Early access is open - join the wishlist and lock in 20% off for a full year.
Nugglets ecommerce command center logo Nugglets Manage your whole online store in one place.
Legal

Data Processing Addendum

How Nugglets processes customer data on behalf of business accounts using the Nugglets ecommerce command center.

Last updated: June 14, 2026 · Applies to nugglets.com and the Nugglets ecommerce platform.

1. Overview

This Data Processing Addendum ("DPA") forms part of the Nugglets Terms of Service and Privacy Policy for business customers that use Nugglets to process personal data in their ecommerce operations. It explains how Nugglets processes customer-controlled data when providing the Nugglets ecommerce command center.

If there is a conflict between this DPA and another Nugglets policy about our processing of customer-controlled personal data, this DPA controls for that processing.

Plain-English summary: You own the store, order, customer, supplier, and product data you put into Nugglets. We process it only to provide, secure, support, and improve the service.

2. Roles

For personal data that a customer uploads, connects, imports, or enters into Nugglets for its own ecommerce operations:

  • Customer acts as the controller or business, depending on applicable law.
  • Nugglets acts as the processor or service provider for that customer-controlled data.
  • For account, billing, support, security, marketing, and website analytics data that Nugglets determines how to use, Nugglets may act as an independent controller as described in our Privacy Policy.

3. Processing details

Nugglets processes personal data to provide ecommerce management tools, including order tracking, profit analytics, supplier management, product records, connected-store sync, support workflows, and reporting.

Categories of data

  • Store, order, product, supplier, inventory, fulfillment, and customer records.
  • Names, emails, shipping details, billing references, and transaction metadata where included in connected store or order data.
  • Account user information, roles, settings, support messages, and activity logs.
  • Technical data such as IP address, device details, browser details, and logs used for security and diagnostics.

Categories of data subjects

  • Customer's account users and team members.
  • Customer's ecommerce buyers, prospects, suppliers, contractors, and support contacts.
  • Visitors who interact with Nugglets-powered support or tracking features.

Duration

Nugglets processes customer-controlled data for the duration of the customer's use of the service and as otherwise needed to comply with law, resolve disputes, maintain security, or enforce agreements.

4. Customer instructions

Nugglets will process customer-controlled personal data only on documented customer instructions, including instructions given through the product, connected integrations, support requests, account settings, and the agreements that govern use of Nugglets.

If Nugglets believes an instruction violates applicable data protection law, we may notify the customer and pause the affected processing where legally appropriate.

5. Security measures

Nugglets uses reasonable technical and organizational measures designed to protect personal data against unauthorized access, loss, misuse, disclosure, alteration, or destruction. Measures include:

  • HTTPS/TLS for data in transit.
  • Hashed passwords and restricted administrative access.
  • Role-based access controls for staff and product areas where available.
  • Logging and monitoring for support, security, and operational troubleshooting.
  • Backups, recovery practices, and data retention controls appropriate to the service.
  • Limiting employee and contractor access to personnel who need it to provide, maintain, secure, or support the service.

6. Subprocessors

Nugglets may use third-party service providers ("subprocessors") to host, operate, secure, support, or improve the service. These may include providers for hosting, infrastructure, payment processing, email delivery, analytics, live chat, and connected ecommerce integrations.

Nugglets will require subprocessors that process customer-controlled personal data to protect that data under obligations that are materially consistent with this DPA. Customers may contact us for current subprocessor information.

7. Data subject requests

If Nugglets receives a request from a data subject about customer-controlled data, we may direct the requester to the customer unless law requires otherwise. Customers are responsible for responding to requests to access, correct, delete, export, restrict, or object to processing of their own customer-controlled data.

Where reasonably possible, Nugglets will help customers respond to valid data subject requests through product tools or support assistance.

8. Security incidents

If Nugglets becomes aware of a confirmed security incident involving customer-controlled personal data, we will notify affected customers without undue delay after confirming the incident, consistent with applicable law and legitimate security needs.

Notice may include known details about the nature of the incident, affected data, mitigation steps, and recommended customer actions, where available.

9. Return and deletion

Customers may export or delete data using available product tools or by contacting Nugglets support. After account termination or a verified deletion request, Nugglets will delete or return customer-controlled personal data within a reasonable period unless retention is required by law, security, backup integrity, accounting, dispute resolution, or legitimate business needs.

Public users may also submit a deletion request through our data deletion page.

10. International transfers

Nugglets may process data in countries where we or our subprocessors operate. When applicable law requires transfer safeguards, Nugglets will use appropriate measures such as contractual commitments, subprocessors with suitable safeguards, or other lawful transfer mechanisms.

11. Audit information

Upon reasonable written request, Nugglets may provide information about our security and data-processing practices to help customers verify compliance with this DPA. Requests must be reasonable in scope and frequency and must not compromise the security, confidentiality, or availability of Nugglets systems or other customers' data.

12. Contact

Questions about this DPA or Nugglets data processing practices? Contact us at:

This DPA is provided for operational transparency and does not replace advice from your own legal counsel about your specific compliance obligations.

Related policies

Privacy Policy Terms of Service Cookie Policy Billing Policy Subscription Policy Refund & Cancellation Policy Data Processing Addendum