Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Spreadr is a US-based dropshipping and product import platform for e-commerce stores, particularly Shopify. It enables store owners to import products from Amazon and other marketplaces and forward orders to suppliers for fulfilment. Customer order data including names, shipping addresses, and purchase details are transmitted to US infrastructure. SCCs and a DPA with Spreadr are required.
Spreadr is a dropshipping app for e-commerce platforms, primarily Shopify, that enables store owners to import products from Amazon and fulfil orders through Amazon FBA or third-party suppliers. When a customer places an order, Spreadr forwards the order data to the relevant supplier for fulfilment.
Customer name, address, and order data are shared with Spreadr (US) and then with Amazon or third-party suppliers for fulfilment. This is a controller-to-processor transfer for Spreadr and potentially a controller-to-controller transfer for the end supplier. SCCs are required. Customers must be informed of data sharing with fulfilment partners.
Disclose in your privacy policy that order data is shared with Spreadr and fulfilment partners for order processing. Sign DPA with Spreadr. Implement SCCs. Limit data shared with suppliers to what is strictly necessary for delivery. Provide customer contact for data subject rights requests.
Websites using Spreadr must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA may be required for large-scale dropshipping operations involving significant volumes of EU customer data transmitted to multiple US suppliers.
Sample consent text
This store uses Spreadr for order fulfilment. Your order data (name, address) is shared with our fulfilment partners in the US under Standard Contractual Clauses to deliver your purchase. See our privacy policy.
Third-party domains contacted
app.spreadr.appapi.spreadr.appcdn.shopify.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| _spreadr_session | functionality | Session | Maintains the authenticated session for the Spreadr product import and order management dashboard. |
| _spreadr_store | functionality | 30 days | Identifies the connected Shopify store for product synchronisation and order forwarding. |
| _spreadr_track | analytics | 6 months | Tracks product import activity and order conversion metrics for merchant reporting. |
| _spreadr_csrf | security | Session | Provides CSRF protection for order forwarding and product management actions. |
Spreadr uses cookies for user preferences — inform visitors with a consent banner.
Spreadr is a Shopify app for importing and syndicating Amazon products. It sets session cookies to manage the integration between your Shopify store and Amazon product listings. Additional cookies may be used for affiliate tracking and product synchronization states.
Consent requirements depend on how Spreadr is configured. If the app sets cookies on visitors' browsers for affiliate tracking or analytics purposes, prior consent is required under the ePrivacy Directive. Cookies strictly necessary for the store's checkout functionality may be exempt from consent.
For essential ecommerce functionality, legitimate interest under Article 6(1)(f) GDPR can apply. For affiliate tracking cookies and any non essential data collection, consent under Article 6(1)(a) is required. Review which Spreadr features set optional versus necessary cookies.
Yes, Spreadr connects your store to Amazon's infrastructure, which involves data transfers to the United States. Ensure that your data processing agreement with Spreadr includes Standard Contractual Clauses and that your privacy policy discloses these transfers to visitors.
A DPIA is generally not mandatory for standard Spreadr usage. However, if you combine Spreadr with extensive user profiling, behavioral tracking across multiple stores, or large scale affiliate monitoring, conducting a DPIA would be prudent under Article 35 GDPR.
Configure your Shopify consent management to block Spreadr's non essential cookies until consent is granted. Ensure your privacy policy mentions Amazon product syndication and affiliate tracking. Review Spreadr's data processing practices and include them in your Records of Processing Activities.
Consider product import solutions that do not set third party cookies or rely on affiliate tracking. Manual product listings eliminate external data flows entirely. Some Shopify apps offer server side product syndication without client side tracking scripts.
Document all cookies Spreadr sets, including affiliate tracking identifiers, session cookies, and any Amazon related cookies. Specify their purposes, durations, and whether they are first party or third party. Include Spreadr in the list of third party services in your cookie declaration.