# Privacy Policy Last Updated: 02.11.2025 ### **Introduction** * This Privacy Policy explains how Appsetup Eng. (“we”, “us”, “our”) collects, uses, protects, and shares data for COD Blacklist by Appsetup (the “App”). * By installing or using the App, you (“Merchant”, “User”, “you”) consent to the practices described here. If you do not agree, do not install or use the App. ### **Data Collected** * **Customer Identifiers:** Phone numbers, email addresses, and related identifiers you add or import for blacklist decisions. Stored in your Shopify store’s metafields. * **Merchant/Store Data:** Shop ID/domain, feature states (toggles, rule configurations), usage status, plan gating, and operational settings needed to run the App. * **Technical/Operational Signals:** Non-personal diagnostics, request timing, and basic error logs used to maintain reliability. Not used to identify individual customers. * **Optional Integration Data:** If optional integrations are enabled in the future, any keys or configuration values you provide will be stored in your Shopify metafields and used solely for the features you activate. ### **Storage & Protection** * **Merchant-Hosted Storage:** Customer identifiers and App settings remain within your Shopify environment (e.g., metafields). We do not maintain a separate external database of your customers. * **Security Measures:** We apply industry-standard safeguards. No method of transmission or storage is 100% secure. You control Shopify user access, API permissions, and retention. * **Retention:** Data remains until you remove it (e.g., delete blacklist entries or uninstall the App). We do not independently retain your customer data outside Shopify. ### **Use Of Data** * **Core Functionality:** Apply your blacklist, rules, thresholds, and target payment method name to support your internal decisions about payment-method visibility at checkout. * **Administration:** Power imports, search, pagination, status indicators (Active/Inactive), and settings within the App. * **Analytics/Improvement:** Use aggregate, non-personal insights (e.g., feature usage patterns) to improve reliability and support. We do not sell your customer lists. ### **Sharing** * **Shopify:** The App operates through Shopify APIs; your use is governed by Shopify’s terms and policies. * **Legal:** We may disclose information if required by law or valid legal process. We limit such disclosures to what is necessary. * **No Sale:** We do not sell or rent your customer data. ### **Your Rights** * **Control:** You manage blacklist entries, rules, integrations, and deletions within your Shopify admin. * **Access/Correction/Deletion:** You may add, edit, or delete entries in Shopify at any time. If you contact us, we can guide you to the metafields the App uses. * **GDPR/International:** You are the controller for your customers’ data and must maintain a lawful basis, honor data-subject rights (access, correction, deletion, portability, restriction, objection), and comply with applicable law. ### **Third-Party Services** * **Linked Services:** The App may reference or interact with third-party services (e.g., Shopify). Their privacy practices are not covered by this Policy. Review their policies before sharing personal information. ### **Risk Disclaimers** * **No Fraud Guarantee:** The App is not a fraud-prevention guarantee and cannot ensure detection or prevention of fraudulent or fake orders. It may help reduce exposure, but you remain responsible for order review and operational decisions. * **Configuration Responsibility:** You are responsible for the accuracy of payment-method names, thresholds, rules, and blacklist entries, and for testing behavior in checkout before going live. ### **Policy Updates** * We may update this Policy at any time. Significant changes will be posted in the App or on our website. Continued use after updates constitutes acceptance of the revised Policy. ### **Contact** * For privacy questions or requests, contact ****. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://appsetup-eng.gitbook.io/cod-blacklist/privacy-policy.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.