Datenschutzerklärung / Privacy Policy
HermitTaxDE — German Tax Compliance for Shopify
1. Verantwortlicher / Data Controller
HermitTaxDE
E-Mail: privacy@hermittaxde.com
Website: https://hermittaxde.com
2. Welche Daten wir verarbeiten / Data We Process
When you install HermitTaxDE on your Shopify store, we access and process the following data through the Shopify API:
- Order data: Order ID, line items, prices, tax amounts, currency, and customer billing information (name, address, email, VAT ID) — required for generating legally compliant invoices under German tax law (§ 14 UStG).
- Store configuration: Your shop domain, business name, address, VAT ID, and tax settings — required for invoice headers and DATEV exports.
- Billing data: Your Shopify subscription status — managed entirely by Shopify's Billing API. We do not collect payment card details.
3. Zweck der Verarbeitung / Purpose
We process data exclusively to provide our services:
- Generating GoBD-compliant invoices (§ 14 UStG, GoBD)
- Creating DATEV EXTF exports for tax advisors
- Producing ZUGFeRD 2.2 and XRechnung documents
- VAT ID validation via the EU VIES system
- Reverse charge determination for B2B cross-border transactions
4. Rechtsgrundlage / Legal Basis
Processing is based on Art. 6(1)(b) GDPR (performance of a contract) and Art. 6(1)(c) GDPR (legal obligation under German tax law — AO §147, UStG §14).
5. Speicherdauer / Retention
Invoice data is retained for 10 years as required by German tax law (AO §147, HGB §257). After this period, or upon legitimate deletion request, data is permanently erased.
Upon app uninstallation, personal customer data (names, emails, addresses) is redacted within 48 hours while financial records are preserved per legal requirements.
6. Datenweitergabe / Data Sharing
We do not sell or share personal data with third parties. Data is processed on:
- Vercel (Frankfurt, EU) — application hosting
- Supabase (Frankfurt, EU) — PostgreSQL database
Both providers are GDPR-compliant and process data within the European Union.
7. Betroffenenrechte / Your Rights
Under GDPR, you have the right to:
- Access your personal data (Art. 15 GDPR)
- Rectification of inaccurate data (Art. 16 GDPR)
- Erasure of data (Art. 17 GDPR) — subject to legal retention obligations
- Data portability (Art. 20 GDPR)
- Lodge a complaint with a supervisory authority (Art. 77 GDPR)
To exercise these rights, contact us at privacy@hermittaxde.com.
8. Shopify GDPR Webhooks
HermitTaxDE implements all mandatory Shopify GDPR webhooks:
- Customer data request: We return all stored data for the requesting customer.
- Customer data erasure: We redact personal identifiers while preserving financial records as required by German law.
- Shop data erasure: We delete all shop-specific configuration and redact personal data from remaining financial records.
9. Cookies & Tracking
HermitTaxDE does not use cookies for tracking or analytics. The only cookies used are Shopify's session cookies required for embedded app authentication.
10. Änderungen / Changes
We may update this policy to reflect changes in our practices or legal requirements. The current version is always available at this URL.
Last updated: February 2026