Privacy Policy

Your data, on your terms.

● Last updated: 2 May 2026 v1.0 · Effective immediately

Plain English. No dark patterns. Here's exactly what we collect, why, where it lives, and how to delete it — including everything we read from Shopify, PostEx, and the Meta Marketing API.

TL;DR · the short version
  • We collect order data from Shopify, delivery data from PostEx, and daily ad spend from Meta — only what's needed to compute your real net profit.
  • Data lives in Supabase Postgres with row-level security per merchant. Encrypted in transit (TLS 1.2+) and at rest (AES-256).
  • We never sell, rent, or share your data with marketing third parties or data brokers. Ever.
  • You can disconnect Meta, uninstall the app, or email us to delete everything — full wipe within 24 hours of uninstall.

Who we are

CODProfit is a profit analytics dashboard built for Pakistani Shopify merchants who ship cash-on-delivery via PostEx. This privacy policy applies to the website at codprofit.co, the embedded Shopify app, and all related services we operate (collectively, "CODProfit", "we", "us", or "our").

We're a small team based in Karachi, Pakistan. If you have any questions about this policy or our practices, write to privacy@codprofit.co — a real human will reply within five business days.

What we collect

We collect data from four sources, and only data we need to do our job: compute your real net profit. Nothing more.

Source
What we receive
Permission
Shopify
Orders, line items, refunds, customer first name & city, fulfillment status. Read-only via OAuth.
read_orders
PostEx
Tracking number, delivery status (codes 0001–0013), transaction fee, reversal fee, COD amount, tax. Read-only via merchant API token you paste in Settings.
merchant token
Meta Ads
Ad account list (id, name, currency, status) and daily ad spend per account. Nothing else — see the dedicated section below.
ads_read
You, directly
Your email address, store name, COGS per product, monthly expenses, support correspondence.
in-app

We do not collect: customer phone numbers, customer email addresses (beyond what Shopify shares for order display), payment card data, customer addresses beyond city, or any data unrelated to profit calculation.

Meta Ads data & the ads_read permission

This section explains exactly what we do — and don't do — with the Meta Marketing API. We list it separately because Meta requires this transparency, and because we believe you deserve it.

What Meta data we read

When you connect your Meta account to CODProfit, you grant the ads_read permission via Facebook Login. We use that permission to call exactly two Meta Marketing API endpoints, on Graph API version v21.0 or later:

  • GET /me/adaccounts — once, when you connect, so you can pick which of your ad accounts to link. We receive the account's id, name, currency, and account_status.
  • GET /act_{id}/insights — on a schedule, with a single field requested: spend. We pull today's preliminary spend every two hours, and finalize yesterday's authoritative spend at 02:00 PKT.

What we do not read

We never request and never have permission to read: campaign creative, ad copy, audiences, custom audiences, lookalikes, pixel events, conversion data, message content, page content, or any user-level information. The ads_read permission is the most narrowly scoped read permission Meta offers for ad performance data, and we use it for exactly that.

What we do not do

We do not have the ads_management permission and we never request it. CODProfit cannot create, edit, pause, duplicate, or delete any campaign, ad set, or ad. We are read-only by design. You can verify this in your Facebook Settings → Business Integrations at any time.

Where Meta data is stored

Daily spend numbers are written to a single ad_spend table in our Supabase Postgres database, one row per merchant per date. Your Meta access token is stored server-side only, in a separate row keyed to your store, and is never exposed to any browser or client-side code. Tokens are long-lived (~60 days) and refreshed when you re-authorize.

Want to revoke access today? You can revoke CODProfit's access from inside Facebook at any time: Facebook Settings → Business Integrations → CODProfit → Remove. You can also click Disconnect Meta in CODProfit Settings, which deletes our copy of the token and all stored ad spend data for your store.

Why we collect it

Every piece of data we collect maps directly to a feature you see in the dashboard. We don't hoard data "just in case".

  • Shopify orders & line items → sales, units, drill-down tables.
  • PostEx delivery status & fees → the difference between revenue Shopify shows you and what actually arrives in your bank account.
  • Meta daily spend → ROAS, POAS (profit on ad spend), and CAC (cost per acquisition).
  • Your COGS & expenses → net profit per period.
  • Your email & store name → account identification, support correspondence, and (where you contact us) replies from our team.

We do not use any platform data for advertising, model training, or analytics about you. Aggregated, fully anonymous metrics (e.g. "the median Pakistani merchant has a 32% return rate") may be used in product marketing — never traceable to any individual store.

