Privacy Policy
What data ShipOps collects when you install it on your Shopify store, why we collect it, who we share it with, and how it gets deleted.
Who we are
ShipOps ("ShipOps", "we", "us") is a Shopify app operated by Smart Agent (SMC-Private) Limited, contactable at support@shipops.app. ShipOps helps merchants manage cash-on-delivery (COD) logistics: tracking parcels with courier partners (e.g. PostEx), messaging customers about deliveries over WhatsApp, and reconciling courier payout receipts.
What data we access and store
From your Shopify store (via the Shopify Admin API)
- Order data: order numbers, line items, totals, payment and fulfillment status, tags, and timestamps.
- Customer contact data needed to complete a COD delivery: customer name, phone number, and shipping address. We do not collect customer email.
- We store a curated, PII-minimized copy of order data for sync — city only, with no street address on the Shopify-sourced record.
From your courier partner (e.g. PostEx), using your own courier API token
- Parcel tracking data: tracking number, delivery status and history, attempt counts, destination city, and COD amount.
- Customer name, phone, and delivery address as recorded by the courier, used to identify and act on the parcel.
Your configuration
- Your courier API token, stored encrypted at rest (AES-256-GCM).
- Your WhatsApp sender number, notification templates, and app settings.
Why we use it
Solely to provide the app's COD delivery-operations features: showing the parcel action inbox, letting your staff contact customers about pending or failed deliveries (WhatsApp click-to-chat and phone), writing delivery status back to Shopify, and reconciling courier payout receipts. We do not sell personal data, and we do not use it for advertising or profiling.
Who we share it with
- Your courier partner (e.g. PostEx): we call the courier's API using your token to fetch tracking and submit delivery instructions. Tracking numbers and delivery-advice notes are sent; we do not send customer PII to the courier (the courier already holds it as the delivering carrier).
- WhatsApp / Meta: messaging is operator-initiated — a staff member clicks a link that opens WhatsApp with the customer's number and a pre-filled message, sent from your own WhatsApp account.
- Infrastructure providers: our hosting and database provider in [region].
- We do not otherwise share personal data with third parties.
Where it's stored & security
Data is stored in a database hosted by Vultr (Bangalore, India). Data in transit is encrypted with TLS. Courier API tokens are encrypted at rest. Access is limited to authorized operators.
Retention & deletion
- On a customer deletion request (Shopify
customers/redact): we erase that customer's name, phone, and address — and the raw courier payload containing them — from our records. - On uninstall: background syncing stops immediately, and Shopify sends a
shop/redactrequest about 48 hours later, at which point we permanently delete all data we hold for that store. - On a data-access request (
customers/data_request): we compile the data we hold about that customer and make it available to the store owner within 30 days. - You can also request deletion at any time by contacting support@shipops.app.
Your rights
Depending on jurisdiction, customers may have rights to access, correct, or delete their personal data. Such requests should be made to the merchant (the data controller); ShipOps acts as the merchant's processor and will assist in fulfilling them.
Changes & contact
We may update this policy; the "last updated" date reflects the latest revision. Questions or requests: support@shipops.app.