ZapCOD logoZapCOD
Privacy Policy
support@zaptechapps.com

Legal Information

Privacy Policy

This Privacy Policy explains how ZapCOD collects, uses, stores, and protects merchant and customer data.

Last updated: May 21, 2026

1. Legal Entity & Contact

Legal entity: DG Zone LLC
Country of registration: United States
Registered address: 30 N Gould St #33766, Sheridan, Wyoming 82801, United States
Website: https://zaptechapps.com
Support email: support@zaptechapps.com

2. Who We Are

ZapCOD is a Shopify application operated by DG Zone LLC and available at https://zaptechapps.com. The app helps Shopify merchants create cash-on-delivery order forms, process COD orders, reduce fraudulent submissions, manage phone verification, and connect optional marketing and analytics services including Meta, TikTok, Google, and Snapchat conversion tracking.

3. Merchant Data We Process

When a merchant installs or uses ZapCOD, we may process store domain, Shopify access tokens, app configuration, billing plan status, product identifiers, order configuration, country settings, shipping settings, form settings, fraud settings, integrations, and app usage events needed to operate the service.

4. Customer And Order Data We Process

ZapCOD may process customer information submitted through merchant COD forms, including name, phone number, email address, shipping address, city, country, product selections, quantity, order value, IP address, user agent, source URL, UTM parameters, fraud flags, and order status. This information is used to create and manage COD orders for the merchant.

5. OTP And Phone Verification

If a merchant enables WhatsApp or phone OTP verification, ZapCOD stores the phone number, verification code status, expiry time, verification status, and usage status. OTP data is used only to verify that a customer controls the phone number submitted with an order and to reduce fake or fraudulent COD orders.

6. Shopify API Data Access

ZapCOD uses Shopify APIs to authenticate merchants, read products, create Shopify COD orders, manage sessions, check billing status, and support app functionality requested by the merchant. ZapCOD requests only the Shopify scopes required to provide the service.

7. Advertising & Analytics Integrations (Meta, TikTok, Google, Snapchat)

When a merchant enables conversion tracking in ZapCOD, the merchant provides configuration such as pixel identifiers and API access tokens for Meta (Facebook) Conversions API, TikTok Events API, Google Analytics 4 Measurement Protocol, Google Ads conversion tracking, and/or Snapchat Conversions API. ZapCOD sends server-side event data (for example Purchase) when a customer completes a cash-on-delivery order through the merchant's ZapCOD form. ZapCOD does not run advertising campaigns on behalf of merchants; merchants manage ads in each platform's own ads manager.

Event payloads may include order value, currency, product identifiers, customer phone or email when submitted on the form, IP address, user agent, and page URL parameters needed for attribution. Personal identifiers such as email and phone number are hashed using SHA-256 before transmission to advertising platforms, in accordance with each platform's requirements (Meta Conversions API, TikTok Events API, Google Ads Enhanced Conversions, Snapchat CAPI). Merchants are responsible for lawful collection, consent, and use of customer data under applicable advertising and privacy laws.

When customers submit a COD order through a merchant's ZapCOD form, conversion events may be sent server-side to advertising platforms enabled by the merchant. ZapCOD itself does not place browser cookies; however, the merchant's storefront theme may use its own pixels and cookies subject to the merchant's own privacy disclosures and consent mechanisms.

Platform-specific ad preference and opt-out resources (managed by each platform, not ZapCOD):

8. Google Ads & Analytics Conversion Data

When merchants enable Google tracking in ZapCOD, we may store Google Analytics 4 Measurement IDs, API secrets, and optional Google Ads conversion identifiers needed to send server-side Purchase events from COD orders. We access:

  • Conversion action / measurement configuration the merchant selects
  • Server-side conversion event payloads (order value, currency, product identifiers)
  • OAuth tokens only when the merchant connects Google for conversion tracking

We use this data only to deliver pixel and conversion tracking features the merchant configured. We do not sell or share this data. Merchants can remove Google settings or disconnect OAuth at any time from ZapCOD, which stops further event delivery.

9. OAuth, API Tokens & Credential Storage

ZapCOD authenticates Shopify merchants through Shopify OAuth and stores Shopify session and access tokens required to operate the app. Optional Google OAuth is used only when a merchant connects Google Sheets with limited Google Drive file access (spreadsheets they create or select); refresh tokens are stored to export orders the merchant chooses to sync.

For Meta, TikTok, Google Analytics 4, Google Ads, and Snapchat, merchants typically paste pixel IDs and server-side API tokens into ZapCOD settings (Pixels & tracking). These credentials are stored in our application database, transmitted over HTTPS, and used only to send events the merchant configured. Merchants may update or remove credentials at any time in the app. ZapCOD does not sell merchant or customer data.

10. Other Third-Party Integrations

ZapCOD may also connect to Shopify, Google Sheets, Meta WhatsApp Cloud API (when enabled by the merchant), and other services when enabled by the merchant. Data shared depends on merchant configuration.

11. Data Retention

ZapCOD retains merchant configuration, order records, analytics events, OTP records, and integration settings while the app is installed and as needed to provide the service, resolve disputes, meet legal obligations, and maintain security. Data may be deleted or anonymized after app uninstall, merchant request, customer request, or Shopify privacy webhook request, subject to lawful retention requirements.

12. Security Measures

ZapCOD uses access controls, Shopify authentication, webhook HMAC verification, secure environment variables, encrypted transport through HTTPS, database access controls, and least-privilege operational practices to protect data. No method of transmission or storage is completely risk-free, but we work to protect merchant and customer data using commercially reasonable measures.

13. Children's Privacy (COPPA)

ZapCOD is not intended for use by children under 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected such data, we will delete it promptly. Parents or guardians who believe their child has provided personal information may contact support@zaptechapps.com.

14. International Data Transfers

Data processed by ZapCOD may be transferred to and stored in countries outside the European Economic Area (EEA), United Kingdom, or your country of residence. Where required by law, we rely on Standard Contractual Clauses (SCCs) or equivalent safeguards to protect personal data during international transfers.

15. Your GDPR Rights

If you are in the European Economic Area or United Kingdom, you have the right to:

  • Access the personal data we process about you
  • Request correction of inaccurate data
  • Request deletion of your data (right to erasure)
  • Restrict or object to processing
  • Receive a portable copy of your data
  • Withdraw consent at any time, where consent is the basis
  • Lodge a complaint with your local data protection supervisory authority

To exercise these rights, email support@zaptechapps.com.

16. California Privacy Rights (CCPA / CPRA)

If you are a California resident, you have the right to:

  • Know what personal information we collect, use, and share
  • Request deletion of your personal information
  • Opt out of the sale or sharing of your personal information
  • Non-discrimination for exercising your rights

ZapCOD does not sell personal information. We do not share personal information for cross-context behavioral advertising outside the configurations merchants enable on their own stores. To exercise California rights, email support@zaptechapps.com.

17. Shopify Privacy Webhooks

ZapCOD supports Shopify mandatory privacy webhooks for customer data requests, customer redaction, and shop redaction. Merchants and customers may contact us at support@zaptechapps.com for privacy requests related to data processed by ZapCOD. See also our Data Deletion Policy.

18. Updates to This Policy

We may update this Privacy Policy from time to time. Material changes will be reflected by updating the "Last updated" date at the top. Continued use of ZapCOD after changes are posted constitutes acceptance.

19. Contact

Website: https://zaptechapps.com

Support & privacy: support@zaptechapps.com