Frequently Asked Questions
Find answers to common questions about B2B Onboard, data handling, and support.
What data does the app collect?
B2B Onboard collects the following data when a prospective B2B customer submits a registration form on your storefront:
- Business contact information: company name, contact name, email address, and phone number
- Custom form fields: any additional fields you configure in the form builder (e.g., VAT number, company size, industry)
- Uploaded documents: files submitted through file upload fields (e.g., trade licenses, tax certificates)
- Technical metadata: IP address and user agent string, collected automatically at submission time
- reCAPTCHA token: a verification token from Google reCAPTCHA if spam protection is enabled
- Pseudonymized analytics data: collected server-side via Google Analytics 4 for service improvement. No directly identifying personal data is transmitted
The app does not collect payment information, passwords, or any data beyond what is submitted through the registration form.
Where is data stored?
All data is stored within the European Union, specifically in the AWS eu-central-1 region (Frankfurt, Germany).
- Application records and form configurations are stored in Amazon DynamoDB with encryption at rest
- Uploaded documents are stored in Amazon S3 with server-side encryption (AES-256) and are only accessible via time-limited signed URLs
- All data in transit is encrypted using TLS 1.2 or higher
No data is stored on our own servers. We use AWS managed services with enterprise-grade security and compliance certifications.
What happens when I uninstall the app?
When you uninstall B2B Onboard from your Shopify store:
- Shopify notifies our system via a webhook that the app has been uninstalled
- Your data is retained for 12 months to allow for re-installation recovery (see our Data Processing Agreement, Section 9 for full details). This includes:
- All registration forms and their configurations
- All application records and their history/timeline
- All uploaded documents
- All email template customizations
- All branding and settings
- After the 12-month grace period, all data is permanently deleted
- Audit logs (containing application metadata, IP addresses, timestamps, and status changes) are retained for 7 years as required by the Danish Bookkeeping Act (bogføringsloven), regardless of uninstallation. These logs contain limited personal data and are retained solely for regulatory compliance
- You can request immediate deletion at any time by contacting us at privacy@mentilead.com
- Shopify customer accounts that were created through the approval process are not affected by uninstallation — they remain in your Shopify store
Tip: If you reinstall within 12 months, all your forms, applications, and settings will be right where you left them. We still recommend exporting your data before uninstalling, just in case.
How do I export my data?
B2B Onboard provides a built-in data export function accessible from the Settings page within the app:
- Navigate to Settings in the app sidebar
- Scroll to the Data Export section
- Click Export Applications to download a CSV file containing all your application data
The export includes all application records with their submitted data, status, timestamps, and associated form information. For applications with VAT/Tax ID verification, the export also includes the VAT verification evidence — status, verified name and address, verification source, and the VIES consultation number — so you can defend reverse-charge claims directly from your own export. Uploaded documents can be downloaded individually from each application's detail page.
Does the app use cookies?
B2B Onboard itself does not set any first-party cookies on your customers' browsers. The public registration forms operate without our own cookies or client-side tracking.
Exception — Google reCAPTCHA: if you enable CAPTCHA protection on a registration form, Google reCAPTCHA v3 may set third-party cookies (such as _GRECAPTCHA) to distinguish humans from bots. This is entirely optional — you can disable CAPTCHA in your form settings at any time. For details, see Google's Privacy Policy.
Google Analytics 4 is used server-side via the Measurement Protocol and does not set any cookies on your customers' browsers.
Any other cookies present on pages where the registration form appears are set by the Shopify storefront, your theme, or other apps you have installed — not by B2B Onboard.
Within the Shopify admin (where you manage applications), Shopify handles session management through its own authentication system. The app does not set additional cookies in the admin either.
How do I handle GDPR requests from my customers?
As the data controller, you are responsible for responding to GDPR requests from applicants who submitted data through your registration forms. Here is how to handle common requests:
Right of Access (Article 15)
Open the applicant's record in the app and use the information displayed to provide them with a copy of their data. You can also use the data export feature to generate a CSV.
Right to Rectification (Article 16)
Edit the applicant's record directly in the application detail view to correct any inaccurate information.
Right to Erasure (Article 17)
Contact us at privacy@mentilead.com to request deletion of an applicant's data. Additionally, when Shopify processes a customer data erasure request, the associated application data and uploaded documents are removed automatically via GDPR webhooks.
Note: Audit logs containing the applicant's application metadata are retained for 7 years under the Danish Bookkeeping Act and are exempt from erasure requests under Article 17(3)(b).
Right to Restriction of Processing (Article 18)
If an applicant disputes the accuracy of their data or objects to processing, you can suspend processing by changing the application status while the matter is resolved. Contact us if you need the data restricted at the infrastructure level.
Right to Data Portability (Article 20)
Export the applicant's data using the CSV export and provide it to them in a machine-readable format.
Right to Object (Article 21)
If an applicant objects to processing of their data, assess whether you have compelling legitimate grounds to continue. If not, request erasure of their data as described under the Right to Erasure above.
Response timeframe: Under GDPR, you must respond to data subject requests within one month of receipt. This can be extended by two further months for complex requests, but you must inform the data subject within the first month.
If you need assistance processing a GDPR request that cannot be handled through the app's interface, contact us at privacy@mentilead.com and we will assist you. See our Privacy Policy for full details on how we process personal data.
Related: GDPR compliance for Shopify B2B apps
Is the app compatible with my Shopify plan?
B2B Onboard works with all Shopify plans that support App Proxy, which includes Basic Shopify, Shopify, Advanced Shopify, and Shopify Plus. The app does not require any specific Shopify plan features beyond the standard app integration capabilities.
