The service. Stravax Engage is a WhatsApp engagement platform operated by Stravax Group LLC, a limited liability company licensed by Sharjah Media City Free Zone Authority (Shams), Sharjah, United Arab Emirates (Licence No. 2537844.01), registered at Sharjah Media City (Shams), Al Messaned, Al Bataeh, Sharjah, UAE. The Shopify app sends WhatsApp abandoned-cart and order-recovery messages to your customers, on your instruction, and reports whether they led to a completed order.
Your account. You are responsible for the accuracy of your account details, for keeping your login credentials secure, and for the actions of the users you invite.
Your responsibilities as the merchant. You are the controller of your customers' data. You are responsible for having a lawful basis and the consent required to message your customers on WhatsApp, and for complying with WhatsApp's and Meta's messaging policies. The app respects the marketing-consent flag on each Shopify checkout, but obtaining valid consent remains yours.
Fees. Cart recovery is billed through Shopify's managed pricing at the plan price shown in the app. WhatsApp message costs are metered and drawn from your prepaid wallet balance.
Acceptable use. You will not use the service to send unlawful, deceptive, or unsolicited messages, or to message customers who have not consented.
Availability and liability. The service is provided on a commercially reasonable-efforts basis. Nothing here excludes liability that cannot be excluded under UAE law.
Termination. You may uninstall the app at any time. On uninstall we stop all recovery messaging, delete the stored access token, and delete the customer data we hold for your store as described in Part B, section 7.
For the customer personal data processed through the Shopify integration:
Installing the app and enabling cart recovery is your instruction to process this data for the purpose in section 3.
We process the data solely to:
We do not use the data for our own purposes, do not sell it, and do not share it except with the sub-processors in section 5. We do not combine your customers' data with any other merchant's.
We apply the following technical and organisational measures:
You authorise the following sub-processors:
| Sub-processor | Role | Receives customer name + phone? |
|---|---|---|
| Cloudflare | Hosting, database, object storage, queues, security | Yes (storage and processing infrastructure) |
| Meta / WhatsApp (WhatsApp Business Platform) | Message delivery (name as a template parameter, phone as the recipient) | Yes (delivery) |
| Stripe | Merchant billing and wallet top-up | No |
| Google Ads / Meta Ads | Conversion-event receipt (only if you enable Ad Sync) | No |
| Anthropic | Optional AI conversation qualifier (WhatsApp message text only, if you enable it) | No |
The Anthropic AI qualifier is a separate opt-in feature. It processes WhatsApp conversation message content for merchants who turn it on; it does not receive the Shopify-sourced customer name or phone number. If you do not enable it, no data reaches Anthropic.
We will give you notice of any new sub-processor that would process the customer name or phone before it takes effect.
If we become aware of a personal data breach affecting your customers' data, we will notify you without undue delay, and no later than 72 hours after becoming aware, with the information you reasonably need to meet your own notification obligations: the nature of the breach, the data and approximate number of records affected, the likely consequences, and the measures we have taken or propose to take. Our incident-handling process is described in the Incident Response Policy.
shop/redact request (typically 48 hours after uninstall), on receipt of which we delete all
abandoned-checkout records we hold for your store.customers/redact request we delete that customer's
abandoned-checkout records for your store, matched by phone number.customers/data_request we log the request and fulfil it
manually, since the only data we hold for a customer is their abandoned-checkout contact data.We will provide reasonable information to help you demonstrate compliance and to respond to data subject requests, taking into account the nature of the processing and the information available to us.
This DPA supplements and is governed by the Terms of Service in Part A. In case of conflict on data-protection matters, this DPA prevails.
Acceptance: By clicking to connect your store, or by enabling cart recovery, you accept these Terms of Service and this Data Processing Addendum on behalf of your business.
Stravax Group LLC, Sharjah, UAE · Data protection contact: privacy@stravax.ai