- We collect order data from Shopify, delivery data from PostEx, and daily ad spend from Meta — only what's needed to compute your real net profit.
- Data lives in Supabase Postgres with row-level security per merchant. Encrypted in transit (TLS 1.2+) and at rest (AES-256).
- We never sell, rent, or share your data with marketing third parties or data brokers. Ever.
- You can disconnect Meta, uninstall the app, or email us to delete everything — full wipe within 24 hours of uninstall.
Who we are
CODProfit is a profit analytics dashboard built for Pakistani Shopify merchants who ship cash-on-delivery via PostEx. This privacy policy applies to the website at codprofit.co, the embedded Shopify app, and all related services we operate (collectively, "CODProfit", "we", "us", or "our").
CODProfit is operated by Superior Linen Limited, a company registered in England & Wales (Company No. 13594763). Our product team is based in Karachi, Pakistan. If you have any questions about this policy or our practices, write to privacy@codprofit.co — a real human will reply within five business days.
What we collect
We collect data from four sources, and only data we need to do our job: compute your real net profit. Nothing more.
We do not collect: payment card data, customer addresses beyond city, or any data unrelated to profit calculation. When Ad Tracking is enabled, customer email and phone are hashed (SHA-256) before transmission to Meta — never stored or transmitted in plaintext to any third party.
Meta Ads data & the permissions we request
This section explains exactly what we do — and don't do — with Meta's APIs. We list it in detail because Meta requires this transparency, and because you deserve it. CODProfit has two independent integrations with Meta: Ads spend reporting (always-on) and Ad Tracking (opt-in, off by default). They use different permissions and data flows.
1. Ads spend reporting — ads_read
When you connect Meta in CODProfit Settings or onboarding, you grant the ads_read permission via Facebook Login. We use it to call exactly two Meta Marketing API endpoints:
- GET /me/adaccounts — once, when you connect, so you can pick which ad account to link. We receive id, name, currency, and account_status.
- GET /act_{id}/insights — on a schedule, with a single field requested: spend. Today's preliminary spend every two hours; yesterday's authoritative spend at 02:00 PKT.
We never read campaign creative, ad copy, audiences, custom audiences, lookalikes, message content, page content, or any user-level data through this permission.
2. Ad Tracking — business_management
Ad Tracking is a separate, opt-in feature that helps you recover conversion signal lost to ad blockers and iOS 14+. To enable it, you connect a second time through a dedicated “Pixel Tracking” flow that uses Facebook Login for Business. This issues a Business Integration System User token scoped to a single Pixel/Dataset that you choose.
We use this permission only to write events to Meta's Conversions API on your behalf. Specifically:
- GET /{business}/owned_pixels — once, when you connect, so you can list and pick which Pixel to use.
- POST /{dataset}/events — whenever a customer adds-to-cart, initiates checkout, completes a purchase, or refunds. We send a Conversions API event with the order data and hashed customer identifiers.
What this means in practice: CODProfit cannot create, edit, pause, duplicate, or delete any campaign, ad set, or ad — we do not request the ads_management permission and we never call those endpoints. The business_management permission is required so the Pixel/Dataset you select (which lives in your Business Manager, not ours) can be discovered and accessed by our token. The Conversions API POST /{dataset}/events call itself is enabled by your existing ads_read grant, per Meta's permission reference.
Customer data sent to Meta when Ad Tracking is enabled
For each Conversions API event we send, we include the following identifiers, taken from the corresponding Shopify order or storefront session:
- Hashed (SHA-256) before transmission: customer email, phone number, first name, last name, city, state, zip, country, and Shopify customer id.
- Sent unhashed per Meta's spec: customer IP address, browser user agent, Meta's own first-party cookies (_fbp, _fbc), and a deduplication event id.
We never transmit raw email or phone numbers in plaintext. Hashes are computed using Meta's required normalization rules and cannot be reversed to recover the original value.
Where Meta data is stored on our servers
- Daily ad spend → ad_spend table in our Supabase Postgres database, one row per merchant per date.
- Meta access tokens (both the ads_read user token and the Ad Tracking system-user token) → encrypted at rest with AES-256-GCM in our database, server-side only. Never exposed to any browser or client-side code.
- Conversions API delivery log (Ad Tracking only) → a rolling 500-event tail per shop showing what was sent and whether Meta accepted it. Used for debugging in your dashboard. Customer identifiers are not stored in the delivery log — only event names, timestamps, and Meta's trace ids.
- We do not mirror per-event customer data to our database. Identifiers come straight from the Shopify order webhook, are hashed in memory, and posted to Meta — not retained.