Storage & security

All merchant data is stored in Supabase, a managed Postgres service. Specifically:

  • In transit: TLS 1.2+ for every connection between your browser, our app, and our database.
  • At rest: AES-256 encryption on Supabase storage volumes.
  • Row-level security (RLS): every query is filtered by merchant store ID at the database level. There is no path by which one merchant's data can be exposed to another.
  • PostEx and Meta tokens: stored server-side in Postgres, protected by row-level security and at-rest disk encryption. Tokens are read only by our backend at API call time, never sent to any browser, and never exposed in logs.
  • Access controls: only the Supabase service role key (held by our backend) can read token columns. Administrative access is restricted to the founding team.

If we ever suffer a security incident affecting your data, we will notify you within 72 hours of confirming the incident, in compliance with applicable data breach laws.

Sharing & sub-processors

We do not sell, rent, trade, or otherwise share your data with marketing companies, data brokers, or anyone for the purpose of advertising. Period.

We do use a small number of sub-processors — vendors who process data only on our behalf, under contracts that bind them to confidentiality and data protection standards at least as strict as ours:

  • Supabase — managed Postgres database hosting.
  • Railway — application server hosting.
  • Shopify — app distribution, OAuth session storage, and (post-beta) billing.

If we add a new sub-processor (for example, an error-tracking or transactional-email vendor), we'll update this list and notify merchants in-app before the change takes effect.

We may disclose your data only when compelled by valid legal process (court order, lawful subpoena) and only to the minimum extent required. We will notify you of any such request unless legally prohibited from doing so.

How long we keep it

Your data is retained for as long as CODProfit is installed on your Shopify store. This is necessary so historical dashboards (last month, year-on-year comparisons) continue to work.

  • When you uninstall CODProfit from Shopify, we receive an APP_UNINSTALLED webhook and delete your store record — including all orders, ad spend, COGS, expenses, tokens, and computed metrics — within 24 hours.
  • When you click Disconnect Meta in Settings, we delete your Meta access token, ad account ID, and all stored ad spend data for your store within 60 seconds.
  • When you email privacy@codprofit.co requesting deletion, we will fully delete all data within 30 days and email you confirmation.

Server logs (request URL, timestamp, response code) are retained for 30 days for security and debugging, then automatically purged. Logs do not contain platform data, tokens, or customer PII.

Your rights

Regardless of where you live, you have the following rights:

  • Access — request a copy of all data we hold about your store.
  • Correction — ask us to correct inaccurate data.
  • Export — download your data in JSON or CSV format.
  • Deletion — have all data permanently deleted (see next section).
  • Withdraw consent — revoke Meta access from Facebook Settings, or disconnect any integration in our app, at any time and without explanation.
  • Object — object to any specific use of your data.
  • Complain — lodge a complaint with your local data protection authority.

Email privacy@codprofit.co to exercise any of these rights. We will respond within 5 business days and complete the request within 30 days.

Deleting your data

We've built three self-serve ways to delete your data — you should never have to ask permission.

  1. Disconnect Meta only: CODProfit Settings → Disconnect Meta. Removes the Meta token and all ad spend data for your store. Your other CODProfit data stays.
  2. Uninstall the entire app: Shopify Admin → Apps → CODProfit → Uninstall. Triggers a full wipe within 24 hours.
  3. Email request: privacy@codprofit.co. We'll delete everything within 30 days and confirm by email.

Step-by-step instructions are on our Data Deletion Instructions page.

Children's data

CODProfit is a business tool intended for adults operating Shopify stores. The service is not directed at, or intended for use by, anyone under the age of 18. We do not knowingly collect personal data from anyone under 13, in any jurisdiction. If you believe we have inadvertently collected data from a child, email privacy@codprofit.co and we will delete it immediately.

International data transfers

CODProfit is operated from Pakistan. Our infrastructure providers (Supabase, Railway) host data in the United States and European Union. By using CODProfit, you consent to your data being transferred to and processed in these regions. For users in jurisdictions with data localization laws (EU, UK, etc.), we rely on Standard Contractual Clauses with our sub-processors as the lawful basis for transfer.

Changes to this policy

If we make material changes — for example, adding a new sub-processor, changing the data we collect, or changing how we use it — we will:

  • Update the "Last updated" date at the top of this page.
  • Show an in-app banner for at least 14 days before the change takes effect.
  • Where we have your email address on file, notify you by email at least 30 days before the change takes effect.

Your continued use of CODProfit after the effective date of an updated policy constitutes acceptance. If you don't agree, uninstall the app — we'll delete your data within 24 hours, no questions asked.

Contact us

The fastest way to reach us is email. A real person reads every message.

Privacy & data requests
privacy@codprofit.co
General support
support@codprofit.co
Mailing address
CODProfit
Karachi, Sindh, Pakistan
Response time
Within 5 business days