Privacy Policy
Last updated: July 10, 2026
SmartCOD ("we", "our", "us") provides a Cash-on-Delivery order form and conversion-optimization app for Shopify merchants. This policy explains what data we collect, how we use it, and how we keep it safe.
1. Data we collect
- Merchant account data: shop domain, installed scopes, plan, and a Shopify-issued access token so we can talk to your store on your behalf.
- Order & customer data: when a shopper submits a SmartCOD form, we process the fields you have enabled (name, phone, address, cart items, notes) to create the corresponding Shopify order.
- App usage: anonymized events (form views, submits, errors) used to improve conversion analytics.
2. How we use data
- Provide, secure, and improve the SmartCOD service.
- Create orders, send OTP verifications, and prevent fraud.
- Show merchants analytics about their own store's traffic.
- Comply with legal obligations and Shopify's requirements.
3. Sharing
We do not sell personal data. We share data only with sub-processors strictly necessary to operate the service (hosting, database, transactional SMS/email), and with Shopify itself to create orders in your store.
4. Retention
Merchant data is retained while the app is installed. When you uninstall SmartCOD, access tokens are revoked immediately and shop data is deleted or anonymized within 30 days, except where required for legal compliance.
5. GDPR / CCPA rights
Shopify sends us mandatory compliance webhooks (customers/data_request, customers/redact, shop/redact) that we honor automatically. Shoppers may also contact the merchant, who can request access, correction, or deletion of their data via privacy@smartcod.app.
6. Security
Data is encrypted in transit (TLS) and at rest. Access tokens are scoped to the minimum required Shopify permissions. All webhook requests are HMAC-verified before processing.
7. Contact
Questions? Email privacy@smartcod.app.