CashTrail — Privacy Policy

Last updated: July 2026

What CashTrail does

CashTrail audits cash-on-delivery (COD) settlements for Shopify merchants by comparing store orders against courier settlement files the merchant uploads.

Data we access

With the merchant's permission (read_orders scope), CashTrail reads order metadata from the Shopify API: order numbers, amounts, payment method names, fulfillment status, and tracking numbers. Orders are read live for each audit and are not stored on our servers.

Data we store

Per shop, we store: app settings (rate cards, tolerances, carrier mappings), audit history summaries (date, file names, flag counts, totals), and detected carrier labels. We do not store customer names, emails, phone numbers, or addresses — CashTrail requests no customer PII.

Uploaded files

Courier settlement files are parsed in memory to produce the audit and are not retained after processing.

Data deletion

When the app is uninstalled, Shopify's shop/redact process triggers deletion of everything we hold for that shop. Merchants can also request deletion at any time via the support email below. We honor all mandatory Shopify privacy webhooks (customers/data_request, customers/redact, shop/redact); as we hold no customer-level data, customer requests are acknowledged with nothing to export or erase.

Third parties & hosting

Data is processed on our hosting provider (Railway) and stored in a managed PostgreSQL database. Depending on hosting region, processing may occur in the EU or the United States under standard contractual safeguards. We do not sell merchant data, and we do not share it with any third party except the infrastructure providers named above.

Data controller

CashTrail is operated from Denmark. For order metadata read via the Shopify API, we act on the merchant's behalf solely to provide the auditing service; for account data (settings, audit history), we act as data controller within the meaning of the EU General Data Protection Regulation (GDPR).

Legal basis (GDPR)

We process data to perform our contract with the merchant (Art. 6(1)(b) GDPR — providing the auditing service the merchant installed) and, for service security and improvement, on the basis of legitimate interest (Art. 6(1)(f) GDPR).

Retention

Shop settings and audit history are retained while the app is installed and are deleted after uninstallation via Shopify's shop/redact process, or earlier on request. Server logs are retained by our hosting provider for a limited operational period.

Your rights (GDPR)

Merchants and individuals may request access, rectification, erasure, restriction of processing, data portability, or object to processing by contacting the email below. You also have the right to lodge a complaint with a supervisory authority — in Denmark, Datatilsynet (www.datatilsynet.dk), or the authority of your own EU member state.

Cookies

CashTrail uses only essential session cookies required for secure login inside the Shopify admin. We use no advertising, analytics, or tracking cookies.

Changes to this policy

We may update this policy as the service evolves; the "Last updated" date above reflects the current version. Material changes will be reflected on this page.

Contact

Questions or deletion requests: explorermind23@gmail.com