SOVOR Privacy Policy | Your Data Security & Protection

Privacy Policy

Last Updated: May 6, 2026

At SOVOR, protecting your privacy is as important as the quality of our wellness products and software solutions. Whether you are shopping for wellness products or using our Shopify Applications, we are committed to protecting your personal information.

Note: This policy is divided into two parts:
Part A applies to customers shopping on sovor.store.
Part B applies to merchants using the "Sovor COD" Shopify App.

PART A: FOR SHOPPERS

(For customers purchasing products from sovor.store)

1. Information We Collect

  • Order Information: Name, email, shipping address, and payment confirmation details.
  • Account Information: Login credentials and order history.
  • Usage Data: Anonymized data on how you browse our store to help us improve user experience.

2. How We Use Your Information

We use your data strictly to:

  • Fulfill your orders and ship products.
  • Send order updates and tracking numbers.
  • Provide customer support.

3. Cookies & Tracking (sovor.store)

The sovor.store website may use Shopify's standard analytics to measure store traffic. No cross-site advertising tracking or third-party advertising pixels are used on this store.

PART B: FOR MERCHANTS (APP USERS)

(For users of the "Sovor COD" RTO Guard Shopify App)

1. Information We Collect

If you install the Sovor COD app, we collect:

  • Merchant Info: Store name, URL, email, and phone number.
  • Order Data: Order ID, customer phone number, and order value (strictly for verification purposes).
  • Shipping Data: City, state, and PIN code used for risk scoring and label generation.
  • Usage Data: Verification counts for billing transparency.
  • Configuration Data: WhatsApp API credentials and India Post credentials (stored encrypted at rest).

2. PIN Code Network Intelligence

To power our fraud detection service, we aggregate anonymised cancellation and RTO patterns at the PIN code level across our merchant network. Specifically:

  • No individual customer PII (name, phone, email) is ever stored in this network index.
  • Only aggregate statistics per PIN code (e.g. cancellation rate, order volume) are shared across merchants.
  • Merchants who opt into Network Protection contribute to and benefit from this shared index.
  • You may opt out at any time from Settings → Network Protection.

3. WhatsApp Messaging Disclosure

Our application facilitates automated communication via WhatsApp. By using this service, you acknowledge that:

  • Nature of Messages: When a Cash-on-Delivery (COD) order is placed, our system automatically triggers a WhatsApp message to the end-customer's phone number.
  • Purpose: These messages are strictly transactional (e.g., "Confirm your order" or "Verify address"). They are not marketing communications.
  • Opt-Out: End-customers may opt out of receiving messages at any time by replying "STOP" directly in WhatsApp.
  • Your Responsibility: As a merchant, you are responsible for informing your customers that COD orders may be subject to WhatsApp verification.

4. Data Controller / Processor Relationship

When you install the Sovor COD app, you (the merchant) act as the Data Controller for your customers' personal data. Sovor Technologies acts as the Data Processor, processing end-customer data strictly on your instructions and solely for the purpose of providing the app's services.

As a merchant, you are responsible for:

  • Ensuring your customers are informed that COD orders may be subject to WhatsApp verification.
  • Maintaining a valid legal basis for processing your customers' personal data.
  • Complying with applicable data protection laws in your jurisdiction.

Sovor will never use your customers' data for any purpose beyond delivering the contracted service.

5. AI Copilot & Automated Intelligence

Our application includes an AI-powered assistant ("Sovor AI") designed to provide operational support:

  • Read-Only Access: The AI assistant utilizes specific data points (including Order ID, Risk Score, and Billing Usage) strictly to answer your support queries and provide operational insights.
  • Real-Time Processing: Data is processed in real-time within your specific session and is not used to train public AI models.
  • AI Providers: AI features are powered by Microsoft Azure OpenAI and Groq. Query text is transmitted to these providers solely for generating responses. No customer PII is transmitted to AI providers.

6. Third Party Sub-Processors

To deliver the Sovor COD app, we rely on the following third-party service providers. By using the app, you acknowledge that data may be processed by these providers under their respective privacy policies:

Provider Purpose Data Shared
Shopify App platform & billing Store info, order data via OAuth
Gadget.dev App hosting & infrastructure All app data (Google Cloud, US)
Meta (WhatsApp Business API) Message delivery Customer phone number, order details
India Post API Shipping label generation Customer name, shipping address
Microsoft Azure OpenAI AI-powered features Query text only, no PII
Groq AI-powered features Query text only, no PII

All app data is hosted on Google Cloud infrastructure in the United States. If you are subject to data residency requirements, please contact us before installing.

7. Data Retention & Deletion

  • Order verification logs and chat history are retained for 12 months from the date of creation. After 12 months, data is automatically anonymised or permanently deleted.
  • Customer risk profiles are anonymised after 24 months — only aggregate PIN-level data is retained.
  • On app uninstall, your shop data is deleted within 30 days upon written request.
  • Right to Delete: Merchants may request deletion of all their store data at any time by emailing support@sovor.store with the subject "Data Deletion Request". We will process valid requests within 30 days.
  • Merchants and end-customers can also trigger automated data redaction and access requests directly through their native Shopify Admin panel, which Sovor processes automatically via Shopify's mandatory GDPR webhooks within 30 days.

8. Data Security

  • All data in transit is encrypted via TLS 1.2+.
  • Sensitive credentials (WhatsApp tokens, India Post passwords) are encrypted at rest using AES-256.
  • Access to production data is restricted to authorised personnel only.
  • All significant data access events are logged in an immutable audit trail.
  • We conduct periodic security reviews of our infrastructure and code.

9. Cookies & Tracking (App)

The Sovor COD app embedded within Shopify Admin does not use third-party tracking cookies or advertising pixels. Strictly necessary session cookies may be used to maintain your authenticated state within the Shopify embedded interface. These cookies are essential for the app to function.

10. GDPR, DPDP Act & Your Data Rights

We are committed to compliance with:

  • GDPR (General Data Protection Regulation) — for users in the European Economic Area
  • India's Digital Personal Data Protection Act 2023 (DPDP Act) — for users in India
  • Other applicable local data protection laws

You have the following rights regarding your data:

  • Right to Access — request a copy of data we hold about your store
  • Right to Erasure — request deletion of all your store's data
  • Right to Rectification — request correction of inaccurate data
  • Right to Portability — request your data in a machine-readable format
  • Right to Restrict Processing — request we limit how we use your data
  • Right to Object — object to processing based on legitimate interests

To exercise any right, email support@sovor.store with the subject line "Data Rights Request". We will respond within 30 days.

Data Protection Officer: Arvind, Sovor Technologies — support@sovor.store

Contact Us

If you have questions about this policy, please contact our Privacy Team:

📧 support@sovor.store
📞 +91 72890 27476
🏢 Sovor Technologies, India

© 2026 Sovor Technologies. All rights reserved.