Privacy Policy

1. Introduction

COD Shield ("we", "us", "our") respects your privacy and is committed to protecting the personal data you share with us. This Privacy Policy explains what data we collect, how we use it, who we share it with, and what rights you have over your data.

By using COD Shield, you agree to the collection and use of information in accordance with this policy.

2. Data We Collect

We collect the following categories of data:

• Account data: your name, email address, and business name when you register.
• Order data: customer names, phone numbers, delivery addresses, order amounts, and item details — received from your connected eCommerce store.
• Fraud signals: phone and address risk history used to generate fraud scores.
• Usage data: login times, dashboard actions, API key usage, and feature interactions.
• Technical data: IP addresses (for rate limiting and abuse prevention), browser type.

3. How We Use Your Data

• To score incoming COD orders for fraud risk in real-time.
• To train and improve our machine learning models using delivery outcomes.
• To maintain your blacklist and watchlist entries across your store.
• To generate analytics reports and fraud intelligence dashboards.
• To send service-related notifications (downtime, important updates).
• To enforce our Terms of Service and prevent abuse.

4. Data Storage & Security

• All data is stored on Railway.app managed infrastructure.
• Shopify access tokens are encrypted using AES-256-GCM before storage.
• Passwords are hashed using bcrypt — never stored in plaintext.
• All data in transit is protected using TLS 1.2+ (HTTPS enforced).
• Redis cache entries for order data have a maximum TTL of 30 seconds.

5. Data Sharing

We do not sell, rent, or trade your data. We share data only with infrastructure providers necessary to operate the service:

• Railway.app — backend API, database, and Redis hosting.
• Vercel — frontend hosting. No order data is processed here.

We may disclose data if required by Pakistani law or to protect the safety of our users.

6. Data Retention

• Active accounts: all data is retained for the duration of your subscription.
• After account deletion: all identifiable data is permanently deleted within 30 days.
• Anonymized ML training records may be retained for model research purposes.

7. Your Rights

• Access: request a copy of all data we hold about your account.
• Correction: update your data via the dashboard or by contacting us.
• Deletion: request full account deletion; processed within 30 days.
• Export: download your order data and analytics from the dashboard.

To exercise any right, contact us on WhatsApp at +92 318 4184634.

8. Governing Law

This Privacy Policy is governed by the laws of Pakistan. Any disputes shall be subject to the jurisdiction of Pakistani courts.