Legal
Data Processing Agreement
Last updated: February 2026
1. Definitions
- Controller: The merchant using COD Shield (you). You determine the purpose and means of processing your customers' personal data.
- Processor: COD Shield (operated by Hamza Hassan). We process data on your behalf, under your instructions.
- Personal Data: Customer names, phone numbers, delivery addresses, and order information transmitted to COD Shield through your eCommerce integration.
- Processing: Any operation performed on personal data — collection, storage, scoring, analysis, or deletion.
2. Purpose of Processing
Personal data is processed solely for the following purposes:
- Real-time fraud risk scoring of COD orders.
- Blacklist and watchlist matching (phone, email, address).
- Building fraud signal history for phone numbers and delivery addresses.
- Training and improving the ML fraud detection model using your delivery outcomes.
- Generating fraud analytics and RTO intelligence reports for your dashboard.
No personal data is used for advertising, sold to third parties, or processed for any purpose outside fraud detection and related analytics.
3. Categories of Data Processed
| Data Type | Purpose | Retention |
|---|---|---|
| Customer name | Order identity | Account lifetime |
| Phone number | Fraud history & scoring | Account lifetime |
| Delivery address | Address risk scoring | Account lifetime |
| Order amount | ML feature | Account lifetime |
| Item description | Order pattern analysis | Account lifetime |
| IP address (API) | Rate limiting only | 30 days |
4. Sub-Processors
We use the following sub-processors to deliver the Service:
| Sub-processor | Purpose | Order Data? |
|---|---|---|
| Railway.app | Backend API + PostgreSQL + Redis hosting | Yes |
| Vercel | Frontend hosting (dashboard UI) | No |
5. Security Measures
We implement the following technical and organizational measures to protect personal data:
- AES-256-GCM encryption for stored API credentials and access tokens.
- TLS 1.2+ for all data in transit.
- HMAC-SHA256 webhook signature verification to prevent forged data injection.
- Complete tenant isolation — all data scoped by
tenant_idat database level. - Rate limiting on all API endpoints to prevent abuse.
See our Security Policy for full technical details.
6. Data Retention & Deletion
- Order and customer data is retained for the lifetime of your active account.
- Upon account deletion, all identifiable personal data is permanently deleted within 30 days.
- Anonymized ML training records (delivery outcome labels only, no PII) may be retained for model quality research.
- Redis cache entries automatically expire — maximum TTL of 30 seconds for scoring data.
7. Your Obligations as Controller
As the data controller, you are responsible for:
- Informing your customers that their order data is subject to automated fraud screening.
- Ensuring you have a lawful basis to share customer data with COD Shield (e.g., legitimate interest in fraud prevention).
- Maintaining accurate account and contact information.
- Promptly notifying us of any data subject requests (access, correction, deletion) related to your customers.
- Not submitting data for individuals outside the scope of your eCommerce operations.
8. Data Subject Rights
If one of your customers requests access to, correction of, or deletion of their personal data held by COD Shield, contact us directly. We will respond within 14 business days.
9. Governing Law
This Data Processing Agreement is governed by the laws of Pakistan and forms part of the COD Shield Terms of Service.
Questions? Contact us: