Legal

Privacy Policy

CODfee — Set CODfee · Effective June 26, 2026

1. Introduction

This Privacy Policy describes how CODfee — Set CODfee ("CODfee", "we", "us", or "our") collects, uses, and protects information when merchants install and use our Shopify application. CODfee helps merchants link Cash on Delivery (COD) shipping rates to COD payment at checkout and configure rules that limit when COD is available.

2. Who this applies to

This policy applies to merchants who install CODfee on their Shopify store. CODfee is used by store staff in the Shopify Admin. End customers (buyers) interact with checkout rules powered by Shopify; CODfee does not provide a separate buyer-facing website.

3. Information we collect

When you install and use CODfee, we may process:

  • Store information: your Shopify store domain and app installation details.
  • Authentication data: OAuth access tokens and session data required to operate the app on your store.
  • Staff user data from Shopify: when staff open the app, Shopify may provide limited account details (such as name, email, user ID, and locale) as part of the authenticated session.
  • App configuration: your COD fee settings, payment customization identifiers, subscription plan, and limit rules you configure (for example order total thresholds, product selections, country lists, shipping method names, or customer tag names).
  • Technical logs: error and operational logs needed to secure and maintain the service.

4. Information we do not store

CODfee is designed for shop-level configuration. We do not intentionally store end-customer personal information such as buyer names, emails, phone numbers, or order histories in our database. Checkout evaluation runs through Shopify's payment customization function; buyer cart data is processed by Shopify at checkout and is not sent to our servers for storage.

5. How we use information

We use the information above to:

  • Provide, operate, and maintain the app;
  • Authenticate your store and sync your COD settings;
  • Apply your limit rules at checkout via Shopify;
  • Manage subscriptions and plan access;
  • Respond to support requests and fix errors;
  • Comply with legal obligations and Shopify platform requirements.

6. Legal bases (EEA/UK)

Where applicable, we process personal data on the basis of performance of a contract (providing the app you requested), legitimate interests (security, troubleshooting, and service improvement), and compliance with legal obligations.

7. Data sharing

We share data only as needed to run the app:

  • Shopify: the app integrates with Shopify Admin, checkout, billing, and APIs.
  • Cloudflare: our application and database are hosted on Cloudflare Workers and Cloudflare D1.
  • Legal requirements: if required by law or to protect rights and safety.

We do not sell merchant or customer personal information.

8. Data retention

We retain store configuration and session data while the app is installed. When you uninstall the app, we delete associated shop data from our systems. Shopify may also send a shop/redact compliance webhook after uninstall; we process that request to remove remaining shop data within the timeframe required by Shopify.

9. Your rights and Shopify compliance webhooks

Depending on your location, you may have rights to access, correct, delete, or restrict processing of personal data. CODfee implements Shopify mandatory compliance webhooks (customers/data_request, customers/redact, and shop/redact). Because we do not store buyer personal data, customer data requests and customer redact requests are typically acknowledged with no additional export. Shop redact triggers deletion of your store's data in CODfee.

Merchants are responsible for their own privacy obligations to their customers and for configuring Shopify's privacy settings appropriately.

10. Security

We use industry-standard measures including encrypted connections (HTTPS), access controls, and secure token storage. No method of transmission or storage is 100% secure; we work to protect data using reasonable safeguards.

11. International transfers

Data may be processed in countries where our service providers operate. Where required, appropriate safeguards are used for cross-border transfers.

12. Children

CODfee is a business application for merchants and is not directed at children under 16.

13. Changes to this policy

We may update this Privacy Policy from time to time. We will revise the effective date at the top of this page when changes are posted. Continued use of the app after changes means you accept the updated policy.

14. Contact

For privacy questions or requests, contact us at the support email listed on our Shopify App Store listing.