Privacy Policy

1. Who We Are

Preventify is a Shopify application developed and operated by GrowZar. We provide a custom Cash-on-Delivery (COD) checkout, fraud prevention, OTP verification, post-purchase upsells, and multi-pixel tracking for Shopify merchants — primarily serving Pakistani and South-Asian ecommerce businesses.

We do not sell customer data. This Privacy Policy explains what we collect, why we collect it, and how we keep it safe.

2. Data We Collect

2.1 Merchant Account Data

When you install Preventify, we collect:

• Store URL, store name, and merchant email from your Shopify account
• Account name and contact details
• Billing information (processed exclusively by Shopify — we never see your card)
• App configuration and theme settings (form layout, fields, upsells, pixels)

2.2 Order & Checkout Data

To power the COD form and risk scoring, Preventify accesses:

• Order IDs, line items, order values, and checkout status
• Customer-entered fields from the Preventify form (name, phone, address, city)
• Order behaviour signals (form abandonment, OTP attempts, IP, device fingerprint)
• Upsell acceptance and post-purchase events

2.3 Customer Data

We process your customers' data (names, phone numbers, delivery addresses) solely on your behalf. You remain the data controller; Preventify acts as a data processor. You are responsible for providing your customers with appropriate notice and lawful basis for collecting their data through the Preventify checkout.

2.4 Usage & Analytics Data

We collect anonymised usage information — feature usage, error logs, performance metrics — to improve the product. This data does not include personally identifiable information.

3. How We Use Your Data

We use collected data to:

• Render the Preventify checkout form on your storefront and process orders into Shopify
• Send OTP messages over WhatsApp / SMS to verify buyers
• Generate anonymised buyer risk scores across the GrowZar merchant network to flag high-risk COD orders before they ship
• Fire Meta, TikTok, Snapchat, and Google pixels you have configured
• Provide analytics and dashboards on conversion, AOV, upsell performance, and RTO
• Provide customer support and respond to your enquiries
• Detect abuse, fraud, and meet compliance obligations

4. Shopify Data Access

Preventify requests only the Shopify API scopes necessary to provide its services — including read/write access to orders, draft orders, customers, products, themes, and shop information. Our use of data received through Shopify APIs adheres to the Shopify API Terms of Service and the Shopify Privacy Policy.

5. WhatsApp & OTP Data

Preventify's OTP feature uses the Official WhatsApp Business API provided by Meta (and SMS as a fallback). Customer phone numbers are used solely to send a one-time verification code at checkout. Message content is processed by Meta in accordance with WhatsApp's Privacy Policy.

You as the merchant must ensure that you have a lawful basis (typically the commercial transaction itself) for sending OTP messages to customers entering checkout on your store.

6. Data Sharing

We do not sell your data, and we do not sell your customers' data. We share data only with:

• Shopify — to write orders, customers, and fulfilments back into your admin
• Meta / WhatsApp — to deliver OTP and notification messages
• Pixel and ad platforms (Meta, TikTok, Snapchat, Google) — only the events you have configured, fired server-side or client-side per your setup
• Cloud infrastructure providers hosting our application (bound by data processing agreements)
• Other GrowZar Suite apps (e.g. Courierify) only when you have explicitly connected them
• Third parties when legally required (court orders, lawful requests)

7. Data Retention

If you uninstall Preventify from your Shopify store, we retain your data for a period of 90 days before permanent deletion, unless legal obligations require longer retention. Earlier deletion is available on request — contact us at hello@growzar.com.

Anonymised, aggregated risk-scoring signals (with no personally identifiable information) may be retained beyond this period to maintain network-wide fraud detection accuracy.

8. Security

We apply technical and organisational measures to protect your data:

• Encryption of API credentials and sensitive data at rest
• HTTPS / TLS encryption for all data in transit
• Role-based access controls and audit logging on internal systems
• Regular security reviews and dependency patching

No method of transmission over the internet is 100% secure. While we work hard to protect your data, we cannot guarantee its absolute security.

9. Your Rights

Depending on your jurisdiction, you may have rights to access, correct, delete, port, or restrict processing of personal data we hold about you. Merchants control their customers' data and are responsible for handling customer requests; Preventify will assist as a data processor where applicable.

To exercise any rights, email us at hello@growzar.com.

10. Cookies

The Preventify checkout running on your customers' storefronts uses only the cookies and storage strictly required for the form to operate (e.g. cart state, OTP session). Our marketing website (preventifyapp.com) may use cookies for analytics and basic functionality — see our Cookie Policy for details.

11. Children's Privacy

Preventify is a business-to-business service intended for adult merchants and their adult customers. We do not knowingly collect personal information from individuals under 18 years of age. If you believe a minor has provided us with personal information, please contact us so we can remove it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date above and, for material changes, notify merchants by email or in-app notice. Continued use of Preventify after the effective date of the updated policy constitutes acceptance of the changes.

13. Contact Us

For privacy questions, data requests, or anything else related to this policy: