Privacy Policy

Last updated: July 10, 2026

SmartCOD ("we", "our", "us") provides a Cash-on-Delivery order form and conversion-optimization app for Shopify merchants. This policy explains what data we collect, how we use it, and how we keep it safe.

1. Data we collect

2. How we use data

3. Sharing

We do not sell personal data. We share data only with sub-processors strictly necessary to operate the service (hosting, database, transactional SMS/email), and with Shopify itself to create orders in your store.

4. Retention

Merchant data is retained while the app is installed. When you uninstall SmartCOD, access tokens are revoked immediately and shop data is deleted or anonymized within 30 days, except where required for legal compliance.

5. GDPR / CCPA rights

Shopify sends us mandatory compliance webhooks (customers/data_request, customers/redact, shop/redact) that we honor automatically. Shoppers may also contact the merchant, who can request access, correction, or deletion of their data via privacy@smartcod.app.

6. Security

Data is encrypted in transit (TLS) and at rest. Access tokens are scoped to the minimum required Shopify permissions. All webhook requests are HMAC-verified before processing.

7. Contact

Questions? Email privacy@smartcod.app.