process support requests,
- analyze the usage of the app and improve the app (see B.3),
- and ensure the security and stability of the app.
Your data is not used for advertising or marketing purposes unless this is expressly stated and approved.
B.2 Hosting and Technical Infrastructure of the App
The app is technically operated on external servers. The personal data processed in the course of using the app is stored on the servers of the hosting provider. This may include in particular the following data:
- Shopify shop information (e.g. shop domain, shop ID)
- technical metadata and log information
- configuration and settings data of the app (e.g. feed configurations and product data mappings)
- support communication
Hosting is carried out:
- for the performance of the contract (Art. 6 (1) lit. b GDPR),
- and based on our legitimate interest in a secure, stable, and efficient provision of the app (Art. 6 (1) lit. f GDPR).
Hosting provider used:
Railway Technologies, Inc.
2261 Market Street #4485
San Francisco, CA 94114
United States of America
A data processing agreement (DPA) pursuant to Art. 28 GDPR has been concluded with the hosting provider.
The app is additionally delivered via the content delivery network of Cloudflare (see A.1); technically necessary connection data is processed in the process.
B.3 Usage Analytics in the App (PostHog)
Within the app, we use the analytics service PostHog (for the provider, see A.3) to understand how the app is used and to improve it. This involves collecting the views accessed, interactions with the app, and technical device information. The usage data is associated with the respective shop (shop domain). Cookies and comparable storage technologies may be used in the browser.
The analytics data is processed exclusively on servers in the European Union. A data processing agreement (DPA) pursuant to Art. 28 GDPR has been concluded with PostHog.
Processing is based on Art. 6 (1) lit. f GDPR (legitimate interest in analyzing, improving, and further developing the app). You may object to this processing at any time (Art. 21 GDPR), e.g. by email to info@gaponik.com.
B.4 Data Transmission to idealo
The core function of the app is the transmission of product data from your Shopify shop to the price comparison platform idealo:
idealo internet GmbH
Ritterstraße 11
10969 Berlin
Germany
Only product and offer data is transmitted, e.g. product titles, descriptions, prices, images, article numbers (GTIN/EAN, SKU), availability, and shipping information. Personal data is not included.
idealo is independently responsible for the further processing of this data; the idealo privacy policy applies.
B.5 Billing via Shopify
Billing for paid plans is handled entirely through Shopify’s billing system. We do not receive any payment data (e.g. credit card or bank account details), only information about the status of your subscription. Shopify’s privacy policy applies to payment processing.
B.6 Storage Duration
Personal data is only stored for as long as is necessary for the respective purpose.
After uninstalling the app, all associated data is deleted unless statutory retention obligations exist.
B.7 Communication and Support
If you contact support by email or via Shopify, your details, including all personal data resulting from them, will be stored and processed exclusively for the purpose of handling your request.
Legal basis:
- Art. 6 (1) lit. b GDPR (contractual or pre-contractual measures)
- Art. 6 (1) lit. f GDPR (legitimate interest in efficient support)
B.8 Data Processing Within the Shopify Platform
The app is operated exclusively within the technical infrastructure of Shopify. Shopify’s data protection provisions apply in addition.
The app only accesses the data that is strictly necessary for its respective function and that is transparently presented during the app installation process.
Last updated: July 2026