Privacy Policy

Last Updated: January 18, 2026

This Privacy Policy describes how Super COD ("we", "us", or "our") collects, uses, and shares information when you use our Shopify application.

1. Introduction

Super COD is a Shopify app that enables merchants to accept Cash on Delivery (COD) orders through customizable forms with pixel tracking integration. We are committed to protecting your privacy and complying with applicable data protection laws, including GDPR and CCPA.

2. Information We Collect

2.1 Merchant Information

When you install and use Super COD, we collect and store the following merchant information:

Shop Information: Your Shopify store domain, store name, and store owner details
OAuth Access Tokens: Secure tokens to access Shopify APIs on your behalf
App Settings: Your customization preferences for COD forms (colors, fonts, button styles, modal settings)
Pixel Tracking IDs: Facebook Pixel ID, Google Analytics Measurement ID, Snapchat Pixel ID (if you configure them)
Notification Settings: Email addresses and WhatsApp numbers for order notifications (if enabled)
Billing Information: Subscription plan selection and trial dates (billing is processed by Shopify)
Analytics Data: Anonymous usage statistics (form opens, purchase events) without personally identifiable information

2.2 Customer Information (Transient Processing Only)

Important: Super COD does NOT permanently store customer personal information. We process the following customer data only to create orders in Shopify:

Customer name
Phone number (with country code)
Email address (optional)
Shipping address (street, city, state, postal code)
Order details (product variant, quantity, price)

This data is immediately transmitted to Shopify's Order API and is NOT retained in our database. Customer data is subject to Shopify's Privacy Policy.

2.3 Technical Information

Server logs (IP addresses, request timestamps, error logs)
Browser information (for frontend error tracking)

3. How We Use Your Information

We use the collected information for the following purposes:

Provide App Functionality: Process COD orders, create draft/confirmed orders in Shopify
Customization: Store and apply your form design preferences
Pixel Tracking: Send conversion events to Facebook, Google, and Snapchat based on your configuration
Analytics: Track anonymous usage metrics to improve app performance
Billing: Manage your subscription via Shopify Billing API
Support: Respond to your inquiries and troubleshoot issues
Compliance: Comply with legal obligations and enforce our Terms of Service

4. Third-Party Services

Super COD integrates with the following third-party services:

4.1 Shopify

Purpose: App platform, OAuth authentication, order creation, billing
Data Shared: Shop information, OAuth tokens, customer order data
Privacy Policy: https://www.shopify.com/legal/privacy

4.2 Facebook Pixel (Optional, Merchant-Configured)

Purpose: Track conversion events for Facebook Ads
Data Shared: Product ID, variant ID, price, quantity, event type (when merchant enables this feature)
Privacy Policy: https://www.facebook.com/privacy/explanation

4.3 Google Analytics / Google Ads (Optional, Merchant-Configured)

Purpose: Track e-commerce conversion events
Data Shared: Product details, transaction value, event type (when merchant enables this feature)
Privacy Policy: https://policies.google.com/privacy

4.4 Snapchat Pixel (Optional, Merchant-Configured)

Purpose: Track conversion events for Snapchat Ads
Data Shared: Product details, transaction value, event type (when merchant enables this feature)
Privacy Policy: https://snap.com/en-US/privacy/privacy-policy

4.5 India Post API

Purpose: Validate Indian postal codes and auto-fill city/state
Data Shared: Postal codes only (no personal information)
Website: https://www.indiapost.gov.in/

4.6 Fly.io (Hosting Provider)

Purpose: Cloud hosting and database storage
Data Shared: All app data (merchant settings, sessions)
Location: Mumbai, India (region: bom)
Privacy Policy: https://fly.io/legal/privacy-policy/

5. Data Storage and Security

Database: SQLite database hosted on Fly.io's secure infrastructure
Encryption: All data in transit is encrypted using HTTPS/TLS
Access Control: Only authorized personnel can access production data
Backups: Regular automated backups with encryption
Data Location: Primary data center in Mumbai, India

6. Data Retention

Merchant Data: Retained while your app is installed and for up to 30 days after uninstallation for backup purposes
Customer Data: NOT stored by our app (only processed transiently and stored in Shopify)
Analytics Data: Retained for up to 12 months for performance analysis
Logs: Server logs retained for 90 days for debugging and security monitoring

7. Your Rights (GDPR & CCPA Compliance)

You have the following rights regarding your data:

7.1 Access

You can request a copy of your merchant data stored in Super COD.

7.2 Correction

You can update your settings directly in the Super COD admin panel.

7.3 Deletion

You can request deletion of your data by:

Uninstalling the app (automatic deletion within 30 days)
Sending a deletion request to our support email
Triggering Shopify's GDPR data request webhooks

7.4 Data Portability

You can request an export of your merchant settings in JSON format.

7.5 Objection

You can object to certain data processing activities (e.g., analytics tracking).

      GDPR Webhooks Implemented: Super COD fully complies with Shopify's GDPR requirements by implementing:
      customers/data_request - Provides customer data upon request
customers/redact - Deletes customer data (none stored by our app)
shop/redact - Deletes all merchant data when requested

    

8. Data Sharing and Disclosure

We do NOT sell, rent, or trade your data. We may share data only in the following circumstances:

With Shopify: As required to provide app functionality
With Third-Party Pixels: Only when you explicitly configure tracking integrations
Legal Compliance: If required by law, court order, or government regulation
Business Transfers: In case of merger, acquisition, or sale of assets (with notice to users)
With Your Consent: For any other purposes with your explicit permission

9. Cookies and Tracking

Super COD uses minimal cookies:

Shopify Session Cookies: For authentication (managed by Shopify)
Third-Party Pixels: If you enable Facebook/Google/Snapchat tracking, those services may set cookies on your storefront

We do NOT use cookies for advertising or tracking beyond what you explicitly configure.

10. Children's Privacy

Super COD is intended for businesses and merchants. We do not knowingly collect information from children under 13 (or 16 in the EU). If we become aware of such collection, we will delete it immediately.

11. International Data Transfers

If you are located outside India, your data may be transferred to and processed in India where our servers are located. We ensure appropriate safeguards are in place for such transfers.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

Posting the updated policy on this page with a new "Last Updated" date
Sending an email notification to your registered email (for material changes)
Displaying a banner in the Super COD admin panel

Your continued use of Super COD after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your data, please contact us:

Email: support@super-cod.com
App URL: https://super-cod.fly.dev
Data Protection Inquiries: privacy@super-cod.com

We will respond to your request within 30 days as required by GDPR.

14. Shopify App Store Compliance

This app complies with Shopify's App Store requirements including:

✓ GDPR webhook implementation (customers/data_request, customers/redact, shop/redact)
✓ Data minimization (no unnecessary customer data storage)
✓ Secure authentication via Shopify OAuth
✓ Transparent data practices disclosed in this policy
✓ User rights respected (access, deletion, portability)