Last updated May 29, 2026

CODProof Privacy Policy

CODProof helps Shopify merchants screen cash-on-delivery orders for fake or risky contact details, verify selected orders by one-time passcode, manage merchant blocklists, quote COD delivery options, and create COD orders in Shopify.

Personal Data We Process

We process only the customer data needed to provide the app to merchants: customer name, email address, phone number, shipping and billing address details, order and cart details required for COD fraud screening, delivery quote inputs, OTP verification, blocklist matching, and Shopify order creation.

When the merchant enables fraudulent-cancellation auto-blocking, Shopify cancelled-order webhooks are limited to the fields needed for this feature: order identifiers, cancellation reason, customer email, customer phone, and tags.

We also process merchant shop metadata needed to operate the app, including store name, shop domain, owner email, and public contact email for install setup, admin access, service notices, and app lifecycle emails.

How We Use Personal Data

• Screen COD orders for disposable, invalid, suspicious, or merchant-blocked emails and phone numbers.
• Send and verify OTP codes when the merchant enables OTP checks for high-risk or high-value COD orders.
• Create merchant-requested COD orders in Shopify with the customer name, contact, address, and order details submitted in the COD form.
• Store merchant-managed blocked emails and phone numbers so repeat risky COD orders can be stopped.
• Auto-add email and phone values to the merchant blocklist when a Shopify order cancellation is marked as fraud and the merchant enables that feature.
• Send transactional merchant lifecycle emails, such as install setup guidance and uninstall confirmation.
• Respond to Shopify privacy webhooks for customer data requests, customer redaction, and shop redaction.

What We Do Not Do

• We do not sell customer personal data.
• We do not use customer personal data for advertising, retargeting, or unrelated marketing.
• We do not use email or phone data to personalize product recommendations.
• We do not use merchant lifecycle emails for unrelated marketing.
• We do not request address fields for fraudulent-cancellation auto-blocking.

Storage And Retention

Merchant settings, merchant shop metadata, lifecycle email status, and merchant-managed blocklists are stored for the installed shop until the merchant changes them, removes individual blocked contacts, uninstalls the app, or Shopify sends an applicable privacy redaction request.

OTP codes are stored only as hashes in short-lived server memory and expire after 10 minutes. Delivery quotes and product catalog data are cached only briefly to operate the storefront form.

Security

Admin actions are protected by Shopify session tokens, signed app sessions, and CSRF checks. Shopify webhooks are verified with Shopify HMAC signatures before processing. Public storefront responses are sanitized so private blocklist details are not exposed to buyers. Personal-data access events are logged without raw customer email, phone, name, or address values.

Use the hosted app only over HTTPS in production. App-owned Shopify storage is encrypted at rest when the production DATA_ENCRYPTION_KEY secret is configured. Access to production data should be limited to authorized operational staff and service providers needed to run the app.

Customer Requests

The app implements Shopify privacy webhooks for customer data requests, customer redaction, and shop redaction. Customer redaction removes matching blocked email and phone entries from the merchant's app storage.