Last updated May 29, 2026

CODProof Terms of Service And Data Processing Terms

These terms describe how merchants may use CODProof and how the app processes customer personal data on behalf of merchants.

Service

CODProof provides Shopify merchants with COD order screening, email and phone risk checks, OTP verification, merchant blocklists, delivery quote controls, COD order creation tools, and transactional setup/service notices.

Merchant Responsibilities

• Use the app only for legitimate store management, COD fraud prevention, order verification, and COD order processing.
• Provide any notices and obtain any consents required by laws that apply to the merchant's store.
• Review app settings, risk decisions, and blocklists to make sure they match the merchant's policies.
• Do not upload customer data to blocklists unless the merchant has a lawful reason to use that data for COD fraud prevention.

Data Processing

The merchant is the controller of customer personal data. CODProof processes customer personal data as a service provider or processor for the merchant, only to provide app functionality selected by the merchant.

Processed data is limited to the minimum needed for the app features: customer name, email, phone, shipping and billing address details, submitted COD order details, OTP verification state, merchant blocklist entries, risk-check metadata, Shopify order identifiers, and merchant shop metadata needed for app operation, transactional service notices, and privacy webhook handling.

Use Restrictions

• We do not sell customer personal data.
• We do not use customer personal data for advertising, retargeting, or unrelated marketing.
• We use protected customer data only for COD fraud prevention, order verification, blocklist management, delivery quote logic, and Shopify order creation.

Deletion And Redaction

Merchants can remove blocked contacts in the app. Shopify privacy redaction webhooks remove matching blocked email and phone entries from app storage. Shop redaction removes the installed shop record.

Security

The app verifies Shopify OAuth and webhook signatures, uses signed admin sessions and CSRF checks for app admin actions, logs personal-data access without raw customer values, minimizes webhook fields for fraudulent-cancellation auto-blocking, and encrypts app-owned Shopify storage at rest when the production DATA_ENCRYPTION_KEY secret is configured.