Privacy Policy

1. Who we are

Tattva Fulfilment Portal ("the App", "we", "us") is a Shopify application that provides in-store and fulfilment-centre staff with tools to manage customer pickup orders. The App is operated by Dinesh Kashikar ([email protected]).

We act as a data processor on behalf of merchants (Shopify store owners) who are the data controllers for their customers' personal data.

2. What personal data we process

We process the minimum personal data required to operate the fulfilment workflow:

• Customer name — displayed to counter staff to identify a pickup.
• Customer email — stored alongside the order record for reference.
• Order number & line items — product titles, SKUs, quantities.
• Staff email — used for OTP login; not shared with third parties.

We do not collect customer addresses, payment details, phone numbers, or any sensitive personal data.

3. How we use this data

Customer data is used exclusively to:

• Display pickup orders to authorised fulfilment-centre staff.
• Record which orders have been collected (fulfilment status tracking).

We do not use customer personal data for marketing, profiling, analytics, or any purpose beyond fulfilling the pickup workflow. We do not sell, rent, or share customer data with third parties.

4. Legal basis for processing

Processing is carried out under the merchant's instruction and on the legal basis of contract performance — specifically, to fulfil purchase orders placed by the merchant's customers.

5. Data storage & security

Where data is stored

All data is stored in Cloudflare D1 (SQLite), hosted in the APAC region. No data leaves Cloudflare's infrastructure.

Encryption

• In transit: All API traffic is encrypted with TLS 1.3 via Cloudflare Workers (HTTPS enforced; no plaintext path exists).
• At rest: Cloudflare D1 encrypts all stored data at rest using AES-256.
• Backups: Cloudflare manages D1 backups with the same encryption guarantees.

Access controls

• Staff authenticate via OTP sent to their registered email — no passwords are stored.
• Each staff member can only view orders assigned to their specific fulfilment centre (role-based access control enforced at the API level).
• All API requests are authenticated with short-lived signed JWTs (1-hour expiry).

Test vs production data

Development and testing environments use isolated databases and mock credentials. No real customer data is used in testing.

6. Data retention

Customer order data is retained for as long as the merchant's Shopify store is connected to the App. When a merchant uninstalls the App, their order data is deleted from our database within 30 days. Merchants may request immediate deletion by contacting us at [email protected].

7. Access logging & monitoring

Every API request (including access to order data) is logged by Cloudflare Workers with a timestamp, endpoint, HTTP status, and device identifier. Logs are retained for 30 days and are accessible only to the operator.

8. Automated decision-making

The App does not perform automated decision-making or profiling that produces legal or similarly significant effects on customers.

9. Customer rights

Because we act as a data processor, requests from customers to access, correct, or delete their personal data should be directed to the merchant (Shopify store owner), who is the data controller. Merchants may contact us to action such requests at [email protected].

10. Security incident response

In the event of a data breach or security incident involving customer personal data:

• Affected merchants will be notified by email within 72 hours of discovery.
• Compromised access tokens and JWT secrets will be rotated immediately.
• A written incident report will be provided within 7 days.

11. Contact

For any privacy-related questions, data deletion requests, or to report a concern:
[email protected]