Data Processing Addendum
This Data Processing Addendum (DPA) forms part of the Executly Terms of Service and applies when a merchant acts as controller and MilTwo acts as processor for personal data processed through Executly.
Last updated February 25, 2026
Purpose and Incorporation
This DPA is incorporated into the Terms of Service between the merchant and MilTwo. In the event of conflict, this DPA controls for data protection obligations.
Roles and Instructions
Merchant is the controller (or equivalent under applicable law) and MilTwo is the processor. MilTwo will process personal data only on documented instructions from the merchant unless otherwise required by law.
Details of Processing
| Item | Description |
|---|---|
| Subject matter | Processing needed to provide checkout and customer account customization features in Shopify |
| Duration | For the term of the service agreement and limited post-termination retention defined in the Privacy Policy |
| Nature and purpose | Hosting, feature execution, support, security, and reliability operations for merchant-configured workflows |
| Categories of data subjects | Merchant users and store personnel; end customers where merchant-configured features process customer-related data |
| Types of personal data | Identifiers, contact data, store/account metadata, configured workflow data, and support communications |
Confidentiality
MilTwo will ensure persons authorized to process personal data are bound by confidentiality obligations.
Security Measures
MilTwo maintains appropriate technical and organizational measures proportionate to risk, including access controls, security monitoring, and infrastructure protections.
Subprocessors
Merchant authorizes MilTwo to engage subprocessors for service delivery, subject to written agreements with data protection obligations no less protective than this DPA.
Current subprocessors are listed at /subprocessors. MilTwo remains responsible for subprocessors' performance of relevant data protection obligations.
Assistance with Data Subject Rights and Compliance
Taking into account the nature of processing, MilTwo will provide reasonable assistance to the merchant for responding to data subject requests and for meeting applicable obligations related to security, impact assessments, and regulator consultations.
Personal Data Breach Notification
MilTwo will notify the merchant without undue delay after becoming aware of a confirmed personal data breach affecting data processed under this DPA and will provide available information needed for incident response.
International Transfers and SCCs
Where personal data is transferred outside the EEA, UK, or Switzerland, MilTwo will apply appropriate transfer safeguards, including SCCs and UK transfer addendum terms where required.
Audit and Information Rights
MilTwo will make available information reasonably necessary to demonstrate compliance with this DPA and may satisfy audit requests through documentation, security summaries, and scoped remote reviews, provided requests are reasonable and not more than once per year unless required by law.
Return and Deletion
Upon termination, MilTwo will delete or anonymize personal data processed under this DPA according to the retention schedule in the Privacy Policy, unless legal obligations require longer retention.
Liability, Governing Law, and Venue
Liability under this DPA is subject to the liability framework in the Terms of Service. This DPA is governed by the laws of Denmark, and disputes are subject to the competent courts of Denmark.
Execution and Contact
To request execution records or DPA clarifications, contact support@executly.io.