ShipOps
Back to ShipOps
Legal · Trust

Data Protection & Security

It's your money and your customers' data. Here's exactly how ShipOps handles both, and how requests to access or erase data are fulfilled.

Last updated: 4 July 2026 · Companion to the Privacy Policy.
On this page
Principles Protected customer data Security measures Data-request webhooks Sub-processors Making a request Contact
ShipOps implements Shopify's mandatory compliance webhooks and Protected Customer Data requirements. Confirm your hosting region and DPA details before publishing this page.

Our data-protection principles

  • Collect the minimum. We store only what's needed to run COD delivery operations, and we keep a PII-minimized copy of Shopify order data (city only, no street address on that record).
  • Read-only where possible. Courier tracking data is accessed read-only using your own token; we write back to Shopify only what you explicitly enable.
  • No selling, no profiling. We never sell personal data and never use it for advertising or profiling.
  • Delete on request. Erasure requests are honored promptly and completely, including the raw courier payloads that contain personal data.

Protected Customer Data

To run a COD delivery, ShipOps processes the customer's name, phone number, and shipping address. These are classed as Protected Customer Data under Shopify's requirements. We access them only to identify and act on parcels — showing the action inbox, enabling operator-initiated WhatsApp and calls, and matching payout receipts to orders. We do not collect customer email addresses, and we do not transmit customer PII to the courier (the courier already holds it as the delivering carrier).

Security measures

  • Encryption in transit: all traffic is served over TLS.
  • Encryption at rest: courier API tokens are encrypted with AES-256-GCM.
  • Embedded in Shopify: the app runs inside the Shopify admin using Shopify's session and authentication.
  • Access control: access to production data is limited to authorized operators.
  • Tenant isolation: each store's data is scoped to that store; uninstalling immediately stops background syncing.

Mandatory data-request webhooks

ShipOps implements the three Shopify compliance webhooks:

  • customers/data_request — we compile the data we hold about a customer and make it available to the store owner within 30 days.
  • customers/redact — we erase that customer's name, phone, and address, plus the raw courier payload containing them.
  • shop/redact — sent by Shopify about 48 hours after uninstall; on receipt we permanently delete all data we hold for that store.

Sub-processors

  • Shopify — the platform ShipOps is embedded in and the source of order data.
  • Your courier partner (e.g. PostEx) — tracking data and delivery instructions, called with your token.
  • Hosting / database provider in [region] — where data is stored.
  • WhatsApp / Meta — only when your staff initiate a click-to-chat message from your own account.

Making a data request

Customers should direct access or deletion requests to the merchant (the data controller). Merchants can trigger deletion automatically by removing a customer in Shopify (which fires customers/redact), or email us at support@shipops.app to request assistance at any time.

Contact

Security or data-protection questions: support@shipops.app. For full detail on what we collect and why, see the Privacy Policy.

ShipOps

The post-dispatch control room for cash-on-delivery Shopify stores. Track parcels, rescue deliveries, and recover the money your courier owes you.

Product
Rescue deliveries Recover money Roadmap Pricing
Resources
How it works FAQ Book a demo WhatsApp us
Company & legal
Privacy policy Terms of service Data protection Support
© 2026 ShipOps — a Smart Agent product. Not affiliated with Shopify or PostEx. Built for COD sellers in Pakistan 🇵🇰