Related: Will a B2B app break my theme?
Does the app modify my theme?
No. B2B Onboard uses Shopify's App Proxy feature to serve registration forms on your storefront. This means:
- No code is injected into your theme
- No Liquid files are modified
- No ScriptTag or theme app extensions are used
- The registration form inherits your theme's header, footer, and base styling automatically
You can uninstall the app at any time with zero cleanup required on your theme.
Related: Will a B2B app break my theme?
Does the app work with Shopify Flow?
Yes. B2B Onboard integrates with Shopify Flow for workflow automation.
Triggers (all plans): Registration Submitted, Registration Approved, Registration Rejected, Information Requested.
Actions (Growth and Pro plans): Approve Registration, Reject Registration, Tag B2B Customer.
Example use cases: auto-approve applications from known domains, send Slack notifications, auto-tag customers.
Flow is optional and works alongside the manual review process. For a full walkthrough, see the Shopify Flow Guide.
What data is shared with Shopify Flow?
Trigger payloads include application metadata only: application ID, company name, contact name, form ID, timestamps, and (for approvals) Shopify customer/company IDs.
No sensitive personal data (email, phone, address, uploaded documents) is included in trigger payloads.
Data is processed by Shopify under their existing privacy terms.
How do I customize the look of my registration form?
Open a form in the Form Builder and switch to the Style tab. On every plan you can set colors, typography, shape, and layout, and match your Shopify theme. Pro plans unlock advanced fine-tuning, custom header/footer content, and a live preview panel. You can also import colors from your store's theme or choose from 7 pre-built presets. Logo upload is in Settings → Branding.
Can I customize the confirmation page?
Yes. Each form has its own confirmation page settings in the form editor's Confirmation page section. You can customize:
- Confirmation heading — the main heading shown after submission
- Success message — the message below the heading
- "What happens next" steps — up to 3 numbered steps, each with a title and optional subtitle
New forms come with sensible defaults. If you remove all steps, the "What happens next" section is hidden from customers entirely. See the Form Builder Guide for details.
Can applications be approved automatically?
Yes, Growth and Pro plans include auto-approval rules. You can auto-approve when VAT is verified or when the applicant's email matches an allowed domain. Auto-approval is configured per-form in the Form Builder's Settings tab — see the Form Builder Guide.
Does B2B Onboard support multiple languages?
Yes. Every plan — including Free — includes one default form language, chosen during onboarding — or changed any time from the form editor’s Languages card — and translated instantly by the built-in language pack (41 languages, no API calls needed). Growth and Pro plans unlock unlimited additional languages. Customers see the form in their browser’s language when it’s enabled, otherwise in your default language. You can also translate manually, or link directly to a specific language by adding ?locale=xx to the registration URL. See the Form Builder Guide for details.
Which countries' VAT/Tax IDs are supported?
EU member states are supported. VAT numbers are verified in real time via the VIES database during form submission.
Related: GDPR compliance for Shopify B2B apps
How does certificate review work?
When an applicant uploads a resale or tax-exemption certificate, B2B Onboard reads the document with AI-assisted OCR and flags anything that doesn't match the application — company name, tax ID, issuing state, or expiry date. It's decision-support: the app flags possible discrepancies to help you evaluate each certificate, and you make the final decision on every application. A flag means "take a closer look," not "deny."
Collecting and reviewing certificates is available on every plan. AI-assisted review is available on the Growth and Pro plans, and automated renewals and expiry reminders are a Pro feature. See the Certificates Guide for the full walkthrough.
Can customers renew their certificates themselves?
On the Pro plan, yes. Existing customers get a secure personal link (no login needed) to upload an updated certificate, and B2B Onboard can email a renewal reminder before a certificate expires — reducing the chance an exemption lapses unnoticed.
Renewed certificates go through the same AI-assisted review as a first-time upload, and once you approve a renewal the customer's tax-exempt status is refreshed. It remains decision-support: you approve every renewal and stay in control. See the Certificates Guide for details.
And if a certificate does lapse without a renewal, B2B Onboard automatically removes the exemption that certificate was backing — only for the states it covered — so the customer is charged tax again until a current certificate is on file. This safeguard runs on every plan; see how tax exemption is applied and revoked.
Does the app work with Shopify Plus B2B?
Yes. Approving an application automatically creates a B2B Company with a contact, location, and optional catalog assignment. This works on Shopify Plus and on all other paid Shopify plans with B2B enabled — Plus is not required.
Related: Will a B2B app break my theme?
Can I approve or reject multiple applications at once?
Yes. Select applications using checkboxes on the Applications page and use the bulk Approve or Reject buttons. Each application is processed individually with its own email notification and timeline entry.
Can I create my own custom form templates?
There is no option to build and save your own form template from scratch, but you can reuse an existing form as a starting point. On the Forms page, use the Duplicate action on any form to create a full copy — including all its fields, settings, and styling — then rename and adjust the copy for your new use case.
The form builder also includes built-in B2B templates (Company Name, First Name, Last Name, Email Address, Phone Number, Tax / VAT ID, and more) that add pre-configured fields with a single click. You can fully customize each field after adding it to the canvas.
Still have questions?
We are happy to help. Reach out to our support team and we will get back to you as quickly as possible.
General support: support@mentilead.com
Privacy and data questions: privacy@mentilead.com
Mentilead Commerce is a trade name of Aggregatit, CVR 35963022, Strindbergsvej 82, 1, 2500 Valby, Denmark.
You can also review our full legal documentation: