Last updated: March 2026
COD Rules ("the App") is built for Shopify merchants to control when Cash on Delivery is offered at checkout. This policy explains what data the App accesses, how it is used, and how it is protected.
The App requests the following Shopify data:
Your COD rules (conditions, actions, and order) are saved as a JSON metafield on your Shopify shop object. This data lives entirely within your Shopify store and is only read by the payment customization function at checkout time. It is not copied to any external database.
The App is hosted on Vercel. App configuration requests (saving your rules) pass through the Vercel deployment to Shopify's API. Vercel does not retain request payloads beyond standard log retention. See Vercel's Privacy Policy for details.
The checkout function runs entirely within Shopify's infrastructure and is governed by Shopify's data handling practices. See Shopify's Privacy Policy for details.
Your rule configuration is stored as a Shopify metafield and is automatically removed when you uninstall the App (via the app/uninstalled webhook). No residual data is retained on our side after uninstallation.
All communication between the App and Shopify uses HTTPS. Admin API requests are authenticated using Shopify session tokens. We do not log or store session tokens.
We may update this policy from time to time. The "Last updated" date at the top of this page reflects the most recent revision. Continued use of the App after changes constitutes acceptance of the revised policy.
If you have questions about this policy or how your data is handled, please reach out via the Shopify App Store listing or open an issue on our support channel.