Privacy Policy

Last Updated: 02.11.2025

This Privacy Policy explains how Appsetup Eng. (“we”, “us”, “our”) collects, uses, protects, and shares data for COD Blacklist by Appsetup (the “App”).
By installing or using the App, you (“Merchant”, “User”, “you”) consent to the practices described here. If you do not agree, do not install or use the App.

Customer Identifiers: Phone numbers, email addresses, and related identifiers you add or import for blacklist decisions. Stored in your Shopify store’s metafields.
Merchant/Store Data: Shop ID/domain, feature states (toggles, rule configurations), usage status, plan gating, and operational settings needed to run the App.
Technical/Operational Signals: Non-personal diagnostics, request timing, and basic error logs used to maintain reliability. Not used to identify individual customers.
Optional Integration Data: If optional integrations are enabled in the future, any keys or configuration values you provide will be stored in your Shopify metafields and used solely for the features you activate.

Merchant-Hosted Storage: Customer identifiers and App settings remain within your Shopify environment (e.g., metafields). We do not maintain a separate external database of your customers.
Security Measures: We apply industry-standard safeguards. No method of transmission or storage is 100% secure. You control Shopify user access, API permissions, and retention.
Retention: Data remains until you remove it (e.g., delete blacklist entries or uninstall the App). We do not independently retain your customer data outside Shopify.

Core Functionality: Apply your blacklist, rules, thresholds, and target payment method name to support your internal decisions about payment-method visibility at checkout.
Administration: Power imports, search, pagination, status indicators (Active/Inactive), and settings within the App.
Analytics/Improvement: Use aggregate, non-personal insights (e.g., feature usage patterns) to improve reliability and support. We do not sell your customer lists.

Shopify: The App operates through Shopify APIs; your use is governed by Shopify’s terms and policies.
Legal: We may disclose information if required by law or valid legal process. We limit such disclosures to what is necessary.
No Sale: We do not sell or rent your customer data.

Control: You manage blacklist entries, rules, integrations, and deletions within your Shopify admin.
Access/Correction/Deletion: You may add, edit, or delete entries in Shopify at any time. If you contact us, we can guide you to the metafields the App uses.
GDPR/International: You are the controller for your customers’ data and must maintain a lawful basis, honor data-subject rights (access, correction, deletion, portability, restriction, objection), and comply with applicable law.

Linked Services: The App may reference or interact with third-party services (e.g., Shopify). Their privacy practices are not covered by this Policy. Review their policies before sharing personal information.

No Fraud Guarantee: The App is not a fraud-prevention guarantee and cannot ensure detection or prevention of fraudulent or fake orders. It may help reduce exposure, but you remain responsible for order review and operational decisions.
Configuration Responsibility: You are responsible for the accuracy of payment-method names, thresholds, rules, and blacklist entries, and for testing behavior in checkout before going live.

We may update this Policy at any time. Significant changes will be posted in the App or on our website. Continued use after updates constitutes acceptance of the revised Policy.

Last updated 9 days ago