CODGuard (“CODGuard”, “we”, “us”, or “our”) provides a Shopify application that helps merchants verify cash-on-delivery (“COD”) orders, score return-to-origin (“RTO”) risk, and apply COD rules at checkout. We take the privacy of merchants and their customers seriously. This Privacy Policy describes how we handle personal data when you install CODGuard on your Shopify store and when your customers interact with features we power.
By installing or using CODGuard, you agree to the practices described in this policy. If you do not agree, please do not install or use the app.
1. Information we collect
Merchant information
When you install CODGuard, we receive information about your store from Shopify, including your store name and domain, the contact email and name associated with the store, your plan and locale, and app configuration you create within CODGuard. Billing is handled by Shopify; we do not collect or store your card details.
Customer information
To verify orders and assess risk, CODGuard processes personal data relating to your customers, which may include:
- Name and order or checkout identifiers
- Phone number (used to send the one-time password / OTP)
- Shipping and billing address, including pincode
- Order details such as line items, amounts, and chosen payment method (COD or prepaid)
- Verification status, risk score, and signals derived from order history and delivery patterns
Information collected automatically
We collect technical and usage data such as log records, device and browser information, IP address, and events generated as the app operates. This helps us secure, debug, and improve the service.
2. How we use information
We use the information above to:
- Send one-time passwords and verify COD orders before they are confirmed
- Calculate RTO risk scores and validate delivery addresses
- Apply the COD rules, prepaid nudges, and customizations you configure
- Send order, dispatch, and verification notifications over SMS and WhatsApp where you enable them
- Provide dashboards, analytics, and reporting
- Provide support, prevent fraud and abuse, and keep the app secure
- Comply with legal obligations and enforce our terms
We do not sell personal data, and we do not use customer data for advertising.
3. SMS & messaging providers
To deliver one-time passwords and notifications, we share the recipient's phone number and the message content with our messaging providers, currently MSG91 and Twilio. These providers process the data only to deliver messages on our behalf under their own terms and privacy policies. Standard carrier message rates may apply to recipients.
4. How we share information
We share personal data only as needed to operate CODGuard, and only with:
- Shopify — the platform on which the app runs and from which order and customer data originates
- Service sub-processors — messaging providers (MSG91, Twilio), cloud hosting and database infrastructure, and error/analytics tooling that help us run the service
- Legal and safety — where required by law, legal process, or to protect the rights, property, or safety of CODGuard, our merchants, or the public
- Business transfers — in connection with a merger, acquisition, or sale of assets, subject to this policy
5. Data retention & deletion
We retain personal data only for as long as needed to provide the service and for legitimate business or legal purposes. When you uninstall CODGuard, we stop processing your store's data and delete or anonymize it in line with Shopify's requirements.
We honor Shopify's mandatory privacy webhooks. On a customers/data_request we provide the data we hold about a customer; on a customers/redactwe erase that customer's personal data; and on a shop/redact (sent after uninstall) we erase your store's data, typically within 30 days.
6. Security
We use industry-standard safeguards — including encryption in transit, access controls, and least-privilege practices — to protect personal data. No method of transmission or storage is completely secure, but we work continuously to protect your information and will notify affected parties of a qualifying breach as required by law.
7. International data transfers
CODGuard may process data in countries other than where you or your customers are located. Where required, we put appropriate safeguards in place for such transfers.
8. Your rights
Depending on your location, you and your customers may have rights under laws such as India's Digital Personal Data Protection Act (DPDP), the EU/UK GDPR, and the CCPA — including the right to access, correct, delete, or restrict the use of personal data, and to withdraw consent.
Customers should direct requests to the merchant whose store they purchased from, as the merchant is the controller of that data. Merchants can exercise rights, or pass through customer requests, by contacting us at support@codguard.app. We will respond within the timeframes required by applicable law.
9. Children's privacy
CODGuard is not directed to children and we do not knowingly collect personal data from children. If you believe a child has provided us data, please contact us so we can delete it.
10. Changes to this policy
We may update this policy from time to time. When we make material changes, we will update the “Last updated” date above and, where appropriate, provide additional notice. Your continued use of CODGuard after changes take effect constitutes acceptance of the revised policy.
11. Contact us
If you have questions, concerns, or grievances about this policy or our data practices, contact us at support@codguard.app. We will address verified grievances within the timeframes required by applicable law.