Why we collect it
Every piece of data we collect maps directly to a feature you see in the dashboard. We don't hoard data "just in case".
- Shopify orders & line items → sales, units, drill-down tables.
- PostEx delivery status & fees → the difference between revenue Shopify shows you and what actually arrives in your bank account.
- Meta daily spend → ROAS, POAS (profit on ad spend), and CAC (cost per acquisition).
- Your COGS & expenses → net profit per period.
- Your email & store name → account identification, support correspondence, and (where you contact us) replies from our team.
We do not use any platform data for advertising, model training, or analytics about you. Aggregated, fully anonymous metrics (e.g. "the median Pakistani merchant has a 32% return rate") may be used in product marketing — never traceable to any individual store.
Storage & security
All merchant data is stored in Supabase, a managed Postgres service. Specifically:
- In transit: TLS 1.2+ for every connection between your browser, our app, and our database.
- At rest: AES-256 encryption on Supabase storage volumes.
- Row-level security (RLS): every query is filtered by merchant store ID at the database level. There is no path by which one merchant's data can be exposed to another.
- PostEx and Meta tokens: stored server-side in Postgres, protected by row-level security and at-rest disk encryption. Tokens are read only by our backend at API call time, never sent to any browser, and never exposed in logs.
- Access controls: only the Supabase service role key (held by our backend) can read token columns. Administrative access is restricted to the founding team.
If we ever suffer a security incident affecting your data, we will notify you within 72 hours of confirming the incident, in compliance with applicable data breach laws.
How long we keep it
Your data is retained for as long as CODProfit is installed on your Shopify store. This is necessary so historical dashboards (last month, year-on-year comparisons) continue to work.
- When you uninstall CODProfit from Shopify, we receive an APP_UNINSTALLED webhook and delete your store record — including all orders, ad spend, COGS, expenses, tokens, and computed metrics — within 24 hours.
- When you click Disconnect Meta in Settings, we delete your Meta access token, ad account ID, and connection metadata within 60 seconds.
- When you email privacy@codprofit.co requesting deletion, we will fully delete all data within 30 days and email you confirmation.
Server logs (request URL, timestamp, response code) are retained for 30 days for security and debugging, then automatically purged. Logs do not contain platform data, tokens, or customer PII.
Your rights
Regardless of where you live, you have the following rights:
- Access — request a copy of all data we hold about your store.
- Correction — ask us to correct inaccurate data.
- Export — download your data in JSON or CSV format.
- Deletion — have all data permanently deleted (see next section).
- Withdraw consent — revoke Meta access from Facebook Settings, or disconnect any integration in our app, at any time and without explanation.
- Object — object to any specific use of your data.
- Complain — lodge a complaint with your local data protection authority.
Email privacy@codprofit.co to exercise any of these rights. We will respond within 5 business days and complete the request within 30 days.
Deleting your data
We've built three self-serve ways to delete your data — you should never have to ask permission.
- Disconnect Meta only: CODProfit Settings → Disconnect Meta. Removes the Meta token and all ad spend data for your store. Your other CODProfit data stays.
- Uninstall the entire app: Shopify Admin → Apps → CODProfit → Uninstall. Triggers a full wipe within 24 hours.
- Email request: privacy@codprofit.co. We'll delete everything within 30 days and confirm by email.
Step-by-step instructions are on our Data Deletion Instructions page.
Children's data
CODProfit is a business tool intended for adults operating Shopify stores. The service is not directed at, or intended for use by, anyone under the age of 18. We do not knowingly collect personal data from anyone under 13, in any jurisdiction. If you believe we have inadvertently collected data from a child, email privacy@codprofit.co and we will delete it immediately.
International data transfers
CODProfit is operated by Superior Linen Limited, a UK-registered company with a product team based in Pakistan. Our infrastructure providers (Supabase, Railway) host data in the United States and European Union. By using CODProfit, you consent to your data being transferred to and processed in the UK, US, EU, and Pakistan. For users in jurisdictions with data localization laws (EU, UK, etc.), we rely on Standard Contractual Clauses with our sub-processors as the lawful basis for transfer.
Changes to this policy
If we make material changes — for example, adding a new sub-processor, changing the data we collect, or changing how we use it — we will:
- Update the "Last updated" date at the top of this page.
- Show an in-app banner for at least 14 days before the change takes effect.
- Where we have your email address on file, notify you by email at least 30 days before the change takes effect.
Your continued use of CODProfit after the effective date of an updated policy constitutes acceptance. If you don't agree, uninstall the app — we'll delete your data within 24 hours, no questions asked.
Contact us
The fastest way to reach us is email. A real person reads every message.
England & Wales · Co. No. 13594763